Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d31361-096d-4a8d-ab4f-c3dc739425a1/1/6I3Ul79wxRN6W37mo7nUpqwqt0s.roa
File:                     6I3Ul79wxRN6W37mo7nUpqwqt0s.roa (raw, json)
Hash identifier:          J9bvPeLp8sfcjLoyxN9ggYT+mX3AB6I6+8a1daK3z1U=
Subject key identifier:   E8:8D:D4:97:BF:70:C5:13:7A:5B:7E:E6:A3:B9:D4:A6:AC:2A:B7:4B
Certificate issuer:       /CN=0698a5536490d70c8e37b76f32da684f1229d9ba
Certificate serial:       0196EE11DE0A380110FEEF5B23A0D17DC081
Authority key identifier: 06:98:A5:53:64:90:D7:0C:8E:37:B7:6F:32:DA:68:4F:12:29:D9:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpilU2SQ1wyON7dvMtpoTxIp2bo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d31361-096d-4a8d-ab4f-c3dc739425a1/1/6I3Ul79wxRN6W37mo7nUpqwqt0s.roa
Signing time:             Tue 20 May 2025 14:21:10 +0000
ROA not before:           Tue 20 May 2025 14:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212594
IP address blocks:        2001:678:c4c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d31361-096d-4a8d-ab4f-c3dc739425a1/1/BpilU2SQ1wyON7dvMtpoTxIp2bo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d31361-096d-4a8d-ab4f-c3dc739425a1/1/BpilU2SQ1wyON7dvMtpoTxIp2bo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpilU2SQ1wyON7dvMtpoTxIp2bo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 14:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ee:11:de:0a:38:01:10:fe:ef:5b:23:a0:d1:7d:c0:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0698a5536490d70c8e37b76f32da684f1229d9ba
        Validity
            Not Before: May 20 14:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e88dd497bf70c5137a5b7ee6a3b9d4a6ac2ab74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8a:bd:49:40:d9:dd:0b:52:e6:ea:87:71:93:
                    2a:d9:e5:ce:90:09:ca:6b:51:af:8d:09:76:42:98:
                    cf:71:26:28:00:66:05:62:7e:10:a1:98:55:3d:1e:
                    ea:dc:4e:66:98:e1:f3:4d:8a:7b:ba:a6:63:cc:81:
                    e4:bd:5a:d8:1c:0e:eb:09:14:a1:a4:01:d7:52:83:
                    5d:f6:f5:93:76:dd:34:1d:98:10:4b:0f:11:82:56:
                    f3:ea:66:bc:31:ee:ea:4b:8e:56:81:0c:c0:fb:98:
                    38:7b:77:73:ec:2c:bc:60:28:55:93:31:b4:20:ca:
                    af:a3:11:f6:9b:8b:7c:1c:7c:ff:14:97:c9:42:10:
                    95:8e:4a:63:f3:fa:4a:57:c3:4e:6c:72:10:7e:fa:
                    d1:d4:a2:e4:17:1a:8f:ec:4f:e7:df:a2:ab:83:ba:
                    8a:2d:13:69:a1:4f:7e:47:fa:8a:35:27:02:b5:ca:
                    73:90:60:04:a4:0c:fc:99:2c:90:e3:e6:51:29:41:
                    94:9a:cb:a0:2b:b0:cc:16:59:ab:41:6d:1a:af:76:
                    18:a5:f3:40:dc:23:38:a5:78:f3:1d:39:77:4d:ed:
                    8d:b6:94:ac:8f:13:c8:bd:a9:82:4d:0c:59:bb:dd:
                    0c:d7:a9:0f:9e:bf:d0:a6:93:ff:86:b7:31:8d:0e:
                    0b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:8D:D4:97:BF:70:C5:13:7A:5B:7E:E6:A3:B9:D4:A6:AC:2A:B7:4B
            X509v3 Authority Key Identifier:
