Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/6-ydJeMMctB8c_kcu4H6al3x9lI.roa
File:                     6-ydJeMMctB8c_kcu4H6al3x9lI.roa (raw, json)
Hash identifier:          gkHYAXqWoGGFpT0nUFUwvYsxIUFHF9fDa7NiP95iNN8=
Subject key identifier:   EB:EC:9D:25:E3:0C:72:D0:7C:73:F9:1C:BB:81:FA:6A:5D:F1:F6:52
Certificate issuer:       /CN=c024bdbded6e5d2fe0fb526500b3ff87665b600e
Certificate serial:       0194258F1D08EB74D5E0693E538C9C46F7B0
Authority key identifier: C0:24:BD:BD:ED:6E:5D:2F:E0:FB:52:65:00:B3:FF:87:66:5B:60:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wCS9ve1uXS_g-1JlALP_h2ZbYA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/6-ydJeMMctB8c_kcu4H6al3x9lI.roa
Signing time:             Thu 02 Jan 2025 05:48:43 +0000
ROA not before:           Thu 02 Jan 2025 05:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208818
IP address blocks:        2001:67c:277c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/wCS9ve1uXS_g-1JlALP_h2ZbYA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/wCS9ve1uXS_g-1JlALP_h2ZbYA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wCS9ve1uXS_g-1JlALP_h2ZbYA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:1d:08:eb:74:d5:e0:69:3e:53:8c:9c:46:f7:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c024bdbded6e5d2fe0fb526500b3ff87665b600e
        Validity
            Not Before: Jan  2 05:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebec9d25e30c72d07c73f91cbb81fa6a5df1f652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:87:01:a1:a0:09:0a:14:65:bd:88:12:1a:34:
                    92:c5:08:39:99:ff:b6:32:42:57:62:cb:18:12:64:
                    fa:87:16:ad:5f:c9:ca:d7:44:64:2c:9e:d3:63:f4:
                    03:2d:8f:18:8c:55:3b:a1:1d:c7:dd:3d:07:9e:a7:
                    3c:0e:86:99:75:df:32:de:38:f2:7b:39:e5:a7:dc:
                    94:91:df:51:5e:26:04:03:e8:4b:a5:6b:a9:fa:75:
                    c1:04:14:71:74:80:6b:64:3d:e7:06:06:c3:82:7a:
                    ec:44:b3:3e:f4:30:f2:06:19:02:f3:4e:28:9f:09:
                    57:d5:48:6f:0d:69:e6:dc:d4:e7:28:42:80:af:88:
                    ef:c8:8c:5e:68:dc:49:fc:c4:ab:85:8d:43:19:7c:
                    f8:f4:46:41:7b:4a:f6:df:cc:30:4c:cf:f8:1e:88:
                    30:ff:01:17:34:26:03:02:20:17:5f:b3:56:26:b5:
                    e5:20:73:b7:89:c3:7f:b9:5f:05:b2:fb:e2:62:24:
                    2b:aa:4b:4d:8a:1e:3c:a4:2b:1e:11:4b:d9:ff:2f:
                    6b:d9:f9:94:5f:be:8a:91:6a:e4:18:91:26:77:ba:
                    11:39:8f:5d:a2:7e:e8:02:83:e1:35:54:f1:6b:73:
                    29:b7:0a:99:00:b0:77:7d:9d:9a:8e:f3:a8:59:a2:
                    e1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:EC:9D:25:E3:0C:72:D0:7C:73:F9:1C:BB:81:FA:6A:5D:F1:F6:52
            X509v3 Authority Key Identifier:
