Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/6BSNFyDmxjJKuKKXuAvPxKEuvHY.roa
File:                     6BSNFyDmxjJKuKKXuAvPxKEuvHY.roa (raw, json)
Hash identifier:          c6KHneV5lWrYB0vjR6eF0or+/RE98WhZucc1FLSvOaw=
Subject key identifier:   E8:14:8D:17:20:E6:C6:32:4A:B8:A2:97:B8:0B:CF:C4:A1:2E:BC:76
Certificate issuer:       /CN=5c32a925c55f1d4e6e40c10f4e8e019b483c1d50
Certificate serial:       0194236A1401D12B6625D69FBD7231B5528E
Authority key identifier: 5C:32:A9:25:C5:5F:1D:4E:6E:40:C1:0F:4E:8E:01:9B:48:3C:1D:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/6BSNFyDmxjJKuKKXuAvPxKEuvHY.roa
Signing time:             Wed 01 Jan 2025 19:49:01 +0000
ROA not before:           Wed 01 Jan 2025 19:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        2a0c:1141::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:14:01:d1:2b:66:25:d6:9f:bd:72:31:b5:52:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c32a925c55f1d4e6e40c10f4e8e019b483c1d50
        Validity
            Not Before: Jan  1 19:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8148d1720e6c6324ab8a297b80bcfc4a12ebc76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:cc:37:1a:a0:cd:44:59:7e:b6:91:dc:29:b8:
                    29:eb:42:be:ca:58:9d:a4:ed:2a:c0:a2:43:8f:1a:
                    73:3f:80:ed:90:8b:44:8b:72:0d:10:4c:30:b8:83:
                    a9:03:fe:a5:c6:f3:c5:9a:42:1d:37:b0:7f:35:63:
                    c8:08:6d:0b:a7:59:5d:e5:cc:57:ee:b0:bd:4b:1d:
                    dd:33:c6:a2:94:ae:00:4b:d8:ed:3e:5e:c5:6b:ba:
                    c6:bf:47:2c:56:9f:1c:64:cf:24:0d:1e:ab:58:43:
                    b8:19:ca:95:b1:88:75:52:c8:e5:82:ac:e1:0a:17:
                    83:6e:36:e6:11:26:2d:91:32:1e:7a:78:9f:c4:11:
                    d5:bb:18:b5:6a:17:b0:6a:d6:e3:28:29:c5:89:7a:
                    23:ce:01:02:8d:6e:26:52:ba:55:b7:6f:e5:4e:64:
                    cd:20:2c:a8:1d:57:a4:6f:35:09:42:c1:67:5d:16:
                    94:32:3f:6b:6a:29:8c:57:2b:0f:32:f4:3e:9f:f2:
                    21:4f:5a:9c:54:34:a6:b4:1e:07:35:f1:f0:37:a5:
                    c1:05:09:ab:4b:35:db:87:85:32:28:cc:10:a9:79:
                    56:5c:ba:af:a2:4e:37:01:e8:45:ef:50:e2:c5:86:
                    30:34:92:e6:b0:16:1b:34:fd:91:d8:28:c6:62:12:
                    a8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:14:8D:17:20:E6:C6:32:4A:B8:A2:97:B8:0B:CF:C4:A1:2E:BC:76
            X509v3 Authority Key Identifier:
                keyid:5C:32:A9:25:C5:5F:1D:4E:6E:40:C1:0F:4E:8E:01:9B:48:3C:1D:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/6BSNFyDmxjJKuKKXuAvPxKEuvHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:1141::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:bf:fe:74:65:b0:f3:9c:1c:36:26:5d:cf:30:58:2e:09:e8:
