Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/6uPmSDff0EByzvtRkRIDzvcq-WU.roa
File:                     6uPmSDff0EByzvtRkRIDzvcq-WU.roa (raw, json)
Hash identifier:          zK2w8TbS49/+wZDp3eKjJMQhyK44gX7SwMqwg25dCxg=
Subject key identifier:   EA:E3:E6:48:37:DF:D0:40:72:CE:FB:51:91:12:03:CE:F7:2A:F9:65
Certificate issuer:       /CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
Certificate serial:       01941F8C043675442FE673657A70E8600951
Authority key identifier: 9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/6uPmSDff0EByzvtRkRIDzvcq-WU.roa
Signing time:             Wed 01 Jan 2025 01:47:37 +0000
ROA not before:           Wed 01 Jan 2025 01:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6204
IP address blocks:        103.246.249.0/24 maxlen: 24
                          2a12:3200:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:04:36:75:44:2f:e6:73:65:7a:70:e8:60:09:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb50e5386c809a0fae6530aa5e8d9825251ded0
        Validity
            Not Before: Jan  1 01:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eae3e64837dfd04072cefb51911203cef72af965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7b:f3:39:2d:8d:08:11:ae:65:7e:cd:24:5a:
                    68:65:a6:54:1c:3e:3b:c9:23:3e:13:7c:22:6e:78:
                    49:f6:f4:83:fc:bc:35:9e:e7:c0:4b:bb:1f:da:81:
                    28:e5:c2:86:82:7d:0a:90:7d:71:2d:ce:6d:c7:01:
                    44:61:fd:5e:60:e4:b9:2b:e9:a1:87:33:f2:7b:1d:
                    a0:e6:ac:fe:36:38:20:d0:d5:a1:65:84:8f:eb:9c:
                    fc:9f:9c:67:2e:95:8c:97:0e:2e:45:f0:95:9f:16:
                    30:6f:4a:ac:de:39:b3:34:4e:8d:2d:4b:70:79:1a:
                    4a:26:53:08:f9:ec:ed:5c:e4:52:0d:40:92:51:2a:
                    70:82:67:37:5d:69:2c:9e:26:5f:47:bd:2c:f9:12:
                    c8:9d:40:f1:ad:a9:b6:5e:d4:b8:6c:03:b4:c6:5f:
                    76:81:79:72:f2:23:2c:06:88:14:bc:e2:9e:3a:24:
                    fa:2e:c3:23:4d:c7:f3:6e:c7:4f:b3:ef:a2:ac:39:
                    60:62:2f:dd:11:88:3e:0e:a5:88:ad:f4:87:58:d3:
                    21:0f:1b:18:c8:58:f4:19:ac:72:4e:68:a9:aa:cc:
                    f3:7a:fc:f0:25:68:c9:66:33:c1:22:86:43:54:02:
                    f3:c6:e2:17:f5:84:0a:a7:01:4d:7b:6b:df:d1:3e:
                    d2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:E3:E6:48:37:DF:D0:40:72:CE:FB:51:91:12:03:CE:F7:2A:F9:65
            X509v3 Authority Key Identifier:
                keyid:9E:B5:0E:53:86:C8:09:A0:FA:E6:53:0A:A5:E8:D9:82:52:51:DE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrUOU4bICaD65lMKpejZglJR3tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/6uPmSDff0EByzvtRkRIDzvcq-WU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b54641-a95a-4add-a45e-1cada6e8b1a9/1/nrUOU4bICaD65lMKpejZglJR3tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.246.249.0/24
