Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Y-Hi5v4w9rmIrRykzYfMnnMw0Rk.roa
File:                     Y-Hi5v4w9rmIrRykzYfMnnMw0Rk.roa (raw, json)
Hash identifier:          UAOni9fizzaasLtiSWgBxbS1fhAciTYBxVO8KzIk04s=
Subject key identifier:   63:E1:E2:E6:FE:30:F6:B9:88:AD:1C:A4:CD:87:CC:9E:73:30:D1:19
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019420D62D8C4B5AEE508AF0E1630DB286A7
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Y-Hi5v4w9rmIrRykzYfMnnMw0Rk.roa
Signing time:             Wed 01 Jan 2025 07:48:14 +0000
ROA not before:           Wed 01 Jan 2025 07:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206275
IP address blocks:        2a0d:f407:1034::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:2d:8c:4b:5a:ee:50:8a:f0:e1:63:0d:b2:86:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 07:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63e1e2e6fe30f6b988ad1ca4cd87cc9e7330d119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:85:2e:d6:87:b2:e0:5b:42:0d:c2:cd:7c:c7:
                    df:d5:57:13:6b:92:d4:91:84:25:36:a4:43:51:e2:
                    6e:ca:c1:cd:a2:23:72:aa:06:00:e3:d2:ba:d5:aa:
                    24:64:20:33:9d:38:d6:cc:27:3b:a0:3d:e3:a7:0a:
                    a8:12:23:18:02:cd:f7:75:ce:09:34:f4:8a:49:c5:
                    7f:f1:c2:4f:67:c3:a4:83:a3:b3:2d:2a:ce:55:dc:
                    56:c0:1d:ac:32:81:db:70:66:e4:71:d5:62:7c:f1:
                    70:a2:7a:9a:3f:5b:32:e8:34:24:b3:c0:d5:5b:19:
                    e0:ee:30:48:09:8f:30:1f:d3:4c:f5:a5:e5:1f:97:
                    ae:e2:21:e7:72:07:cf:a0:2b:4a:57:0b:fa:f8:25:
                    59:4d:5b:36:a6:63:92:27:7b:dc:77:e7:c7:46:c8:
                    77:b8:5d:74:aa:96:c3:7b:84:8a:28:61:27:69:a6:
                    17:4f:e5:20:27:c0:29:2d:04:1c:fd:18:98:7e:dd:
                    ca:41:6d:05:7c:2d:b8:b6:48:54:be:f1:8a:29:b2:
                    01:b4:e7:b2:ec:11:87:b3:f5:51:65:b7:81:74:38:
                    b9:aa:2f:d9:08:db:ec:8e:f4:2c:19:26:02:fa:67:
                    aa:a7:bc:c0:48:1c:88:2b:9c:1d:b7:9c:04:dc:42:
                    4c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:E1:E2:E6:FE:30:F6:B9:88:AD:1C:A4:CD:87:CC:9E:73:30:D1:19
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Y-Hi5v4w9rmIrRykzYfMnnMw0Rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f407:1034::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:33:d1:68:19:ef:fa:c0:55:49:80:60:70:66:2d:66:ea:ea:
         c8:98:ce:44:b8:ca:5e:87:1b:ce:02:c1:5c:d0:90:30:7b:ee:
         9a:a0:3c:b0:6f:78:c5:bb:dc:80:05:bd:ba:9a:e8:8c:34:8a:
         0f:4a:8a:75:e9:18:41:21:59:34:b6:e9:5c:37:b6:84:ad:0b:
         48:80:15:ed:b1:3e:ec:07:bb:68:43:ee:ae:45:d3:4e:63:03:
         e3:00:6b:5f:1e:b6:b1:6f:d3:06:0b:06:a3:e1:16:5c:3f:e5:
         c4:77:fa:04:ca:f5:f2:b2:d5:d8:2f:ae:42:0b:1f:6e:b9:16:
         dc:fe:08:a3:14:bf:5e:89:0a:9d:db:ed:c0:93:16:50:f2:74:
         7a:00:34:15:3d:8f:1b:bd:f5:9c:02:53:8d:8a:7c:6d:06:2d:
         94:f1:6f:d8:40:ee:93:84:48:26:7c:bb:e0:ac:59:85:3f:7b:
         2a:17:ca:a0:7d:b6:6a:f0:ca:38:84:2e:66:f7:91:df:c6:40:
         79:d4:4d:df:81:d9:e5:45:e9:f2:4a:70:c1:7a:b2:81:98:d1:
         05:4c:a5:46:6a:95:e0:78:a3:7e:9f:8d:7b:bc:b9:b2:b4:e7:
         c8:24:70:2e:e2:c0:c3:e1:91:36:aa:a1:1b:63:6d:39:63:e0:
         87:45:78:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1i2MS1ruUIrw4WMNsoanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwMTAxMDc0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2UxZTJlNmZlMzBmNmI5ODhhZDFjYTRjZDg3Y2M5ZTczMzBkMTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4Uu1oey4FtCDcLNfMff1VcTa5LU
kYQlNqRDUeJuysHNoiNyqgYA49K61aokZCAznTjWzCc7oD3jpwqoEiMYAs33dc4J
NPSKScV/8cJPZ8Okg6OzLSrOVdxWwB2sMoHbcGbkcdVifPFwonqaP1sy6DQks8DV
Wxng7jBICY8wH9NM9aXlH5eu4iHncgfPoCtKVwv6+CVZTVs2pmOSJ3vcd+fHRsh3
uF10qpbDe4SKKGEnaaYXT+UgJ8ApLQQc/RiYft3KQW0FfC24tkhUvvGKKbIBtOey
7BGHs/VRZbeBdDi5qi/ZCNvsjvQsGSYC+meqp7zASByIK5wdt5wE3EJM9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGPh4ub+MPa5iK0cpM2HzJ5zMNEZMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvWS1IaTV2NHc5cm1JclJ5a3pZZk1ubk13MFJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg30BxA0
MA0GCSqGSIb3DQEBCwUAA4IBAQA5M9FoGe/6wFVJgGBwZi1m6urImM5EuMpehxvO
AsFc0JAwe+6aoDywb3jFu9yABb26muiMNIoPSop16RhBIVk0tulcN7aErQtIgBXt
sT7sB7toQ+6uRdNOYwPjAGtfHraxb9MGCwaj4RZcP+XEd/oEyvXystXYL65CCx9u
uRbc/gijFL9eiQqd2+3AkxZQ8nR6ADQVPY8bvfWcAlONinxtBi2U8W/YQO6ThEgm
fLvgrFmFP3sqF8qgfbZq8Mo4hC5m95HfxkB51E3fgdnlRenySnDBerKBmNEFTKVG
apXgeKN+n417vLmytOfIJHAu4sDD4ZE2qqEbY205Y+CHRXhI
-----END CERTIFICATE-----