Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/aDS6YMCzOKNGt_fdPH8rD2EqERE.roa
File:                     aDS6YMCzOKNGt_fdPH8rD2EqERE.roa (raw, json)
Hash identifier:          EmZdINDIvUEaNFDiN6itzMDSGZ5e6bJP+GZQfG4efsI=
Subject key identifier:   68:34:BA:60:C0:B3:38:A3:46:B7:F7:DD:3C:7F:2B:0F:61:2A:11:11
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019427463515D50F33910F0CF2FEB0791580
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/aDS6YMCzOKNGt_fdPH8rD2EqERE.roa
Signing time:             Thu 02 Jan 2025 13:48:20 +0000
ROA not before:           Thu 02 Jan 2025 13:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210842
IP address blocks:        2a0d:2681::/32 maxlen: 48
                          2a0d:2684::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:35:15:d5:0f:33:91:0f:0c:f2:fe:b0:79:15:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 13:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6834ba60c0b338a346b7f7dd3c7f2b0f612a1111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:94:32:d4:87:90:a0:23:c4:56:ee:18:fa:9d:
                    15:23:7d:96:71:4b:b1:ec:6d:98:18:31:a6:67:aa:
                    48:3b:0f:4a:06:f8:eb:7f:ad:78:dd:e5:9e:04:8e:
                    e5:8d:1b:1e:6e:5a:6c:05:92:33:df:a4:8a:f4:22:
                    dc:27:94:2a:47:2a:eb:d8:92:bf:01:4d:60:25:b6:
                    5b:58:3f:5c:73:65:67:57:21:ed:2f:1c:8e:24:63:
                    14:ab:22:a5:fb:ad:ed:99:92:de:48:7f:5b:6c:4e:
                    5d:8f:6a:28:01:8c:f3:0a:30:8d:c4:9e:0f:a3:8f:
                    16:aa:86:2a:7d:ea:f0:b6:07:9d:6e:40:e7:13:4a:
                    92:9e:89:06:b6:4c:33:4f:79:b9:15:af:44:04:63:
                    b7:e4:c4:9b:82:2e:ee:59:20:97:25:a7:63:95:42:
                    9d:27:98:8e:85:be:4a:91:cc:99:ce:4a:f0:f9:8d:
                    43:91:18:3c:b9:5e:25:1a:82:ae:57:bf:53:85:25:
                    52:90:50:a4:1d:33:06:e5:8e:40:f6:8f:2b:9a:a6:
                    2c:b7:f3:dc:c7:df:18:66:ea:6e:42:f6:4f:eb:0d:
                    86:b8:dd:aa:9d:e6:9a:04:ac:d4:7d:94:2f:70:58:
                    c7:db:54:70:28:00:05:8f:33:d1:db:a9:ef:c5:07:
                    de:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:34:BA:60:C0:B3:38:A3:46:B7:F7:DD:3C:7F:2B:0F:61:2A:11:11
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/aDS6YMCzOKNGt_fdPH8rD2EqERE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2681::/32
                  2a0d:2684::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:4a:26:e1:f4:d6:ef:bd:76:94:b5:ef:a5:05:ba:96:98:f1:
         71:9f:fc:c7:0e:23:1d:ae:24:06:87:01:48:14:b2:be:02:69:
         fa:ea:86:bf:9e:6d:da:e0:86:83:07:4d:bc:a5:a6:f3:c0:1e:
         5a:fb:58:59:28:ae:62:18:f5:d3:16:c5:bb:94:fa:97:1b:bf:
         61:4c:fd:13:15:1a:b0:18:96:ad:74:41:ee:a5:36:3d:b7:8e:
         07:a4:49:d6:55:dd:bc:b2:91:38:18:5b:4e:66:ae:bb:5f:43:
         e9:c9:e2:d7:b5:31:5c:aa:a4:ff:7a:07:d9:7e:35:5f:82:e4:
         f9:28:de:b6:76:19:95:21:08:5a:54:a5:00:bd:82:e5:81:97:
         3a:36:1d:e3:aa:6c:fa:2f:d5:bb:5a:1a:bf:1d:c1:13:15:62:
         94:f0:4b:9c:55:7f:d1:44:d9:f3:2c:ae:63:d5:5c:c8:94:91:
         42:15:a6:2e:ed:e8:e3:30:ff:28:b8:c3:f2:6b:d8:c5:e5:06:
         ac:42:80:c2:4f:93:25:5a:0c:8b:66:5b:ae:15:b2:6f:af:3d:
         cf:4a:12:ca:2b:c3:50:19:12:38:62:42:a5:48:1b:53:16:98:
         46:65:22:6e:89:b7:7d:9b:91:68:22:58:95:94:f3:d5:6d:ba:
         8a:25:61:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQnRjUV1Q8zkQ8M8v6weRWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjUwMTAyMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODM0YmE2MGMwYjMzOGEzNDZiN2Y3ZGQzYzdmMmIwZjYxMmExMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75Qy1IeQoCPEVu4Y+p0VI32WcUux
7G2YGDGmZ6pIOw9KBvjrf6143eWeBI7ljRseblpsBZIz36SK9CLcJ5QqRyrr2JK/
AU1gJbZbWD9cc2VnVyHtLxyOJGMUqyKl+63tmZLeSH9bbE5dj2ooAYzzCjCNxJ4P
o48WqoYqferwtgedbkDnE0qSnokGtkwzT3m5Fa9EBGO35MSbgi7uWSCXJadjlUKd
J5iOhb5KkcyZzkrw+Y1DkRg8uV4lGoKuV79ThSVSkFCkHTMG5Y5A9o8rmqYst/Pc
x98YZupuQvZP6w2GuN2qneaaBKzUfZQvcFjH21RwKAAFjzPR26nvxQfe3wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGg0umDAszijRrf33Tx/Kw9hKhERMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvYURTNllNQ3pPS05HdF9mZFBIOHJEMkVxRVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg0mgQMF
ACoNJoQwDQYJKoZIhvcNAQELBQADggEBAE5KJuH01u+9dpS176UFupaY8XGf/McO
Ix2uJAaHAUgUsr4Cafrqhr+ebdrghoMHTbylpvPAHlr7WFkormIY9dMWxbuU+pcb
v2FM/RMVGrAYlq10Qe6lNj23jgekSdZV3byykTgYW05mrrtfQ+nJ4te1MVyqpP96
B9l+NV+C5Pko3rZ2GZUhCFpUpQC9guWBlzo2HeOqbPov1btaGr8dwRMVYpTwS5xV
f9FE2fMsrmPVXMiUkUIVpi7t6OMw/yi4w/Jr2MXlBqxCgMJPkyVaDItmW64Vsm+v
Pc9KEsorw1AZEjhiQqVIG1MWmEZlIm6Jt32bkWgiWJWU89VtuoolYY8=
-----END CERTIFICATE-----