Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bgndW0CmBQuiHxQFDGV1p4kfQ0w.roa
File:                     bgndW0CmBQuiHxQFDGV1p4kfQ0w.roa (raw, json)
Hash identifier:          69wNM6Nj33ysdv0n+TRiRf/aZRUnSe2bA4XmQXvr6Ug=
Subject key identifier:   6E:09:DD:5B:40:A6:05:0B:A2:1F:14:05:0C:65:75:A7:89:1F:43:4C
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       019425FDC5EDC6E480BC45299AF6F33BC619
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bgndW0CmBQuiHxQFDGV1p4kfQ0w.roa
Signing time:             Thu 02 Jan 2025 07:49:35 +0000
ROA not before:           Thu 02 Jan 2025 07:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51803
IP address blocks:        2a0a:2c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c5:ed:c6:e4:80:bc:45:29:9a:f6:f3:3b:c6:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 07:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e09dd5b40a6050ba21f14050c6575a7891f434c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:60:e4:5d:c0:ea:aa:93:36:c2:cb:aa:ea:2c:
                    20:e7:b3:ef:f6:e3:67:54:9f:b4:7a:d7:b6:08:9c:
                    78:e6:bc:21:9f:98:a1:6d:a2:fc:aa:46:69:09:86:
                    58:60:f6:96:57:07:0e:89:7c:b8:6f:18:33:b6:0b:
                    e4:bd:e3:93:a8:83:c7:85:e9:0f:83:ea:d4:a6:bf:
                    2b:ea:12:68:08:eb:47:ab:07:d9:fa:00:2c:d8:24:
                    7a:69:d4:ee:51:bb:f7:91:76:dc:b9:e7:bb:04:87:
                    08:49:24:10:32:16:2e:b6:1f:84:59:a9:f3:7e:df:
                    96:62:ca:84:f2:d8:2c:b5:de:3d:61:34:0d:49:59:
                    a3:ae:fc:70:bc:02:1f:6f:20:f5:f2:bd:8a:78:04:
                    aa:18:c5:b6:85:ab:f3:66:3b:6e:ce:be:b4:45:13:
                    08:ed:54:ce:e4:b6:e5:b0:25:32:7b:70:a5:f5:69:
                    05:89:53:13:cb:66:24:25:3f:84:a9:0c:22:d6:33:
                    be:56:1b:bd:e0:1e:3c:71:05:ca:1a:ca:18:29:d1:
                    49:0c:cc:55:1c:38:b2:c9:f0:d5:ca:aa:b9:a2:6d:
                    63:2b:30:88:57:03:ba:a9:ca:e1:a9:3b:32:24:52:
                    be:f1:bb:80:39:e4:62:23:78:9f:02:cf:e6:7c:88:
                    62:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:09:DD:5B:40:A6:05:0B:A2:1F:14:05:0C:65:75:A7:89:1F:43:4C
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bgndW0CmBQuiHxQFDGV1p4kfQ0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:1e:e4:35:60:48:46:46:6a:56:0a:9a:18:71:77:08:7f:9f:
         37:54:3f:3d:e2:cb:d3:2a:25:5c:cb:c3:14:32:78:1b:bf:1e:
         70:10:0e:0a:23:7e:22:03:c8:fd:8a:5e:9d:60:33:62:13:71:
         f3:48:9f:7a:3e:a5:10:f4:1a:44:b6:ed:fb:08:14:a2:48:4d:
         ca:1b:c5:3e:2b:a0:96:d2:f8:b7:fd:15:6b:2e:62:d2:b7:05:
         1b:73:0b:be:43:2a:ba:82:d1:11:f0:af:2e:c8:7e:9d:d1:6a:
         69:7c:53:14:bd:8a:c9:6d:0e:41:fd:7f:89:0d:96:8b:71:db:
         0b:16:e0:fe:ac:74:e6:34:54:a6:e2:ac:a8:c2:e9:99:13:53:
         ac:ec:8d:83:aa:15:1e:1c:2e:33:a0:f6:cc:ac:55:6e:89:c6:
         8a:49:60:06:0a:13:df:28:6f:a0:b5:69:53:61:d5:46:60:32:
         fc:7d:e2:3e:f4:6d:6a:58:0f:40:c9:26:19:74:56:8a:b0:b1:
         14:09:32:b4:fb:61:06:32:2c:eb:e0:f5:7c:dc:7f:f7:0f:33:
         9f:e3:1c:c2:b4:88:d7:3b:77:92:c9:37:79:3d:25:fb:3c:ab:
         22:7c:ed:8a:7d:34:bd:0d:2d:63:4b:69:69:40:f0:75:c4:5b:
         99:df:42:50
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/cXtxuSAvEUpmvbzO8YZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjUwMTAyMDc0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTA5ZGQ1YjQwYTYwNTBiYTIxZjE0MDUwYzY1NzVhNzg5MWY0MzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WDkXcDqqpM2wsuq6iwg57Pv9uNn
VJ+0ete2CJx45rwhn5ihbaL8qkZpCYZYYPaWVwcOiXy4bxgztgvkveOTqIPHhekP
g+rUpr8r6hJoCOtHqwfZ+gAs2CR6adTuUbv3kXbcuee7BIcISSQQMhYuth+EWanz
ft+WYsqE8tgstd49YTQNSVmjrvxwvAIfbyD18r2KeASqGMW2havzZjtuzr60RRMI
7VTO5LblsCUye3Cl9WkFiVMTy2YkJT+EqQwi1jO+Vhu94B48cQXKGsoYKdFJDMxV
HDiyyfDVyqq5om1jKzCIVwO6qcrhqTsyJFK+8buAOeRiI3ifAs/mfIhi/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG4J3VtApgULoh8UBQxldaeJH0NMMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvYmduZFcwQ21CUXVpSHhRRkRHVjFwNGtmUTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgoCwTAN
BgkqhkiG9w0BAQsFAAOCAQEAkB7kNWBIRkZqVgqaGHF3CH+fN1Q/PeLL0yolXMvD
FDJ4G78ecBAOCiN+IgPI/YpenWAzYhNx80ifej6lEPQaRLbt+wgUokhNyhvFPiug
ltL4t/0Vay5i0rcFG3MLvkMquoLREfCvLsh+ndFqaXxTFL2KyW0OQf1/iQ2Wi3Hb
Cxbg/qx05jRUpuKsqMLpmRNTrOyNg6oVHhwuM6D2zKxVbonGiklgBgoT3yhvoLVp
U2HVRmAy/H3iPvRtalgPQMkmGXRWirCxFAkytPthBjIs6+D1fNx/9w8zn+McwrSI
1zt3ksk3eT0l+zyrInztin00vQ0tY0tpaUDwdcRbmd9CUA==
-----END CERTIFICATE-----