Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f6b60b-5808-48a2-8203-1ca3fbbfba3f/1/IaAYctjYC9OdNTPcnTixy2ccUzU.roa
File:                     IaAYctjYC9OdNTPcnTixy2ccUzU.roa (raw, json)
Hash identifier:          eOFbMC4GCXw4TW2u0+c7a73RmqtvjAxvsy3+jqBN21w=
Subject key identifier:   21:A0:18:72:D8:D8:0B:D3:9D:35:33:DC:9D:38:B1:CB:67:1C:53:35
Certificate issuer:       /CN=96271b62d18e4ac77c6109690eaae4cc34d0e9b6
Certificate serial:       019474044D51719D8192FC43A403A4785BCB
Authority key identifier: 96:27:1B:62:D1:8E:4A:C7:7C:61:09:69:0E:AA:E4:CC:34:D0:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/licbYtGOSsd8YQlpDqrkzDTQ6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f6b60b-5808-48a2-8203-1ca3fbbfba3f/1/IaAYctjYC9OdNTPcnTixy2ccUzU.roa
Signing time:             Fri 17 Jan 2025 11:27:06 +0000
ROA not before:           Fri 17 Jan 2025 11:27:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        2a06:ef06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f6b60b-5808-48a2-8203-1ca3fbbfba3f/1/licbYtGOSsd8YQlpDqrkzDTQ6bY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f6b60b-5808-48a2-8203-1ca3fbbfba3f/1/licbYtGOSsd8YQlpDqrkzDTQ6bY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/licbYtGOSsd8YQlpDqrkzDTQ6bY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 23:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:74:04:4d:51:71:9d:81:92:fc:43:a4:03:a4:78:5b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96271b62d18e4ac77c6109690eaae4cc34d0e9b6
        Validity
            Not Before: Jan 17 11:27:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21a01872d8d80bd39d3533dc9d38b1cb671c5335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:18:f0:cb:ff:e1:ae:31:94:a0:6f:c0:65:df:
                    33:19:5f:03:cf:67:63:49:26:63:94:ba:65:4c:58:
                    7b:e6:cf:1a:ce:a9:54:a7:96:5d:67:93:5e:fe:f6:
                    b8:11:dd:b2:e5:56:f4:4e:8e:85:08:76:6b:d5:2e:
                    f8:8c:dd:c1:7b:02:ee:5a:46:be:b8:40:2c:1d:61:
                    72:30:e5:7b:a1:6b:dd:54:78:d1:6f:4e:52:53:9a:
                    a5:46:fa:75:15:ae:d9:c4:28:fc:52:a1:73:1e:5a:
                    eb:d2:c3:d9:ef:72:b8:69:11:f9:03:4b:2d:29:06:
                    22:9b:39:88:1b:8d:59:ee:4b:90:4a:eb:de:ea:17:
                    ca:f1:85:69:05:d1:0c:93:60:70:6f:98:2a:75:e3:
                    2c:6b:06:70:4d:79:86:de:21:0c:d1:5c:cb:6a:68:
                    ec:7e:99:d4:16:97:80:be:13:d8:75:d1:cf:4f:9b:
                    eb:af:a6:ea:dd:17:81:b3:ef:3b:56:e7:2c:db:a5:
                    d7:dd:26:1e:e6:dd:82:b5:41:b9:1a:5a:76:d5:f8:
                    e3:37:2b:94:3a:4d:03:87:ef:6d:22:4f:40:9d:42:
                    05:aa:33:60:ac:1a:8a:1f:a3:c6:6f:bc:f9:6e:bf:
                    45:85:9d:73:79:c7:f0:cd:c9:95:2d:5d:f1:89:f8:
                    b8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A0:18:72:D8:D8:0B:D3:9D:35:33:DC:9D:38:B1:CB:67:1C:53:35
            X509v3 Authority Key Identifier:
