Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/6uraY0RUo083dp6VRDIhaMr-XOw.roa
File:                     6uraY0RUo083dp6VRDIhaMr-XOw.roa (raw, json)
Hash identifier:          84hQ/Wr95yt1TasjhyzEMQBsJDQIG0TsCg+7NafRezY=
Subject key identifier:   EA:EA:DA:63:44:54:A3:4F:37:76:9E:95:44:32:21:68:CA:FE:5C:EC
Certificate issuer:       /CN=66d1f8fb6add272b46c406b1885c93295b1f4b8c
Certificate serial:       01971C8AE86EBC4CF59DA2D190882601D4E2
Authority key identifier: 66:D1:F8:FB:6A:DD:27:2B:46:C4:06:B1:88:5C:93:29:5B:1F:4B:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtH4-2rdJytGxAaxiFyTKVsfS4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/6uraY0RUo083dp6VRDIhaMr-XOw.roa
Signing time:             Thu 29 May 2025 14:55:54 +0000
ROA not before:           Thu 29 May 2025 14:55:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207348
IP address blocks:        2001:678:1090::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/ZtH4-2rdJytGxAaxiFyTKVsfS4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/ZtH4-2rdJytGxAaxiFyTKVsfS4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtH4-2rdJytGxAaxiFyTKVsfS4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:8a:e8:6e:bc:4c:f5:9d:a2:d1:90:88:26:01:d4:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d1f8fb6add272b46c406b1885c93295b1f4b8c
        Validity
            Not Before: May 29 14:55:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eaeada634454a34f37769e9544322168cafe5cec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:80:3b:c6:85:b8:57:1f:45:b7:44:4e:15:b2:
                    b0:b7:65:cb:11:9d:75:f3:58:e5:03:7b:97:e0:72:
                    b5:ec:cc:e6:10:58:44:f0:e3:ea:c8:34:28:87:b1:
                    97:ab:a9:d0:c7:72:99:e0:17:7d:4a:c9:b3:89:e3:
                    b1:94:c2:26:de:84:63:65:33:19:63:52:7f:53:71:
                    10:3c:24:93:f4:88:0b:a5:61:4d:22:bb:e9:68:01:
                    54:d6:67:9d:1b:5c:4d:97:63:3a:e8:b4:f2:12:6d:
                    05:15:33:bf:3a:2e:8e:be:e4:f3:08:c7:b3:8f:4b:
                    75:09:42:9b:ce:f5:2a:70:a9:92:01:0c:94:3a:25:
                    09:7c:bd:42:21:70:31:63:e3:45:aa:cc:8a:6d:d5:
                    28:a4:55:14:0f:28:c0:3b:d2:12:5d:87:a4:41:ec:
                    5a:2c:49:33:56:3d:e0:1d:6a:e0:c8:ed:e6:66:94:
                    bd:99:cc:32:43:99:a3:9b:d7:f3:83:ca:8e:ef:84:
                    81:25:a9:44:a4:da:e7:5f:67:92:90:76:27:20:5c:
                    20:62:0b:9e:8e:ea:3d:03:4e:39:1f:9a:a3:09:ce:
                    bb:b5:b0:ca:c6:3b:35:07:21:7e:c2:f6:46:3c:d6:
                    36:39:20:ee:eb:a3:59:71:3c:b8:c3:a3:18:b1:49:
                    15:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:EA:DA:63:44:54:A3:4F:37:76:9E:95:44:32:21:68:CA:FE:5C:EC
            X509v3 Authority Key Identifier:
                keyid:66:D1:F8:FB:6A:DD:27:2B:46:C4:06:B1:88:5C:93:29:5B:1F:4B:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtH4-2rdJytGxAaxiFyTKVsfS4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/6uraY0RUo083dp6VRDIhaMr-XOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a52f6f-14f8-419c-99d9-a59d1350deec/1/ZtH4-2rdJytGxAaxiFyTKVsfS4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1090::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:c9:cf:0a:d5:c6:ec:82:be:62:7c:7f:58:53:3d:a9:84:1f:
         99:1a:25:d2:77:58:f5:5c:67:6f:ce:32:9c:66:89:b7:0b:c3:
         71:e8:76:a4:17:74:2c:30:e6:77:a4:f8:91:4b:1d:b1:91:a9:
         a6:f6:1f:16:53:fd:5e:73:6f:5e:9d:6e:dc:02:7a:d3:b1:0a:
         74:02:7a:63:3c:0f:25:75:a6:e8:ca:dd:7c:6b:70:bb:a8:b9:
         7f:fe:05:57:4f:d2:1a:0b:50:28:37:cc:b6:2d:ee:37:0d:54:
         23:17:a4:ba:70:0b:d4:86:66:f9:aa:38:6b:ba:df:f4:95:62:
         21:9e:83:4e:c6:ce:dd:6d:ce:03:8c:1c:1f:6f:89:74:a8:21:
         d7:71:4b:9b:56:27:0d:37:41:a4:e7:c1:1d:7c:ba:d8:0d:bc:
         ca:4b:77:0b:f8:76:e5:d4:3e:d0:36:45:11:ee:35:33:9b:5e:
         48:97:c8:b3:f9:31:3f:68:3a:a1:cb:78:61:fd:d7:5e:30:57:
         34:7c:b2:92:17:07:83:b7:8f:25:7f:58:7c:f3:0e:9b:23:7d:
         0b:38:d2:7f:a7:e7:c8:2d:b5:4c:9b:40:cb:65:0c:e6:0a:de:
         bb:bf:5c:e0:d0:c8:b1:0f:dc:44:6c:1d:ff:39:99:eb:b7:b4:
         f3:b5:cf:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZcciuhuvEz1naLRkIgmAdTiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDFmOGZiNmFkZDI3MmI0NmM0MDZiMTg4NWM5MzI5NWIx
ZjRiOGMwHhcNMjUwNTI5MTQ1NTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWVhZGE2MzQ0NTRhMzRmMzc3NjllOTU0NDMyMjE2OGNhZmU1Y2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4A7xoW4Vx9Ft0ROFbKwt2XLEZ11
81jlA3uX4HK17MzmEFhE8OPqyDQoh7GXq6nQx3KZ4Bd9SsmzieOxlMIm3oRjZTMZ
Y1J/U3EQPCST9IgLpWFNIrvpaAFU1medG1xNl2M66LTyEm0FFTO/Oi6OvuTzCMez
j0t1CUKbzvUqcKmSAQyUOiUJfL1CIXAxY+NFqsyKbdUopFUUDyjAO9ISXYekQexa
LEkzVj3gHWrgyO3mZpS9mcwyQ5mjm9fzg8qO74SBJalEpNrnX2eSkHYnIFwgYgue
juo9A045H5qjCc67tbDKxjs1ByF+wvZGPNY2OSDu66NZcTy4w6MYsUkVFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOrq2mNEVKNPN3aelUQyIWjK/lzsMB8GA1UdIwQY
MBaAFGbR+Ptq3ScrRsQGsYhckylbH0uMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRINC0ycmRKeXRHeEFheGlGeVRLVnNmUzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNTJmNmYtMTRmOC00MTljLTk5ZDkt
YTU5ZDEzNTBkZWVjLzEvNnVyYVkwUlVvMDgzZHA2VlJESWhhTXItWE93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNTJmNmYtMTRmOC00MTljLTk5ZDktYTU5ZDEzNTBkZWVj
LzEvWnRINC0ycmRKeXRHeEFheGlGeVRLVnNmUzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBCQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCZyc8K1cbsgr5ifH9YUz2phB+ZGiXSd1j1XGdv
zjKcZom3C8Nx6HakF3QsMOZ3pPiRSx2xkamm9h8WU/1ec29enW7cAnrTsQp0Anpj
PA8ldaboyt18a3C7qLl//gVXT9IaC1AoN8y2Le43DVQjF6S6cAvUhmb5qjhrut/0
lWIhnoNOxs7dbc4DjBwfb4l0qCHXcUubVicNN0Gk58EdfLrYDbzKS3cL+Hbl1D7Q
NkUR7jUzm15Il8iz+TE/aDqhy3hh/ddeMFc0fLKSFweDt48lf1h88w6bI30LONJ/
p+fILbVMm0DLZQzmCt67v1zg0MixD9xEbB3/OZnrt7Tztc+J
-----END CERTIFICATE-----