Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/l6T3jSpnaD_sg8aDTSBjTmwS5_0.roa
File:                     l6T3jSpnaD_sg8aDTSBjTmwS5_0.roa (raw, json)
Hash identifier:          gcjyjJ01qMvea87vh5hpUowX2Ip9Q4rirlX8Sn6KHgo=
Subject key identifier:   97:A4:F7:8D:2A:67:68:3F:EC:83:C6:83:4D:20:63:4E:6C:12:E7:FD
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCB2B607EFFEF79E498CA1FE4C99D5
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/l6T3jSpnaD_sg8aDTSBjTmwS5_0.roa
Signing time:             Thu 02 Jan 2025 07:48:25 +0000
ROA not before:           Thu 02 Jan 2025 07:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198430
IP address blocks:        2001:1a68:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b2:b6:07:ef:fe:f7:9e:49:8c:a1:fe:4c:99:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97a4f78d2a67683fec83c6834d20634e6c12e7fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e6:33:15:f7:08:df:37:bf:51:ad:bd:e4:5c:
                    d8:48:88:3f:3f:4e:44:7a:ae:5d:0c:0f:fd:06:87:
                    23:70:2d:8f:f0:88:b8:74:ee:2d:67:09:9e:86:7c:
                    29:31:be:02:7b:36:17:fa:10:4e:0e:71:f0:14:74:
                    a6:98:53:99:02:e7:01:da:d4:8d:e7:81:75:03:a7:
                    91:d1:b3:6e:69:c7:90:ed:9b:9a:20:1b:1d:02:1d:
                    85:53:fa:6d:53:7a:2e:7f:dc:8c:69:5a:6b:4c:d3:
                    f3:b8:1c:43:37:d9:83:ee:73:73:6a:16:34:26:d0:
                    bb:eb:e0:11:9c:04:58:d8:c8:18:19:31:b4:61:40:
                    ac:9a:24:7e:ef:c9:34:76:42:a7:fe:79:66:a1:55:
                    66:e4:1b:64:64:ba:0a:fb:b0:61:2c:c4:68:28:ae:
                    84:84:ec:4b:f8:b7:96:14:0f:e8:6f:68:be:7d:c2:
                    54:08:02:44:63:52:26:fc:a6:50:40:13:af:b7:83:
                    c8:94:d5:e7:9b:e5:8c:22:3c:ef:f0:17:b4:a0:9d:
                    5a:cc:ab:86:8e:d1:b6:27:82:93:9f:f5:d7:35:bd:
                    bb:3c:19:35:7e:2d:86:50:74:38:bd:3a:80:56:29:
                    3c:40:18:dd:2e:03:5d:4f:7e:57:c8:3f:9a:71:7e:
                    5a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:A4:F7:8D:2A:67:68:3F:EC:83:C6:83:4D:20:63:4E:6C:12:E7:FD
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/l6T3jSpnaD_sg8aDTSBjTmwS5_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1a68:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:ed:f6:95:fe:f2:7c:f7:75:c0:70:da:9d:84:a8:10:fc:b4:
         ff:8e:06:69:fc:68:05:ed:55:78:b9:8a:45:19:fd:94:57:c7:
         83:e9:38:1b:15:0f:1f:83:7d:3f:95:fb:60:f5:35:a7:75:8a:
         ce:aa:fb:35:65:49:48:f0:d3:27:4b:b4:8e:de:e0:c3:6f:2a:
         50:12:cc:3c:6c:a0:3e:7f:b2:5e:76:f6:d9:9d:eb:68:0a:fa:
         ac:8e:3a:d0:89:4b:6b:87:52:81:23:13:2f:55:3e:41:24:5e:
         77:e0:c5:4b:03:bb:49:88:52:cf:93:59:61:04:d6:78:3f:89:
         e4:eb:ba:57:de:16:a5:ea:91:06:72:9d:14:d0:5a:c2:51:35:
         54:8a:d8:93:35:d5:8a:2a:35:fc:49:5b:8b:be:e4:3d:6d:eb:
         d0:c9:15:23:a8:3d:a1:01:57:3a:59:b3:3c:36:38:e1:c4:8c:
         63:b6:c8:ed:f1:78:35:c6:f6:95:67:6a:b9:41:e3:61:6f:26:
         99:30:fd:58:49:8a:ad:e4:76:89:03:44:bd:dc:02:a9:be:c0:
         8e:e7:85:ff:09:02:a0:fd:eb:4f:25:aa:65:4f:c7:69:81:e7:
         f9:1b:d6:a2:1f:d7:d1:79:4f:9e:b7:6b:c3:6b:4a:83:99:bd:
         c6:3c:64:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/LK2B+/+955JjKH+TJnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2E0Zjc4ZDJhNjc2ODNmZWM4M2M2ODM0ZDIwNjM0ZTZjMTJlN2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOYzFfcI3ze/Ua295FzYSIg/P05E
eq5dDA/9BocjcC2P8Ii4dO4tZwmehnwpMb4CezYX+hBODnHwFHSmmFOZAucB2tSN
54F1A6eR0bNuaceQ7ZuaIBsdAh2FU/ptU3ouf9yMaVprTNPzuBxDN9mD7nNzahY0
JtC76+ARnARY2MgYGTG0YUCsmiR+78k0dkKn/nlmoVVm5BtkZLoK+7BhLMRoKK6E
hOxL+LeWFA/ob2i+fcJUCAJEY1Im/KZQQBOvt4PIlNXnm+WMIjzv8Be0oJ1azKuG
jtG2J4KTn/XXNb27PBk1fi2GUHQ4vTqAVik8QBjdLgNdT35XyD+acX5aAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJek940qZ2g/7IPGg00gY05sEuf9MB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvbDZUM2pTcG5hRF9zZzhhRFRTQmpUbXdTNV8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEaaAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBl7faV/vJ893XAcNqdhKgQ/LT/jgZp/GgF7VV4
uYpFGf2UV8eD6TgbFQ8fg30/lftg9TWndYrOqvs1ZUlI8NMnS7SO3uDDbypQEsw8
bKA+f7JedvbZnetoCvqsjjrQiUtrh1KBIxMvVT5BJF534MVLA7tJiFLPk1lhBNZ4
P4nk67pX3hal6pEGcp0U0FrCUTVUitiTNdWKKjX8SVuLvuQ9bevQyRUjqD2hAVc6
WbM8NjjhxIxjtsjt8Xg1xvaVZ2q5QeNhbyaZMP1YSYqt5HaJA0S93AKpvsCO54X/
CQKg/etPJaplT8dpgef5G9aiH9fReU+et2vDa0qDmb3GPGSK
-----END CERTIFICATE-----