Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/21b6ntDP_41WHw4JgmJy5QMFjgw.roa
File:                     21b6ntDP_41WHw4JgmJy5QMFjgw.roa (raw, json)
Hash identifier:          OyGhDdjF1Bm2rSEG2L631phdq3gbyPG0iQYpMEVeFPo=
Subject key identifier:   DB:56:FA:9E:D0:CF:FF:8D:56:1F:0E:09:82:62:72:E5:03:05:8E:0C
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       0194228D4263FF15C8C28B33AB7E4BC95008
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/21b6ntDP_41WHw4JgmJy5QMFjgw.roa
Signing time:             Wed 01 Jan 2025 15:47:50 +0000
ROA not before:           Wed 01 Jan 2025 15:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24940
IP address blocks:        2a0d:2146:8180::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:42:63:ff:15:c8:c2:8b:33:ab:7e:4b:c9:50:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan  1 15:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db56fa9ed0cfff8d561f0e09826272e503058e0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a2:8a:a5:99:ee:9b:7b:f4:78:9c:57:9a:64:
                    39:93:86:d5:cc:d4:9d:74:9c:f8:47:85:34:2a:73:
                    da:cb:10:d9:35:b2:31:c5:ed:6d:36:23:8f:63:c1:
                    2a:6a:65:f9:05:7d:6c:12:69:fb:62:bc:92:64:a7:
                    23:44:13:1c:32:65:4c:b5:86:97:f1:b3:57:cb:01:
                    85:a1:ce:56:de:0d:c4:63:0f:84:70:81:c9:9e:b9:
                    56:fd:ae:66:ea:c8:31:f9:11:8a:5b:19:40:38:11:
                    7a:99:1e:e3:91:36:37:9a:1b:6d:d1:02:09:66:bd:
                    bb:ef:be:9b:99:23:9b:89:b6:90:51:cb:b0:5b:df:
                    9a:ad:8a:ff:6b:66:43:18:99:53:61:55:22:63:7d:
                    b5:2b:62:ee:a8:22:df:4a:b9:9e:05:39:b8:f4:9e:
                    37:d3:84:45:61:7d:1a:7f:7e:05:7a:4a:5e:54:54:
                    65:38:0e:13:fe:67:87:b3:d4:56:c8:ce:29:a3:c5:
                    5c:af:fc:6d:9d:82:04:8d:d8:95:bb:1a:de:16:50:
                    35:b1:ff:fe:96:04:97:84:03:b3:d1:fe:6e:8e:43:
                    10:26:af:07:6b:5a:51:0b:15:ca:28:95:e4:db:21:
                    db:6f:7d:62:ae:9a:8e:e9:3f:63:30:0c:e4:4a:98:
                    09:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:56:FA:9E:D0:CF:FF:8D:56:1F:0E:09:82:62:72:E5:03:05:8E:0C
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/21b6ntDP_41WHw4JgmJy5QMFjgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2146:8180::/44

    Signature Algorithm: sha256WithRSAEncryption
         8e:0c:45:15:93:75:db:1b:03:ea:74:0d:18:32:dc:92:01:a7:
         38:48:8c:ff:4a:f6:7f:c8:13:b0:1b:8c:f5:28:3a:23:eb:47:
         4f:f4:f4:5f:03:b9:49:d9:da:02:a8:dd:70:05:26:f0:cf:88:
         28:b2:e8:b8:23:0b:73:17:b9:19:3c:0a:c4:7a:b6:d1:dc:2e:
         ab:3f:1c:51:ca:03:77:a5:f6:7e:17:be:b2:c2:05:85:f9:e1:
         5f:6e:5b:83:7e:69:fb:e5:84:81:dc:ab:e3:91:ac:93:11:5f:
         a5:eb:9a:0f:db:88:2f:33:79:8b:06:67:42:7e:e0:1b:a3:0b:
         f0:c8:30:a6:e9:ee:30:74:81:51:39:59:3e:23:63:9c:06:43:
         52:4c:13:4f:36:6b:c9:5f:67:f4:1d:f3:e2:0c:25:b2:6c:72:
         89:6c:f3:0f:dc:6f:26:c0:e0:48:ca:33:95:e8:83:2e:90:36:
         8b:4d:f5:4e:9b:e8:f1:71:9d:f1:81:3b:3b:06:99:03:59:48:
         d6:4f:99:b4:8d:68:c2:fb:dc:32:2b:25:ca:e0:5b:3c:17:87:
         89:0e:25:1e:15:ad:be:12:65:49:91:2b:e0:4e:75:c5:bc:b7:
         f3:20:95:6c:89:99:0a:54:01:7a:32:8d:c1:bf:66:2c:55:50:
         0a:a3:b0:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijUJj/xXIwoszq35LyVAIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjUwMTAxMTU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjU2ZmE5ZWQwY2ZmZjhkNTYxZjBlMDk4MjYyNzJlNTAzMDU4ZTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaKKpZnum3v0eJxXmmQ5k4bVzNSd
dJz4R4U0KnPayxDZNbIxxe1tNiOPY8EqamX5BX1sEmn7YrySZKcjRBMcMmVMtYaX
8bNXywGFoc5W3g3EYw+EcIHJnrlW/a5m6sgx+RGKWxlAOBF6mR7jkTY3mhtt0QIJ
Zr27776bmSObibaQUcuwW9+arYr/a2ZDGJlTYVUiY321K2LuqCLfSrmeBTm49J43
04RFYX0af34FekpeVFRlOA4T/meHs9RWyM4po8Vcr/xtnYIEjdiVuxreFlA1sf/+
lgSXhAOz0f5ujkMQJq8Ha1pRCxXKKJXk2yHbb31irpqO6T9jMAzkSpgJmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNtW+p7Qz/+NVh8OCYJicuUDBY4MMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvMjFiNm50RFBfNDFXSHc0SmdtSnk1UU1Gamd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0hRoGA
MA0GCSqGSIb3DQEBCwUAA4IBAQCODEUVk3XbGwPqdA0YMtySAac4SIz/SvZ/yBOw
G4z1KDoj60dP9PRfA7lJ2doCqN1wBSbwz4gosui4IwtzF7kZPArEerbR3C6rPxxR
ygN3pfZ+F76ywgWF+eFfbluDfmn75YSB3KvjkayTEV+l65oP24gvM3mLBmdCfuAb
owvwyDCm6e4wdIFROVk+I2OcBkNSTBNPNmvJX2f0HfPiDCWybHKJbPMP3G8mwOBI
yjOV6IMukDaLTfVOm+jxcZ3xgTs7BpkDWUjWT5m0jWjC+9wyKyXK4Fs8F4eJDiUe
Fa2+EmVJkSvgTnXFvLfzIJVsiZkKVAF6Mo3Bv2YsVVAKo7AI
-----END CERTIFICATE-----