Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/MI904WmPdL5oiRhP7S6FeaCAFak.roa
File:                     MI904WmPdL5oiRhP7S6FeaCAFak.roa (raw, json)
Hash identifier:          scgaazBwq6y+Oc9C9eGo0W4xwalauzkyjxbQ4wwwgLU=
Subject key identifier:   30:8F:74:E1:69:8F:74:BE:68:89:18:4F:ED:2E:85:79:A0:80:15:A9
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       019426D9F10B61CE0F9F607FD8A493AA23AB
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/MI904WmPdL5oiRhP7S6FeaCAFak.roa
Signing time:             Thu 02 Jan 2025 11:50:04 +0000
ROA not before:           Thu 02 Jan 2025 11:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201566
IP address blocks:        2a0e:a6c7:1000::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f1:0b:61:ce:0f:9f:60:7f:d8:a4:93:aa:23:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: Jan  2 11:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=308f74e1698f74be6889184fed2e8579a08015a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ba:43:d8:f8:6d:e4:22:01:b5:63:ee:cb:f7:
                    30:dd:e5:88:77:ca:33:fc:7b:b1:b0:ca:c2:4d:81:
                    8f:d8:b7:83:fa:77:d6:71:80:98:d2:31:d7:ed:de:
                    b6:4b:34:51:61:cf:6c:95:6d:0a:f2:02:f4:14:5f:
                    e9:02:73:00:ef:01:bd:07:88:a2:7b:83:48:a8:25:
                    f3:d0:5b:70:be:b6:6a:01:d5:0e:a4:45:aa:b9:13:
                    a8:42:ad:d6:99:79:9c:33:7b:a0:15:33:9e:da:f2:
                    ea:b3:b1:e4:6c:26:0c:b6:7c:95:7b:b8:9e:af:63:
                    3f:6f:7a:a9:15:7a:55:62:d5:56:9b:67:66:8d:48:
                    df:84:8e:9f:bd:31:5b:0e:7c:8f:6d:da:d8:59:4f:
                    d6:62:a0:00:3f:d4:b2:89:b1:4e:7a:56:33:9c:8f:
                    98:f6:04:58:5f:40:b1:45:a6:5d:24:5c:6d:ac:63:
                    7d:81:a7:bf:15:68:47:59:35:79:b9:8c:e5:dc:b6:
                    81:ee:c7:c2:6c:72:97:10:a6:10:42:33:e9:78:20:
                    31:12:dc:97:aa:b2:c3:97:0b:dc:c4:7b:84:d3:56:
                    7c:5a:b8:a0:7a:64:3a:29:76:26:53:0b:8d:a9:dd:
                    a2:0e:84:6a:58:3f:ab:76:34:69:c9:3f:11:56:37:
                    34:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:8F:74:E1:69:8F:74:BE:68:89:18:4F:ED:2E:85:79:A0:80:15:A9
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/MI904WmPdL5oiRhP7S6FeaCAFak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:a6c7:1000::/38

    Signature Algorithm: sha256WithRSAEncryption
         55:07:b2:15:9c:d0:46:22:99:af:75:0a:47:dd:bf:f0:20:c5:
         ae:86:4c:d0:db:48:83:bc:93:5f:ae:72:eb:17:0e:74:31:b2:
         05:5b:5a:13:83:ce:98:9a:98:fc:1c:71:0d:eb:64:cb:ef:e0:
         e0:48:bd:8d:aa:90:cd:e6:1d:10:99:cd:c1:7f:01:2d:9a:58:
         07:e2:ae:11:82:f5:6c:c6:25:4a:48:6a:74:97:1a:cb:0e:f2:
         d1:a9:a3:06:79:36:7e:53:11:0a:63:87:b6:b3:55:a9:d7:fa:
         a3:29:96:e1:99:49:b2:7b:f7:23:49:9d:7b:8a:7a:2e:b6:97:
         7f:2a:97:3a:10:63:0e:1c:95:f8:93:c3:d4:f0:da:83:9c:0f:
         a2:5f:b6:80:c8:db:b8:f9:99:ce:61:2a:4c:03:6d:ca:08:3c:
         a2:38:5f:a5:e1:7f:06:da:0b:42:01:98:2d:80:36:3e:c7:ec:
         20:26:aa:25:7d:5b:0c:43:a7:5b:ff:24:49:56:b9:cf:63:7f:
         e9:cb:d6:e2:ea:77:bf:7a:2a:c1:f2:c4:31:cd:19:75:15:86:
         de:fe:1e:99:c3:f8:c8:f7:9a:dc:0c:f2:6f:d8:41:8d:a0:e2:
         e4:de:fa:fc:2d:17:2e:51:fb:18:c1:30:d3:9d:ae:49:68:66:
         79:8f:63:48
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQm2fELYc4Pn2B/2KSTqiOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjUwMTAyMTE1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDhmNzRlMTY5OGY3NGJlNjg4OTE4NGZlZDJlODU3OWEwODAxNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7pD2Pht5CIBtWPuy/cw3eWId8oz
/HuxsMrCTYGP2LeD+nfWcYCY0jHX7d62SzRRYc9slW0K8gL0FF/pAnMA7wG9B4ii
e4NIqCXz0FtwvrZqAdUOpEWquROoQq3WmXmcM3ugFTOe2vLqs7HkbCYMtnyVe7ie
r2M/b3qpFXpVYtVWm2dmjUjfhI6fvTFbDnyPbdrYWU/WYqAAP9SyibFOelYznI+Y
9gRYX0CxRaZdJFxtrGN9gae/FWhHWTV5uYzl3LaB7sfCbHKXEKYQQjPpeCAxEtyX
qrLDlwvcxHuE01Z8WrigemQ6KXYmUwuNqd2iDoRqWD+rdjRpyT8RVjc0AwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDCPdOFpj3S+aIkYT+0uhXmggBWpMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvTUk5MDRXbVBkTDVvaVJoUDdTNkZlYUNBRmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKg6mxxAw
DQYJKoZIhvcNAQELBQADggEBAFUHshWc0EYima91Ckfdv/Agxa6GTNDbSIO8k1+u
cusXDnQxsgVbWhODzpiamPwccQ3rZMvv4OBIvY2qkM3mHRCZzcF/AS2aWAfirhGC
9WzGJUpIanSXGssO8tGpowZ5Nn5TEQpjh7azVanX+qMpluGZSbJ79yNJnXuKei62
l38qlzoQYw4clfiTw9Tw2oOcD6JftoDI27j5mc5hKkwDbcoIPKI4X6XhfwbaC0IB
mC2ANj7H7CAmqiV9WwxDp1v/JElWuc9jf+nL1uLqd796KsHyxDHNGXUVht7+HpnD
+Mj3mtwM8m/YQY2g4uTe+vwtFy5R+xjBMNOdrkloZnmPY0g=
-----END CERTIFICATE-----