Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/a5CofPxS02DnAUUS9BR-MfOlQu4.roa
File:                     a5CofPxS02DnAUUS9BR-MfOlQu4.roa (raw, json)
Hash identifier:          LylucOp1UfCFOp+5ipOtc4LcLveZAw9S3wnaBKPFnAA=
Subject key identifier:   6B:90:A8:7C:FC:52:D3:60:E7:01:45:12:F4:14:7E:31:F3:A5:42:EE
Certificate issuer:       /CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
Certificate serial:       01956BE674F3757A671407BE1DD35ECAC7DF
Authority key identifier: CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/a5CofPxS02DnAUUS9BR-MfOlQu4.roa
Signing time:             Thu 06 Mar 2025 14:40:20 +0000
ROA not before:           Thu 06 Mar 2025 14:40:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215059
IP address blocks:        2a06:da80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6b:e6:74:f3:75:7a:67:14:07:be:1d:d3:5e:ca:c7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
        Validity
            Not Before: Mar  6 14:40:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b90a87cfc52d360e7014512f4147e31f3a542ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:be:6d:5c:08:48:a7:62:52:31:a1:3b:c8:f5:
                    cd:92:49:26:5f:5d:50:ae:08:ef:47:0e:4e:ae:fb:
                    cc:84:b0:c2:0b:3c:4a:53:c3:d8:0a:a2:7e:d3:43:
                    68:cf:e5:55:bc:60:bb:4a:c8:d5:5a:88:1c:b6:2d:
                    64:56:d7:c6:b4:d9:ef:f0:74:41:6c:0e:89:a1:cc:
                    bb:36:d6:ac:a8:f1:8b:f7:5c:ed:66:5c:f4:6b:9b:
                    ec:b2:4b:9f:9d:ff:a8:cb:8c:dd:d9:c6:6f:3e:ac:
                    27:2c:b2:5a:e1:a3:9f:7e:af:08:a9:fd:b7:cd:0d:
                    58:19:01:d7:a1:48:4a:05:f2:f8:b8:89:37:ba:bc:
                    24:95:a7:8f:b7:83:7b:ad:c4:03:49:b8:17:0b:a1:
                    25:ea:84:50:4e:8c:34:c6:ef:38:29:e4:f4:e8:b8:
                    92:f6:40:0f:ef:6d:7b:9e:2d:e1:4d:54:e6:3e:aa:
                    f6:d1:79:65:a3:cc:89:75:ef:22:50:61:b5:32:ec:
                    ac:93:41:bd:8f:e4:c4:04:d9:78:ec:96:b8:e1:02:
                    27:77:fe:aa:a3:7c:c2:30:79:b4:08:4e:fe:ee:9a:
                    cd:05:b4:cd:f8:7f:f7:3b:6b:f5:5c:a2:37:f7:ef:
                    72:76:5a:6d:13:7e:11:b5:ef:d4:f3:c1:12:eb:11:
                    bc:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:90:A8:7C:FC:52:D3:60:E7:01:45:12:F4:14:7E:31:F3:A5:42:EE
            X509v3 Authority Key Identifier:
                keyid:CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/a5CofPxS02DnAUUS9BR-MfOlQu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:da80::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:65:f4:3e:53:4f:a7:48:ea:bf:c4:aa:6f:e3:7e:42:b6:f1:
         df:57:8c:67:a5:a9:c4:09:ce:e7:64:fc:fa:c1:91:59:7c:6e:
         e7:e6:11:05:94:9d:ec:70:c0:7b:4e:18:09:d5:3c:b7:7f:01:
         e1:94:a4:ce:b7:89:2a:f0:57:ad:b1:4a:6c:6e:68:1b:ee:d4:
         1f:95:8e:27:e3:44:1f:02:7c:c4:fb:bf:e7:90:b4:ee:fd:8c:
         cb:b2:6b:c5:2c:80:62:ae:c6:ed:f9:8a:78:cf:71:ae:69:9d:
         c5:2f:5d:01:07:f4:b7:f1:f0:fb:60:b1:d2:ce:3e:90:d3:96:
         fa:8a:a9:85:1e:4d:6c:e6:a5:09:39:3a:a7:a7:84:90:70:df:
         54:ce:6e:16:3c:e4:72:c0:dd:b7:10:84:21:52:18:c6:6e:af:
         49:17:e1:a1:cb:6c:6f:0d:d3:7c:19:ad:2f:72:d6:f8:f0:51:
         73:db:84:ee:33:07:e3:d6:a6:cc:12:ad:2f:43:57:73:1f:5d:
         72:18:c2:01:a4:be:4d:2e:9e:cd:a1:7b:48:4f:aa:da:8a:35:
         08:97:bf:a7:39:6e:56:f6:61:82:16:0b:fc:34:e3:c3:16:65:
         6c:1b:e9:a5:9a:0d:eb:b8:c5:b3:a8:df:73:8d:c9:57:41:a6:
         19:56:76:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVr5nTzdXpnFAe+HdNeysffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYzQ3OGRkOWNjZDYxNjJmODI0ODhhYzZmYzUwYzIxZDM2
OWYyYTAwHhcNMjUwMzA2MTQ0MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjkwYTg3Y2ZjNTJkMzYwZTcwMTQ1MTJmNDE0N2UzMWYzYTU0MmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjL5tXAhIp2JSMaE7yPXNkkkmX11Q
rgjvRw5OrvvMhLDCCzxKU8PYCqJ+00Noz+VVvGC7SsjVWogcti1kVtfGtNnv8HRB
bA6Jocy7NtasqPGL91ztZlz0a5vsskufnf+oy4zd2cZvPqwnLLJa4aOffq8Iqf23
zQ1YGQHXoUhKBfL4uIk3urwklaePt4N7rcQDSbgXC6El6oRQTow0xu84KeT06LiS
9kAP7217ni3hTVTmPqr20Xllo8yJde8iUGG1Muysk0G9j+TEBNl47Ja44QInd/6q
o3zCMHm0CE7+7prNBbTN+H/3O2v1XKI39+9ydlptE34Rte/U88ES6xG8bwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGuQqHz8UtNg5wFFEvQUfjHzpULuMB8GA1UdIwQY
MBaAFMzEeN2czWFi+CSIrG/FDCHTafKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUt
NDI4NTk5ODM5MmQzLzEvYTVDb2ZQeFMwMkRuQVVVUzlCUi1NZk9sUXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUtNDI4NTk5ODM5MmQz
LzEvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgbagDAN
BgkqhkiG9w0BAQsFAAOCAQEAA2X0PlNPp0jqv8Sqb+N+Qrbx31eMZ6WpxAnO52T8
+sGRWXxu5+YRBZSd7HDAe04YCdU8t38B4ZSkzreJKvBXrbFKbG5oG+7UH5WOJ+NE
HwJ8xPu/55C07v2My7JrxSyAYq7G7fmKeM9xrmmdxS9dAQf0t/Hw+2Cx0s4+kNOW
+oqphR5NbOalCTk6p6eEkHDfVM5uFjzkcsDdtxCEIVIYxm6vSRfhoctsbw3TfBmt
L3LW+PBRc9uE7jMH49amzBKtL0NXcx9dchjCAaS+TS6ezaF7SE+q2oo1CJe/pzlu
VvZhghYL/DTjwxZlbBvppZoN67jFs6jfc43JV0GmGVZ2WA==
-----END CERTIFICATE-----