                keyid:C0:24:BD:BD:ED:6E:5D:2F:E0:FB:52:65:00:B3:FF:87:66:5B:60:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wCS9ve1uXS_g-1JlALP_h2ZbYA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/6-ydJeMMctB8c_kcu4H6al3x9lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/cc8ffe-36b4-4c80-a907-aeaa9df01a9d/1/wCS9ve1uXS_g-1JlALP_h2ZbYA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:277c::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:b2:51:83:f9:0a:b7:c3:36:0f:8a:5e:59:0b:38:e4:da:e5:
         6f:30:1e:79:be:b1:1f:96:b0:45:60:cb:e6:52:93:84:3c:63:
         18:bc:41:4d:a6:d9:9f:da:4a:5e:e2:14:95:be:d2:5d:d4:4e:
         94:43:5d:f8:e3:b8:0a:9e:3b:35:bd:74:ad:8d:f8:23:68:d9:
         83:7a:ca:b4:07:3f:34:1d:f5:e9:34:2d:04:54:51:c4:34:33:
         be:6f:e5:d5:92:c2:ae:11:96:a1:c5:6b:ff:a1:60:b6:1f:6c:
         c7:45:71:bd:51:11:be:df:63:86:c9:f3:1b:d3:3a:53:6c:13:
         fb:24:22:d1:03:da:69:4d:c9:c3:e8:c9:04:88:ab:cb:35:e4:
         01:81:00:0c:3d:5e:7f:e0:08:5c:42:71:7a:73:7a:b4:32:fb:
         bb:d3:0d:c4:b9:ef:02:4e:64:f1:f4:ec:a9:75:8d:30:35:90:
         8a:dc:f2:8a:5a:6a:d9:74:8d:ae:d1:36:8f:7d:16:15:46:06:
         2c:44:90:9d:0a:3d:12:36:d2:3d:ad:61:4f:d1:1e:ff:bb:e0:
         bb:e6:a7:84:c7:ca:6d:0c:f3:98:e8:ec:68:05:63:6d:a0:26:
         2a:03:10:52:7b:29:24:30:61:f2:02:d4:5a:d4:bb:e5:f5:21:
         73:97:aa:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljx0I63TV4Gk+U4ycRvewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMjRiZGJkZWQ2ZTVkMmZlMGZiNTI2NTAwYjNmZjg3NjY1
YjYwMGUwHhcNMjUwMTAyMDU0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmVjOWQyNWUzMGM3MmQwN2M3M2Y5MWNiYjgxZmE2YTVkZjFmNjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IcBoaAJChRlvYgSGjSSxQg5mf+2
MkJXYssYEmT6hxatX8nK10RkLJ7TY/QDLY8YjFU7oR3H3T0Hnqc8DoaZdd8y3jjy
eznlp9yUkd9RXiYEA+hLpWup+nXBBBRxdIBrZD3nBgbDgnrsRLM+9DDyBhkC804o
nwlX1UhvDWnm3NTnKEKAr4jvyIxeaNxJ/MSrhY1DGXz49EZBe0r238wwTM/4Hogw
/wEXNCYDAiAXX7NWJrXlIHO3icN/uV8FsvviYiQrqktNih48pCseEUvZ/y9r2fmU
X76KkWrkGJEmd7oROY9don7oAoPhNVTxa3MptwqZALB3fZ2ajvOoWaLh1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOvsnSXjDHLQfHP5HLuB+mpd8fZSMB8GA1UdIwQY
MBaAFMAkvb3tbl0v4PtSZQCz/4dmW2AOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0NTOXZlMXVYU19nLTFKbEFMUF9oMlpiWUE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9jYzhmZmUtMzZiNC00YzgwLWE5MDct
YWVhYTlkZjAxYTlkLzEvNi15ZEplTU1jdEI4Y19rY3U0SDZhbDN4OWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9jYzhmZmUtMzZiNC00YzgwLWE5MDctYWVhYTlkZjAxYTlk
LzEvd0NTOXZlMXVYU19nLTFKbEFMUF9oMlpiWUE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCd8
MA0GCSqGSIb3DQEBCwUAA4IBAQCMslGD+Qq3wzYPil5ZCzjk2uVvMB55vrEflrBF
YMvmUpOEPGMYvEFNptmf2kpe4hSVvtJd1E6UQ13447gKnjs1vXStjfgjaNmDesq0
Bz80HfXpNC0EVFHENDO+b+XVksKuEZahxWv/oWC2H2zHRXG9URG+32OGyfMb0zpT
bBP7JCLRA9ppTcnD6MkEiKvLNeQBgQAMPV5/4AhcQnF6c3q0Mvu70w3Eue8CTmTx
9OypdY0wNZCK3PKKWmrZdI2u0TaPfRYVRgYsRJCdCj0SNtI9rWFP0R7/u+C75qeE
x8ptDPOY6OxoBWNtoCYqAxBSeykkMGHyAtRa1Lvl9SFzl6oz
-----END CERTIFICATE-----