                keyid:06:98:A5:53:64:90:D7:0C:8E:37:B7:6F:32:DA:68:4F:12:29:D9:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpilU2SQ1wyON7dvMtpoTxIp2bo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d31361-096d-4a8d-ab4f-c3dc739425a1/1/6I3Ul79wxRN6W37mo7nUpqwqt0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d31361-096d-4a8d-ab4f-c3dc739425a1/1/BpilU2SQ1wyON7dvMtpoTxIp2bo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:e9:62:94:0c:f0:b6:63:8c:23:fa:b1:57:f4:4a:7e:15:af:
         33:b4:ae:89:7e:92:43:29:64:b5:cc:db:b5:38:3c:f4:1e:ed:
         6e:be:d5:2e:7b:99:8f:ce:65:85:7f:bc:2d:02:6e:3c:f2:c4:
         82:6d:7a:97:5a:bc:f9:45:4f:07:fe:03:47:bf:4b:24:55:94:
         b4:19:ce:f2:19:de:27:01:97:f7:22:f8:f0:1f:9d:f7:2c:72:
         1f:6e:16:d4:7e:53:42:5e:f0:81:bb:12:f8:90:79:be:28:6b:
         f1:5f:60:dc:37:f9:27:2c:8a:7a:b2:58:e1:8b:f8:3b:73:6b:
         c3:7c:d3:89:80:e4:52:b5:09:1f:be:75:31:af:bd:64:a4:00:
         84:a0:7b:3f:e4:99:ae:8d:b5:aa:d9:fb:de:13:b3:75:c3:4f:
         a6:b3:04:84:4c:cb:4a:6e:e6:d4:ca:bc:e7:e6:ca:21:c9:d5:
         21:3e:f4:c3:f0:bf:95:84:1d:d1:b0:7a:58:b8:52:37:04:da:
         d4:64:85:ed:1a:c5:fd:0b:2a:1b:4f:39:4f:50:11:80:07:28:
         f1:d7:52:24:12:a4:37:eb:08:d8:8e:2f:d9:dd:21:26:b7:55:
         06:36:a6:3d:de:92:1a:c2:e4:a7:b5:db:8a:99:d9:1a:50:34:
         57:8d:17:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbuEd4KOAEQ/u9bI6DRfcCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OThhNTUzNjQ5MGQ3MGM4ZTM3Yjc2ZjMyZGE2ODRmMTIy
OWQ5YmEwHhcNMjUwNTIwMTQyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODhkZDQ5N2JmNzBjNTEzN2E1YjdlZTZhM2I5ZDRhNmFjMmFiNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Iq9SUDZ3QtS5uqHcZMq2eXOkAnK
a1GvjQl2QpjPcSYoAGYFYn4QoZhVPR7q3E5mmOHzTYp7uqZjzIHkvVrYHA7rCRSh
pAHXUoNd9vWTdt00HZgQSw8Rglbz6ma8Me7qS45WgQzA+5g4e3dz7Cy8YChVkzG0
IMqvoxH2m4t8HHz/FJfJQhCVjkpj8/pKV8NObHIQfvrR1KLkFxqP7E/n36Krg7qK
LRNpoU9+R/qKNScCtcpzkGAEpAz8mSyQ4+ZRKUGUmsugK7DMFlmrQW0ar3YYpfNA
3CM4pXjzHTl3Te2NtpSsjxPIvamCTQxZu90M16kPnr/QppP/hrcxjQ4L1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOiN1Je/cMUTelt+5qO51KasKrdLMB8GA1UdIwQY
MBaAFAaYpVNkkNcMjje3bzLaaE8SKdm6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBpbFUyU1Exd3lPTjdkdk10cG9UeElwMmJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMzEzNjEtMDk2ZC00YThkLWFiNGYt
YzNkYzczOTQyNWExLzEvNkkzVWw3OXd4Uk42VzM3bW83blVwcXdxdDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMzEzNjEtMDk2ZC00YThkLWFiNGYtYzNkYzczOTQyNWEx
LzEvQnBpbFUyU1Exd3lPTjdkdk10cG9UeElwMmJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAxM
MA0GCSqGSIb3DQEBCwUAA4IBAQBZ6WKUDPC2Y4wj+rFX9Ep+Fa8ztK6JfpJDKWS1
zNu1ODz0Hu1uvtUue5mPzmWFf7wtAm488sSCbXqXWrz5RU8H/gNHv0skVZS0Gc7y
Gd4nAZf3IvjwH533LHIfbhbUflNCXvCBuxL4kHm+KGvxX2DcN/knLIp6sljhi/g7
c2vDfNOJgORStQkfvnUxr71kpACEoHs/5JmujbWq2fveE7N1w0+mswSETMtKbubU
yrzn5sohydUhPvTD8L+VhB3RsHpYuFI3BNrUZIXtGsX9CyobTzlPUBGAByjx11Ik
EqQ36wjYji/Z3SEmt1UGNqY93pIawuSntduKmdkaUDRXjRdY
-----END CERTIFICATE-----