                keyid:96:27:1B:62:D1:8E:4A:C7:7C:61:09:69:0E:AA:E4:CC:34:D0:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/licbYtGOSsd8YQlpDqrkzDTQ6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f6b60b-5808-48a2-8203-1ca3fbbfba3f/1/IaAYctjYC9OdNTPcnTixy2ccUzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f6b60b-5808-48a2-8203-1ca3fbbfba3f/1/licbYtGOSsd8YQlpDqrkzDTQ6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:ef06::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:14:21:2d:be:e5:fe:a9:1c:74:25:64:c5:c6:b9:e2:de:9c:
         01:ed:95:af:1c:09:7e:6a:4d:5d:09:6d:e1:e1:0b:51:c6:4c:
         0a:ff:5c:a6:18:7d:cc:7f:33:7d:64:28:51:c0:32:e4:7f:17:
         36:6b:f1:20:0e:12:e6:00:c1:31:ff:7a:3f:fb:ce:08:ee:1e:
         48:06:f2:91:dc:0e:a8:aa:30:31:65:18:b6:87:50:c4:15:51:
         a7:4e:ce:05:a4:22:4b:0d:98:e4:43:56:c0:6f:7c:53:46:38:
         b4:ec:aa:4d:d4:cc:32:f4:67:29:b9:34:a6:53:95:1f:22:84:
         4f:1d:4d:49:4d:43:dd:7b:52:dd:43:ee:05:4f:02:a3:15:d5:
         ba:cd:4c:1b:44:fe:61:11:13:e9:b4:79:cf:7f:f8:88:b7:d3:
         e2:53:f8:95:13:1c:cc:70:54:de:26:ad:08:8b:39:3b:87:69:
         cd:9b:2d:e8:41:f8:a6:98:c8:df:36:42:9a:40:dd:58:44:42:
         e9:0c:b2:5a:fa:9a:47:3b:51:3c:92:5f:a7:fd:ab:e1:42:84:
         0c:dd:6a:c6:6e:00:b2:ca:3e:2c:90:26:a8:7d:5b:96:99:97:
         b7:5c:39:9f:a1:f7:18:00:a7:20:69:75:02:dd:01:38:5d:c3:
         00:ba:59:44
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZR0BE1RcZ2BkvxDpAOkeFvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MjcxYjYyZDE4ZTRhYzc3YzYxMDk2OTBlYWFlNGNjMzRk
MGU5YjYwHhcNMjUwMTE3MTEyNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWEwMTg3MmQ4ZDgwYmQzOWQzNTMzZGM5ZDM4YjFjYjY3MWM1MzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBjwy//hrjGUoG/AZd8zGV8Dz2dj
SSZjlLplTFh75s8azqlUp5ZdZ5Ne/va4Ed2y5Vb0To6FCHZr1S74jN3BewLuWka+
uEAsHWFyMOV7oWvdVHjRb05SU5qlRvp1Fa7ZxCj8UqFzHlrr0sPZ73K4aRH5A0st
KQYimzmIG41Z7kuQSuve6hfK8YVpBdEMk2Bwb5gqdeMsawZwTXmG3iEM0VzLamjs
fpnUFpeAvhPYddHPT5vrr6bq3ReBs+87Vucs26XX3SYe5t2CtUG5Glp21fjjNyuU
Ok0Dh+9tIk9AnUIFqjNgrBqKH6PGb7z5br9FhZ1zecfwzcmVLV3xifi40QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCGgGHLY2AvTnTUz3J04sctnHFM1MB8GA1UdIwQY
MBaAFJYnG2LRjkrHfGEJaQ6q5Mw00Om2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGljYll0R09Tc2Q4WVFscERxcmt6RFRRNmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mNmI2MGItNTgwOC00OGEyLTgyMDMt
MWNhM2ZiYmZiYTNmLzEvSWFBWWN0allDOU9kTlRQY25UaXh5MmNjVXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mNmI2MGItNTgwOC00OGEyLTgyMDMtMWNhM2ZiYmZiYTNm
LzEvbGljYll0R09Tc2Q4WVFscERxcmt6RFRRNmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbvBjAN
BgkqhkiG9w0BAQsFAAOCAQEACxQhLb7l/qkcdCVkxca54t6cAe2VrxwJfmpNXQlt
4eELUcZMCv9cphh9zH8zfWQoUcAy5H8XNmvxIA4S5gDBMf96P/vOCO4eSAbykdwO
qKowMWUYtodQxBVRp07OBaQiSw2Y5ENWwG98U0Y4tOyqTdTMMvRnKbk0plOVHyKE
Tx1NSU1D3XtS3UPuBU8CoxXVus1MG0T+YRET6bR5z3/4iLfT4lP4lRMczHBU3iat
CIs5O4dpzZst6EH4ppjI3zZCmkDdWERC6QyyWvqaRztRPJJfp/2r4UKEDN1qxm4A
sso+LJAmqH1blpmXt1w5n6H3GACnIGl1At0BOF3DALpZRA==
-----END CERTIFICATE-----