Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/76g-Yh9Ferd3lB3kSC_pOEFVc_w.roa
File:                     76g-Yh9Ferd3lB3kSC_pOEFVc_w.roa (raw, json)
Hash identifier:          mtYP23ZyiF5FjXJ0wDyag4TWISBNCmqIokoqkgwM24I=
Subject key identifier:   EF:A8:3E:62:1F:45:7A:B7:77:94:1D:E4:48:2F:E9:38:41:55:73:FC
Certificate issuer:       /CN=1da97cae7de6b29e56f0259af53c95926034a502
Certificate serial:       019424B3FC5EF27D3C99FCA1224D59ED3E42
Authority key identifier: 1D:A9:7C:AE:7D:E6:B2:9E:56:F0:25:9A:F5:3C:95:92:60:34:A5:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/76g-Yh9Ferd3lB3kSC_pOEFVc_w.roa
Signing time:             Thu 02 Jan 2025 01:49:22 +0000
ROA not before:           Thu 02 Jan 2025 01:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44394
IP address blocks:        2a03:8600:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/Hal8rn3msp5W8CWa9TyVkmA0pQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/Hal8rn3msp5W8CWa9TyVkmA0pQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:fc:5e:f2:7d:3c:99:fc:a1:22:4d:59:ed:3e:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1da97cae7de6b29e56f0259af53c95926034a502
        Validity
            Not Before: Jan  2 01:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efa83e621f457ab777941de4482fe938415573fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:5f:77:2f:55:05:3c:71:aa:54:a5:0d:b6:68:
                    45:57:76:4d:81:3e:35:38:0b:43:7c:88:66:59:6f:
                    d3:2b:ef:1f:92:62:23:c7:15:3a:6f:65:eb:bc:1d:
                    61:69:c8:68:4c:23:40:79:10:16:da:cd:3b:ac:01:
                    94:f7:40:dd:79:9d:1e:2e:4e:e5:7b:8c:b1:99:15:
                    dc:17:b3:7b:cb:e1:e8:c3:a7:fb:2e:eb:52:48:a5:
                    83:a0:3e:59:1d:22:f5:de:f5:bf:cb:92:26:4f:a2:
                    cf:11:0f:92:2b:0b:9b:d5:d4:8e:c5:a9:b7:9c:b4:
                    12:9e:46:3d:92:01:18:59:5a:fd:3f:fe:39:2b:48:
                    4a:5c:a6:ad:43:6d:f2:72:d5:b4:5b:89:f0:a1:55:
                    32:1f:44:24:95:87:e0:89:bc:1a:89:60:40:e5:8d:
                    34:77:57:37:22:14:52:a1:37:75:4e:9c:9b:6e:89:
                    d6:76:82:7b:22:81:8b:ee:54:f7:38:e6:d4:61:7e:
                    00:5a:a7:32:1d:e4:8e:b3:f4:20:58:4f:ce:81:5a:
                    db:e7:95:44:56:d3:1a:5f:3e:e8:2f:70:d1:23:57:
                    be:fd:ca:66:e9:04:df:97:5c:75:ce:08:6f:aa:97:
                    b1:8d:d1:bf:0f:75:c4:2f:a2:ec:27:7a:f9:2f:a3:
                    56:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:A8:3E:62:1F:45:7A:B7:77:94:1D:E4:48:2F:E9:38:41:55:73:FC
            X509v3 Authority Key Identifier:
