Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6Y6-_OXr-ZZ8zhhrZFFGofyFOsw.roa
File:                     6Y6-_OXr-ZZ8zhhrZFFGofyFOsw.roa (raw, json)
Hash identifier:          ECXGuRUlsuqppEZrM7JK50k90EJMgII4bsGewjDyDac=
Subject key identifier:   E9:8E:BE:FC:E5:EB:F9:96:7C:CE:18:6B:64:51:46:A1:FC:85:3A:CC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194759E76A7A584D662F6F2AACCE31824BE
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6Y6-_OXr-ZZ8zhhrZFFGofyFOsw.roa
Signing time:             Fri 17 Jan 2025 18:55:06 +0000
ROA not before:           Fri 17 Jan 2025 18:55:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200237
IP address blocks:        2a06:de01:f0::/44 maxlen: 48
                          2a06:de01:f0::/48 maxlen: 48
                          2a06:de01:f1::/48 maxlen: 48
                          2a06:de01:fd::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:75:9e:76:a7:a5:84:d6:62:f6:f2:aa:cc:e3:18:24:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 17 18:55:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e98ebefce5ebf9967cce186b645146a1fc853acc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:73:13:53:b6:ed:20:cf:e8:08:3b:93:76:5a:
                    a4:14:6d:9c:df:b9:b6:16:aa:47:44:a5:95:20:f2:
                    83:17:59:47:bc:c6:3e:11:5f:40:45:c9:96:a5:06:
                    f0:b8:64:df:6d:b6:a0:8f:1c:6f:ac:3b:a0:e7:68:
                    44:4e:cb:c8:15:af:38:90:74:38:24:7c:eb:19:b8:
                    57:fb:39:5a:97:48:5a:dc:ac:e8:8f:d6:f6:26:bb:
                    2f:1c:ff:c2:96:c8:d7:94:62:f8:70:a1:02:52:51:
                    eb:59:68:af:b0:f7:10:64:38:4c:73:01:fc:a0:ee:
                    6b:00:bc:f2:d6:66:64:51:df:f5:52:35:cc:17:e2:
                    40:57:f6:09:27:c9:44:b2:17:9e:af:64:eb:bc:0a:
                    a0:ce:4e:1a:39:37:01:8b:f6:0c:00:3c:8d:68:3a:
                    4e:4f:4f:12:9e:54:27:7d:ec:bf:b0:eb:9a:16:ff:
                    a6:0c:92:fe:2d:26:09:57:de:1d:4c:f2:41:8c:27:
                    5f:ea:8d:61:20:8b:ba:3e:59:6f:ef:1c:9f:c6:41:
                    12:89:31:83:ec:f0:1b:ff:55:9c:19:bf:2d:50:ef:
                    27:41:a2:d7:7b:26:3e:6f:aa:f1:25:04:6d:bf:39:
                    6b:df:11:27:b4:78:04:9b:90:83:b0:fc:1a:0a:2b:
                    26:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:8E:BE:FC:E5:EB:F9:96:7C:CE:18:6B:64:51:46:A1:FC:85:3A:CC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6Y6-_OXr-ZZ8zhhrZFFGofyFOsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         92:ff:01:77:ea:2c:c9:a8:2b:2b:16:f5:0c:ee:96:c2:95:9c:
         78:38:09:05:25:65:75:4b:87:1e:c8:99:71:3c:ff:b8:ad:62:
         e9:ff:56:12:ff:2f:81:be:3b:37:ee:3f:0f:61:02:09:05:4b:
         10:87:91:ad:46:58:c8:40:8f:e9:53:73:76:06:71:2c:53:90:
         00:ac:36:c5:8d:0e:32:bd:93:28:51:95:a9:5e:50:2d:0c:73:
         e2:05:5d:38:33:a6:2e:d6:d1:a8:2b:62:ff:4e:50:88:98:07:
         29:7c:3f:fc:62:cb:05:68:ad:ea:3e:90:f3:0b:1a:39:d5:2f:
         b4:71:b9:61:57:46:36:02:61:79:b8:05:da:d0:ee:99:25:e9:
         04:0e:8a:e7:fc:63:d4:03:66:c3:2a:19:11:82:4f:2e:04:2d:
         28:82:eb:7b:a4:03:35:6b:0c:b4:6e:93:d1:00:7e:94:8c:6b:
         f3:a6:3e:e9:73:25:95:f0:0f:d0:d4:af:51:e8:58:ca:42:12:
         79:76:4c:82:37:4d:75:0d:08:4c:f6:c0:b3:6a:6d:d5:33:ad:
         8a:d9:42:8e:f5:ad:b7:97:83:c3:c6:bb:9d:2f:f7:b7:52:43:
         09:85:ed:ed:bd:4c:7e:c2:9b:f2:d4:3b:59:15:8b:24:4d:44:
         10:1d:d6:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZR1nnanpYTWYvbyqszjGCS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTE3MTg1NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOThlYmVmY2U1ZWJmOTk2N2NjZTE4NmI2NDUxNDZhMWZjODUzYWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXMTU7btIM/oCDuTdlqkFG2c37m2
FqpHRKWVIPKDF1lHvMY+EV9ARcmWpQbwuGTfbbagjxxvrDug52hETsvIFa84kHQ4
JHzrGbhX+zlal0ha3Kzoj9b2JrsvHP/ClsjXlGL4cKECUlHrWWivsPcQZDhMcwH8
oO5rALzy1mZkUd/1UjXMF+JAV/YJJ8lEsheer2TrvAqgzk4aOTcBi/YMADyNaDpO
T08SnlQnfey/sOuaFv+mDJL+LSYJV94dTPJBjCdf6o1hIIu6Pllv7xyfxkESiTGD
7PAb/1WcGb8tUO8nQaLXeyY+b6rxJQRtvzlr3xEntHgEm5CDsPwaCism1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOmOvvzl6/mWfM4Ya2RRRqH8hTrMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNlk2LV9PWHItWlo4emhoclpGRkdvZnlGT3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbeAQDw
MA0GCSqGSIb3DQEBCwUAA4IBAQCS/wF36izJqCsrFvUM7pbClZx4OAkFJWV1S4ce
yJlxPP+4rWLp/1YS/y+Bvjs37j8PYQIJBUsQh5GtRljIQI/pU3N2BnEsU5AArDbF
jQ4yvZMoUZWpXlAtDHPiBV04M6Yu1tGoK2L/TlCImAcpfD/8YssFaK3qPpDzCxo5
1S+0cblhV0Y2AmF5uAXa0O6ZJekEDorn/GPUA2bDKhkRgk8uBC0ogut7pAM1awy0
bpPRAH6UjGvzpj7pcyWV8A/Q1K9R6FjKQhJ5dkyCN011DQhM9sCzam3VM62K2UKO
9a23l4PDxrudL/e3UkMJhe3tvUx+wpvy1DtZFYskTUQQHdZI
-----END CERTIFICATE-----