         0b:bc:17:f5:98:fe:44:55:f1:8a:b5:05:93:ce:8f:a7:d2:36:
         05:9b:55:42:9a:4a:2a:5b:bc:6b:3a:45:48:96:bb:a9:38:f3:
         86:f7:a0:22:17:e4:d2:50:50:d8:2f:75:07:35:46:ca:17:f2:
         2a:a6:cc:07:a0:bc:48:3a:4d:f4:5a:50:6e:e4:4f:7a:94:11:
         67:78:f8:9d:43:eb:f2:cc:28:6b:0b:8f:a4:30:08:37:b7:ef:
         b5:8b:1a:60:eb:86:ed:0e:9d:d6:d1:5e:47:26:0b:1b:6f:c0:
         21:4d:f6:5d:ef:f8:f1:90:44:3e:a7:bf:d5:00:dc:61:c8:5e:
         36:c8:fc:a5:b6:a5:1e:f5:ea:cb:7c:b9:1c:d9:c6:86:1d:f3:
         a2:8d:a2:bf:48:2c:7d:a9:bf:12:29:58:dc:15:53:c1:b8:74:
         24:3b:ef:8d:ef:7c:ac:32:af:2d:0b:ca:bc:ef:6d:4f:bd:c6:
         d7:83:37:8d:b4:36:3b:d7:4d:74:4e:4d:1d:67:5d:a8:29:17:
         09:6e:9e:a9:2d:ae:b8:7a:bb:d5:ba:5d:c5:67:73:e6:f8:a3:
         6c:83:38:4e:35:16:c2:1f:a3:27:62:08:41:0c:45:de:ae:a1:
         c3:5e:09:6d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjahQB0StmJdafvXIxtVKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMzJhOTI1YzU1ZjFkNGU2ZTQwYzEwZjRlOGUwMTliNDgz
YzFkNTAwHhcNMjUwMTAxMTk0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODE0OGQxNzIwZTZjNjMyNGFiOGEyOTdiODBiY2ZjNGExMmViYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sw3GqDNRFl+tpHcKbgp60K+ylid
pO0qwKJDjxpzP4DtkItEi3INEEwwuIOpA/6lxvPFmkIdN7B/NWPICG0Lp1ld5cxX
7rC9Sx3dM8ailK4AS9jtPl7Fa7rGv0csVp8cZM8kDR6rWEO4GcqVsYh1Usjlgqzh
CheDbjbmESYtkTIeenifxBHVuxi1ahewatbjKCnFiXojzgECjW4mUrpVt2/lTmTN
ICyoHVekbzUJQsFnXRaUMj9raimMVysPMvQ+n/IhT1qcVDSmtB4HNfHwN6XBBQmr
SzXbh4UyKMwQqXlWXLqvok43AehF71DixYYwNJLmsBYbNP2R2CjGYhKolQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOgUjRcg5sYySriil7gLz8ShLrx2MB8GA1UdIwQY
MBaAFFwyqSXFXx1ObkDBD06OAZtIPB1QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWERLcEpjVmZIVTV1UU1FUFRvNEJtMGc4SFZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kM2M4ZjctZmY4ZC00MmI4LWE3NjIt
NDUzNzc0MThmYmIyLzEvNkJTTkZ5RG14akpLdUtLWHVBdlB4S0V1dkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kM2M4ZjctZmY4ZC00MmI4LWE3NjItNDUzNzc0MThmYmIy
LzEvWERLcEpjVmZIVTV1UU1FUFRvNEJtMGc4SFZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgwRQTAN
BgkqhkiG9w0BAQsFAAOCAQEAEr/+dGWw85wcNiZdzzBYLgnoC7wX9Zj+RFXxirUF
k86Pp9I2BZtVQppKKlu8azpFSJa7qTjzhvegIhfk0lBQ2C91BzVGyhfyKqbMB6C8
SDpN9FpQbuRPepQRZ3j4nUPr8swoawuPpDAIN7fvtYsaYOuG7Q6d1tFeRyYLG2/A
IU32Xe/48ZBEPqe/1QDcYcheNsj8pbalHvXqy3y5HNnGhh3zoo2iv0gsfam/EilY
3BVTwbh0JDvvje98rDKvLQvKvO9tT73G14M3jbQ2O9dNdE5NHWddqCkXCW6eqS2u
uHq71bpdxWdz5vijbIM4TjUWwh+jJ2IIQQxF3q6hw14JbQ==
-----END CERTIFICATE-----