                keyid:1D:A9:7C:AE:7D:E6:B2:9E:56:F0:25:9A:F5:3C:95:92:60:34:A5:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hal8rn3msp5W8CWa9TyVkmA0pQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/76g-Yh9Ferd3lB3kSC_pOEFVc_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/85b673-f1ad-43e2-bfe7-0cd7236b29b6/1/Hal8rn3msp5W8CWa9TyVkmA0pQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:8600:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:d2:ef:50:3f:e8:e4:44:38:fd:12:d3:b4:3e:46:c9:d1:bc:
         e8:44:fe:ea:43:93:67:fa:c1:b0:90:b7:40:a5:a8:b3:40:7d:
         fb:e1:1e:e4:66:2d:e9:14:0a:cf:f7:c8:ef:9c:b4:bc:bc:66:
         54:29:0c:15:25:6f:12:c4:6b:3c:a5:1b:39:de:02:80:0a:64:
         75:32:6e:04:b2:5d:0f:79:98:10:60:56:d9:60:dd:af:69:c6:
         e5:05:c4:62:12:f8:7a:8a:dd:b0:6e:79:f5:cf:28:1e:84:6a:
         f9:b8:2a:99:f8:c3:c2:6a:60:02:c1:ad:4f:6a:aa:32:1c:87:
         71:75:d2:11:42:3a:4a:65:8a:8c:d6:63:9f:3c:28:13:e3:5e:
         50:55:c7:ac:78:e3:8c:23:a3:89:a4:ad:54:89:93:fb:a5:56:
         5e:97:38:87:6e:c0:5e:0a:5d:95:60:f7:26:ea:c7:85:cf:9e:
         4a:ed:13:86:36:67:b0:c7:db:b8:d4:87:83:88:b9:1c:21:12:
         3e:bd:d4:96:d5:29:7c:48:7c:a8:ef:5c:95:5a:91:8e:19:d4:
         79:b0:f3:89:16:60:ec:d0:2b:8c:5a:f9:e7:69:40:ec:81:e6:
         ff:8e:24:1d:2d:b4:49:00:64:97:ac:39:b1:5c:20:c6:85:77:
         e8:68:b2:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks/xe8n08mfyhIk1Z7T5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYTk3Y2FlN2RlNmIyOWU1NmYwMjU5YWY1M2M5NTkyNjAz
NGE1MDIwHhcNMjUwMTAyMDE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmE4M2U2MjFmNDU3YWI3Nzc5NDFkZTQ0ODJmZTkzODQxNTU3M2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4F93L1UFPHGqVKUNtmhFV3ZNgT41
OAtDfIhmWW/TK+8fkmIjxxU6b2XrvB1hachoTCNAeRAW2s07rAGU90DdeZ0eLk7l
e4yxmRXcF7N7y+How6f7LutSSKWDoD5ZHSL13vW/y5ImT6LPEQ+SKwub1dSOxam3
nLQSnkY9kgEYWVr9P/45K0hKXKatQ23yctW0W4nwoVUyH0QklYfgibwaiWBA5Y00
d1c3IhRSoTd1TpybbonWdoJ7IoGL7lT3OObUYX4AWqcyHeSOs/QgWE/OgVrb55VE
VtMaXz7oL3DRI1e+/cpm6QTfl1x1zghvqpexjdG/D3XEL6LsJ3r5L6NWnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO+oPmIfRXq3d5Qd5Egv6ThBVXP8MB8GA1UdIwQY
MBaAFB2pfK595rKeVvAlmvU8lZJgNKUCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGFsOHJuM21zcDVXOENXYTlUeVZrbUEwcFFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC84NWI2NzMtZjFhZC00M2UyLWJmZTct
MGNkNzIzNmIyOWI2LzEvNzZnLVloOUZlcmQzbEIza1NDX3BPRUZWY193LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC84NWI2NzMtZjFhZC00M2UyLWJmZTctMGNkNzIzNmIyOWI2
LzEvSGFsOHJuM21zcDVXOENXYTlUeVZrbUEwcFFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgOGAAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBp0u9QP+jkRDj9EtO0PkbJ0bzoRP7qQ5Nn+sGw
kLdApaizQH374R7kZi3pFArP98jvnLS8vGZUKQwVJW8SxGs8pRs53gKACmR1Mm4E
sl0PeZgQYFbZYN2vacblBcRiEvh6it2wbnn1zygehGr5uCqZ+MPCamACwa1Paqoy
HIdxddIRQjpKZYqM1mOfPCgT415QVceseOOMI6OJpK1UiZP7pVZelziHbsBeCl2V
YPcm6seFz55K7ROGNmewx9u41IeDiLkcIRI+vdSW1Sl8SHyo71yVWpGOGdR5sPOJ
FmDs0CuMWvnnaUDsgeb/jiQdLbRJAGSXrDmxXCDGhXfoaLKU
-----END CERTIFICATE-----