                IPv6:
                  2a12:3200:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         e0:24:3d:79:b4:bb:98:77:f7:03:53:88:b6:0a:45:e4:81:27:
         a0:4b:34:d5:ed:4d:24:49:83:b5:f8:2e:86:eb:b7:e0:25:d0:
         ac:7a:70:f2:b2:91:0c:2d:c5:a3:9d:03:c0:f8:e3:20:ec:0a:
         31:c5:07:a8:ef:b6:c2:6b:9a:b5:35:39:cc:42:f4:9e:7d:b1:
         3a:64:27:5a:09:54:50:d4:b4:c6:0d:86:1a:31:de:f5:5d:01:
         55:e8:da:dc:7e:c2:55:d6:c4:f8:1a:24:f2:5b:07:db:6c:cd:
         e5:57:87:d0:0d:90:dc:db:86:ba:c1:75:7a:83:ea:a8:8e:c6:
         4b:f8:6a:4f:15:4b:ac:28:c5:77:cb:2e:02:c4:4d:3d:de:af:
         a3:d6:bf:5c:87:d8:8a:64:ae:2d:f4:8d:e6:be:0f:02:a9:a6:
         46:f5:12:67:e9:24:85:c7:09:03:96:5b:8f:c3:5d:26:dd:f6:
         c1:ff:05:db:69:52:07:20:19:7f:cf:51:f0:c6:a9:9e:85:d9:
         8c:40:4e:ed:1f:a3:e8:4c:c2:53:0b:87:ed:a2:54:45:64:96:
         b9:71:f4:d0:9f:65:06:a8:0b:6e:71:f7:68:79:33:e1:cb:15:
         73:ea:2a:56:32:ab:94:a3:70:c2:c7:16:b6:20:fa:5c:1e:c6:
         d3:34:8d:cd
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQfjAQ2dUQv5nNlenDoYAlRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjUwZTUzODZjODA5YTBmYWU2NTMwYWE1ZThkOTgyNTI1
MWRlZDAwHhcNMjUwMTAxMDE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWUzZTY0ODM3ZGZkMDQwNzJjZWZiNTE5MTEyMDNjZWY3MmFmOTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3vzOS2NCBGuZX7NJFpoZaZUHD47
ySM+E3wibnhJ9vSD/Lw1nufAS7sf2oEo5cKGgn0KkH1xLc5txwFEYf1eYOS5K+mh
hzPyex2g5qz+Njgg0NWhZYSP65z8n5xnLpWMlw4uRfCVnxYwb0qs3jmzNE6NLUtw
eRpKJlMI+eztXORSDUCSUSpwgmc3XWksniZfR70s+RLInUDxram2XtS4bAO0xl92
gXly8iMsBogUvOKeOiT6LsMjTcfzbsdPs++irDlgYi/dEYg+DqWIrfSHWNMhDxsY
yFj0GaxyTmipqszzevzwJWjJZjPBIoZDVALzxuIX9YQKpwFNe2vf0T7S/QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFOrj5kg339BAcs77UZESA873KvllMB8GA1UdIwQY
MBaAFJ61DlOGyAmg+uZTCqXo2YJSUd7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUt
MWNhZGE2ZThiMWE5LzEvNnVQbVNEZmYwRUJ5enZ0UmtSSUR6dmNxLVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iNTQ2NDEtYTk1YS00YWRkLWE0NWUtMWNhZGE2ZThiMWE5
LzEvbnJVT1U0YklDYUQ2NWxNS3BlalpnbEpSM3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAZ/b5MA4E
AgACMAgDBgQqEjIA8DANBgkqhkiG9w0BAQsFAAOCAQEA4CQ9ebS7mHf3A1OItgpF
5IEnoEs01e1NJEmDtfguhuu34CXQrHpw8rKRDC3Fo50DwPjjIOwKMcUHqO+2wmua
tTU5zEL0nn2xOmQnWglUUNS0xg2GGjHe9V0BVeja3H7CVdbE+Bok8lsH22zN5VeH
0A2Q3NuGusF1eoPqqI7GS/hqTxVLrCjFd8suAsRNPd6vo9a/XIfYimSuLfSN5r4P
AqmmRvUSZ+kkhccJA5Zbj8NdJt32wf8F22lSByAZf89R8MapnoXZjEBO7R+j6EzC
UwuH7aJURWSWuXH00J9lBqgLbnH3aHkz4csVc+oqVjKrlKNwwscWtiD6XB7G0zSN
zQ==
-----END CERTIFICATE-----