Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/G1nDGEYcV0zuKzKuOXzDx75r3GI.roa
File:                     G1nDGEYcV0zuKzKuOXzDx75r3GI.roa (raw, json)
Hash identifier:          41u/KL+MWJdDf84HJGznj8QmpQB0mJMrGBzkwlxjtIc=
Subject key identifier:   1B:59:C3:18:46:1C:57:4C:EE:2B:32:AE:39:7C:C3:C7:BE:6B:DC:62
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019423D7E010B63B180CB3A501933AEE6F07
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/G1nDGEYcV0zuKzKuOXzDx75r3GI.roa
Signing time:             Wed 01 Jan 2025 21:48:57 +0000
ROA not before:           Wed 01 Jan 2025 21:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42093
IP address blocks:        2a06:c3c0:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e0:10:b6:3b:18:0c:b3:a5:01:93:3a:ee:6f:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 21:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b59c318461c574cee2b32ae397cc3c7be6bdc62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:40:a3:47:d6:6c:d6:e9:ea:16:88:7c:3b:62:
                    71:49:f7:e3:f0:ad:e6:d3:8a:bf:cd:2a:a9:1c:ec:
                    ba:d8:e3:db:a8:cd:e1:95:92:c4:a4:f6:76:d7:a3:
                    ab:cf:8f:aa:cd:da:5d:2f:c2:42:ba:2b:ef:19:b5:
                    93:78:fc:56:7e:ad:e1:35:a1:fc:90:66:24:f5:fd:
                    e3:be:b8:6e:a1:1d:e0:c1:a6:e7:1b:df:f7:4a:12:
                    6f:b2:f9:fb:8f:c8:2c:44:8d:d5:b3:1c:64:1b:06:
                    8c:25:87:a9:2e:f4:f2:ac:ad:81:49:ef:18:a2:d7:
                    a6:fe:58:61:ba:08:98:9f:14:07:93:c2:79:89:47:
                    ef:f5:55:0d:12:e7:18:c4:a0:6c:db:be:70:dd:ce:
                    4d:bd:6c:c7:16:07:3b:e0:ab:db:97:9b:64:29:f2:
                    17:24:7c:b1:29:1c:fa:42:eb:cf:2f:17:14:91:e4:
                    15:19:12:12:d9:72:5d:d6:20:7e:f7:cc:e7:c6:ca:
                    27:ef:db:56:65:1c:e3:20:1b:4c:0f:a2:ed:61:96:
                    9f:84:01:ea:be:a0:e2:ae:d5:e4:bb:65:89:9c:47:
                    78:0d:5c:ce:17:53:98:2c:83:f2:04:af:f7:bf:8b:
                    29:b1:5d:19:d7:d7:2e:ec:71:72:b0:e4:8c:a7:7b:
                    d6:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:59:C3:18:46:1C:57:4C:EE:2B:32:AE:39:7C:C3:C7:BE:6B:DC:62
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/G1nDGEYcV0zuKzKuOXzDx75r3GI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:c3c0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:97:4e:9f:f0:f2:0a:20:59:f7:08:7f:ee:c6:df:4a:43:6e:
         1a:01:da:fd:5d:32:54:85:32:96:ad:c5:8c:5d:38:6b:c4:bb:
         15:57:47:0a:81:1d:51:23:87:27:80:6f:f7:96:55:4c:c4:e7:
         3b:5f:e2:a5:5c:6a:c4:74:9a:93:8c:e7:fe:4a:c6:ed:9f:7b:
         94:ea:85:e8:d3:ce:7b:b6:83:9c:02:81:6b:74:14:07:3f:8c:
         2a:41:ee:e0:1f:69:71:91:c8:29:34:8f:fa:71:cd:7b:2c:91:
         c7:35:f1:c9:c2:02:9b:8d:f3:84:1b:47:7c:de:55:44:93:4b:
         95:b6:e9:21:6a:11:74:e8:ed:f4:81:32:0b:b8:c3:3a:88:77:
         de:c1:26:4f:1f:61:0f:dd:65:db:3d:69:fd:0d:ce:3f:05:69:
         7e:32:5a:c3:29:ec:43:d4:88:93:98:a8:25:f0:88:66:83:65:
         0e:b6:17:a6:d7:88:0f:51:f3:37:e5:4b:4f:48:9f:41:b7:8d:
         1f:7d:b5:d4:13:a8:e1:ac:0c:2a:dc:12:ef:44:ba:f1:df:54:
         a4:6e:67:0e:72:0f:63:30:0b:aa:19:ed:f1:b6:92:cd:54:15:
         2b:3f:4a:2d:3f:1d:76:f7:28:4c:69:1d:4d:24:73:47:22:8a:
         12:43:d9:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj1+AQtjsYDLOlAZM67m8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwMTAxMjE0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjU5YzMxODQ2MWM1NzRjZWUyYjMyYWUzOTdjYzNjN2JlNmJkYzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UCjR9Zs1unqFoh8O2JxSffj8K3m
04q/zSqpHOy62OPbqM3hlZLEpPZ216Orz4+qzdpdL8JCuivvGbWTePxWfq3hNaH8
kGYk9f3jvrhuoR3gwabnG9/3ShJvsvn7j8gsRI3VsxxkGwaMJYepLvTyrK2BSe8Y
otem/lhhugiYnxQHk8J5iUfv9VUNEucYxKBs275w3c5NvWzHFgc74Kvbl5tkKfIX
JHyxKRz6QuvPLxcUkeQVGRIS2XJd1iB+98znxson79tWZRzjIBtMD6LtYZafhAHq
vqDirtXku2WJnEd4DVzOF1OYLIPyBK/3v4spsV0Z19cu7HFysOSMp3vWWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBtZwxhGHFdM7isyrjl8w8e+a9xiMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvRzFuREdFWWNWMHp1S3pLdU9YekR4NzVyM0dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbDwAAD
MA0GCSqGSIb3DQEBCwUAA4IBAQBnl06f8PIKIFn3CH/uxt9KQ24aAdr9XTJUhTKW
rcWMXThrxLsVV0cKgR1RI4cngG/3llVMxOc7X+KlXGrEdJqTjOf+Ssbtn3uU6oXo
0857toOcAoFrdBQHP4wqQe7gH2lxkcgpNI/6cc17LJHHNfHJwgKbjfOEG0d83lVE
k0uVtukhahF06O30gTILuMM6iHfewSZPH2EP3WXbPWn9Dc4/BWl+MlrDKexD1IiT
mKgl8Ihmg2UOthem14gPUfM35UtPSJ9Bt40ffbXUE6jhrAwq3BLvRLrx31SkbmcO
cg9jMAuqGe3xtpLNVBUrP0otPx129yhMaR1NJHNHIooSQ9kW
-----END CERTIFICATE-----