Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/ZCbIcF0GaldOLtUYof19sqbakss.roa
File:                     ZCbIcF0GaldOLtUYof19sqbakss.roa (raw, json)
Hash identifier:          gNWCQlz3oJejIcSvnhZoA0kGCGPgLjhKUohnu1qe2EQ=
Subject key identifier:   64:26:C8:70:5D:06:6A:57:4E:2E:D5:18:A1:FD:7D:B2:A6:DA:92:CB
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019427463934C1778B9D61785DF8DFB2D1AF
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/ZCbIcF0GaldOLtUYof19sqbakss.roa
Signing time:             Thu 02 Jan 2025 13:48:21 +0000
ROA not before:           Thu 02 Jan 2025 13:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216126
IP address blocks:        2a05:1082::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:39:34:c1:77:8b:9d:61:78:5d:f8:df:b2:d1:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 13:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6426c8705d066a574e2ed518a1fd7db2a6da92cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0f:c8:65:97:60:50:f1:85:96:50:11:fe:1c:
                    c8:fd:62:a8:71:c9:e4:5e:37:49:81:4f:9a:96:1d:
                    16:a2:86:ca:e2:73:f4:d3:39:78:88:cc:d3:a0:3c:
                    6f:92:98:31:66:5d:75:4c:2c:05:4a:f4:b7:5c:33:
                    a9:2b:10:8d:f7:1a:7e:f8:86:61:d9:88:2c:33:5c:
                    c1:ea:7f:35:02:c7:02:ea:e0:87:dd:e4:56:d8:56:
                    df:d6:85:4b:b0:da:9d:19:18:15:23:a9:ad:1d:b5:
                    e0:df:cb:17:67:f6:60:3c:3e:4b:19:77:5d:e3:a7:
                    4b:c0:8e:75:39:b8:90:26:59:bf:30:ae:35:b7:ae:
                    6e:6b:15:67:00:2c:03:98:52:ae:ed:2d:32:e7:ed:
                    77:b9:d0:62:39:e9:2d:8f:0a:73:75:fa:e9:91:fa:
                    06:1d:65:3b:49:7f:b9:07:39:5b:7d:98:35:38:f0:
                    05:81:c6:99:75:ea:da:cd:f7:c8:13:7d:67:77:f3:
                    c0:fd:18:8d:81:ff:10:ff:fc:fe:01:73:16:88:d0:
                    ed:ac:7c:5a:af:c0:d0:42:a6:74:4a:1e:3b:b9:48:
                    89:15:d2:03:e2:39:1b:6b:68:2c:d1:1f:01:4f:46:
                    75:31:df:06:8f:ac:76:79:0e:c2:2f:65:20:8c:e5:
                    8d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:26:C8:70:5D:06:6A:57:4E:2E:D5:18:A1:FD:7D:B2:A6:DA:92:CB
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/ZCbIcF0GaldOLtUYof19sqbakss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1082::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:c1:de:28:2d:d2:23:59:9a:f6:77:61:26:30:b0:27:2a:ca:
         64:f8:52:ed:15:70:06:ae:4c:fc:fb:8f:4a:16:89:81:6e:5c:
         93:d9:e7:4f:3f:1e:72:89:be:50:2d:38:08:84:4e:f7:46:05:
         e1:54:f0:2d:cf:b3:4c:a4:a7:bd:f7:a3:c5:c0:0c:8a:f1:9e:
         65:be:84:fe:43:30:44:6a:86:9e:41:0c:dd:1d:d5:6e:5d:fb:
         55:60:1b:43:b0:79:57:20:8d:29:fd:35:c0:bd:43:17:de:dc:
         f6:e2:c6:f4:9b:82:c1:da:75:6d:f6:fa:50:b6:f8:83:ef:ae:
         94:28:bc:57:d7:83:d4:d6:0b:b2:a9:6d:47:cb:c8:3b:46:25:
         e1:e2:29:95:b5:d9:57:7d:6e:21:27:98:6c:14:a6:81:6c:93:
         17:5a:04:93:cd:1e:43:b9:53:99:b5:bb:48:ae:ba:b1:48:ae:
         9a:4a:69:ac:c5:45:ff:99:9b:bb:50:27:6a:30:df:a9:69:be:
         14:72:c6:a6:c5:5f:c5:98:35:48:17:86:60:6c:a5:4c:32:cd:
         29:cd:3a:95:da:84:39:a0:2e:ab:ac:0e:d5:33:00:17:97:c3:
         69:57:f6:5c:8a:0d:f6:fc:93:70:a2:78:1f:0e:d8:fa:96:74:
         45:1f:e8:ab
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnRjk0wXeLnWF4XfjfstGvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjUwMTAyMTM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDI2Yzg3MDVkMDY2YTU3NGUyZWQ1MThhMWZkN2RiMmE2ZGE5MmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQ/IZZdgUPGFllAR/hzI/WKoccnk
XjdJgU+alh0WoobK4nP00zl4iMzToDxvkpgxZl11TCwFSvS3XDOpKxCN9xp++IZh
2YgsM1zB6n81AscC6uCH3eRW2Fbf1oVLsNqdGRgVI6mtHbXg38sXZ/ZgPD5LGXdd
46dLwI51ObiQJlm/MK41t65uaxVnACwDmFKu7S0y5+13udBiOektjwpzdfrpkfoG
HWU7SX+5BzlbfZg1OPAFgcaZderazffIE31nd/PA/RiNgf8Q//z+AXMWiNDtrHxa
r8DQQqZ0Sh47uUiJFdID4jkba2gs0R8BT0Z1Md8Gj6x2eQ7CL2UgjOWNvwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGQmyHBdBmpXTi7VGKH9fbKm2pLLMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvWkNiSWNGMEdhbGRPTHRVWW9mMTlzcWJha3NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUQgjAN
BgkqhkiG9w0BAQsFAAOCAQEAPsHeKC3SI1ma9ndhJjCwJyrKZPhS7RVwBq5M/PuP
ShaJgW5ck9nnTz8ecom+UC04CIRO90YF4VTwLc+zTKSnvfejxcAMivGeZb6E/kMw
RGqGnkEM3R3Vbl37VWAbQ7B5VyCNKf01wL1DF97c9uLG9JuCwdp1bfb6ULb4g++u
lCi8V9eD1NYLsqltR8vIO0Yl4eIplbXZV31uISeYbBSmgWyTF1oEk80eQ7lTmbW7
SK66sUiumkpprMVF/5mbu1AnajDfqWm+FHLGpsVfxZg1SBeGYGylTDLNKc06ldqE
OaAuq6wO1TMAF5fDaVf2XIoN9vyTcKJ4Hw7Y+pZ0RR/oqw==
-----END CERTIFICATE-----