Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/MD6AOVBHN_-LgxDm2ZlersgyJKk.roa
File:                     MD6AOVBHN_-LgxDm2ZlersgyJKk.roa (raw, json)
Hash identifier:          4j3LUBb4euKIGGHq4H2eMaM+Zr2FlMtQTvTSfk3XBMk=
Subject key identifier:   30:3E:80:39:50:47:37:FF:8B:83:10:E6:D9:99:5E:AE:C8:32:24:A9
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01942748387E81253D4F66F6BEFBC55F90BF
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/MD6AOVBHN_-LgxDm2ZlersgyJKk.roa
Signing time:             Thu 02 Jan 2025 13:50:32 +0000
ROA not before:           Thu 02 Jan 2025 13:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39827
IP address blocks:        2a04:3a40::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:38:7e:81:25:3d:4f:66:f6:be:fb:c5:5f:90:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=303e8039504737ff8b8310e6d9995eaec83224a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:51:58:f3:f3:f1:6f:e6:67:b0:07:bf:27:8d:
                    52:1d:d9:46:97:1e:94:3a:28:d7:0a:d4:ca:d5:c3:
                    be:67:25:7e:e3:32:4d:fa:0f:7a:9d:a8:d5:04:f7:
                    0b:bb:f1:e2:86:ed:33:46:be:4f:e0:94:8d:ef:f5:
                    4c:bf:da:50:dd:36:42:08:fa:7d:90:56:f2:85:43:
                    12:b8:8f:28:22:00:ec:0e:3f:4a:db:73:fb:c4:13:
                    8f:00:6a:87:bc:f4:91:62:cd:18:55:c3:e1:0a:c5:
                    a2:6e:77:f0:42:cd:a4:7a:35:b4:c9:ee:30:a0:34:
                    6c:76:be:f8:16:88:1a:8a:a6:4f:87:1a:7c:6b:65:
                    f2:df:e6:f5:6f:1d:87:39:86:ff:bc:64:b6:21:b7:
                    31:70:d4:7b:c5:a7:4c:e4:74:7d:2e:d2:09:0f:a2:
                    4d:8e:0e:8e:0c:9a:8f:28:e9:f0:1b:f4:0f:69:44:
                    28:65:ea:5b:6e:50:a9:16:ce:5b:83:92:41:3b:fa:
                    30:d8:c9:f6:0e:b0:48:ce:41:ff:66:54:81:31:12:
                    58:03:61:9b:8f:94:8e:c2:34:37:06:6b:11:6b:01:
                    f4:16:39:95:89:32:4e:32:9d:63:9c:a6:82:41:6e:
                    94:70:06:5e:74:82:b2:f0:7c:bb:eb:31:6c:86:a5:
                    8e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3E:80:39:50:47:37:FF:8B:83:10:E6:D9:99:5E:AE:C8:32:24:A9
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/MD6AOVBHN_-LgxDm2ZlersgyJKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:3a40::/33

    Signature Algorithm: sha256WithRSAEncryption
         7b:a6:67:d3:f3:ff:67:b7:5a:b9:6c:b9:31:45:65:9e:b3:7c:
         ce:12:0a:ee:25:7e:3a:34:96:0b:35:af:41:05:09:50:f8:18:
         72:59:a9:1f:e7:e1:f4:03:d7:9a:af:f7:29:32:d2:6b:78:b0:
         9c:a4:eb:56:86:7f:0f:90:4a:7d:2e:21:2b:03:d2:ae:2d:0c:
         02:80:46:d8:f6:b7:2e:ff:24:48:23:5a:98:34:92:63:e8:48:
         6c:f1:84:02:32:61:ce:cc:bb:65:61:2a:09:58:8d:be:f6:f1:
         b0:16:1b:11:d8:ad:d1:46:67:5f:f5:c9:52:69:84:65:01:6d:
         b4:e0:b2:04:af:eb:6d:9a:b4:83:5f:a5:c4:c8:c0:03:7b:a6:
         cb:29:69:fc:fd:21:22:58:7e:5d:49:1a:02:06:58:0d:0c:dc:
         01:a3:1d:7d:39:6a:b1:d6:1e:fa:d8:3f:5e:32:b6:3c:f5:68:
         4b:44:73:5d:b0:25:d1:71:6e:92:d2:a0:8b:50:13:9b:ae:81:
         02:7a:0c:0d:db:3a:34:5d:56:d0:ef:c3:ff:5c:8d:d3:63:dc:
         ea:24:f3:80:e4:02:56:2c:a7:88:66:82:cd:cd:26:da:ed:27:
         61:f9:ce:9b:a9:ab:e3:1b:ba:4a:d9:7e:99:5b:9c:44:18:7c:
         e3:c3:6b:7f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnSDh+gSU9T2b2vvvFX5C/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDNlODAzOTUwNDczN2ZmOGI4MzEwZTZkOTk5NWVhZWM4MzIyNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlFY8/Pxb+ZnsAe/J41SHdlGlx6U
OijXCtTK1cO+ZyV+4zJN+g96najVBPcLu/Hihu0zRr5P4JSN7/VMv9pQ3TZCCPp9
kFbyhUMSuI8oIgDsDj9K23P7xBOPAGqHvPSRYs0YVcPhCsWibnfwQs2kejW0ye4w
oDRsdr74FogaiqZPhxp8a2Xy3+b1bx2HOYb/vGS2IbcxcNR7xadM5HR9LtIJD6JN
jg6ODJqPKOnwG/QPaUQoZepbblCpFs5bg5JBO/ow2Mn2DrBIzkH/ZlSBMRJYA2Gb
j5SOwjQ3BmsRawH0FjmViTJOMp1jnKaCQW6UcAZedIKy8Hy76zFshqWO0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDA+gDlQRzf/i4MQ5tmZXq7IMiSpMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvTUQ2QU9WQkhOXy1MZ3hEbTJabGVyc2d5SktrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKgQ6QAAw
DQYJKoZIhvcNAQELBQADggEBAHumZ9Pz/2e3WrlsuTFFZZ6zfM4SCu4lfjo0lgs1
r0EFCVD4GHJZqR/n4fQD15qv9yky0mt4sJyk61aGfw+QSn0uISsD0q4tDAKARtj2
ty7/JEgjWpg0kmPoSGzxhAIyYc7Mu2VhKglYjb728bAWGxHYrdFGZ1/1yVJphGUB
bbTgsgSv622atINfpcTIwAN7psspafz9ISJYfl1JGgIGWA0M3AGjHX05arHWHvrY
P14ytjz1aEtEc12wJdFxbpLSoItQE5uugQJ6DA3bOjRdVtDvw/9cjdNj3Ook84Dk
AlYsp4hmgs3NJtrtJ2H5zpupq+MbukrZfplbnEQYfOPDa38=
-----END CERTIFICATE-----