Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/hrRzVBROURephwaz7IZClsaHDKQ.roa
File:                     hrRzVBROURephwaz7IZClsaHDKQ.roa (raw, json)
Hash identifier:          Fof+bR6X5zJSmDYDTc8T97sYO9am/Pj5PX1jkaREIks=
Subject key identifier:   86:B4:73:54:14:4E:51:17:A9:87:06:B3:EC:86:42:96:C6:87:0C:A4
Certificate issuer:       /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial:       019425FDAFFE94B9561AA5E85E5341B3F835
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/hrRzVBROURephwaz7IZClsaHDKQ.roa
Signing time:             Thu 02 Jan 2025 07:49:30 +0000
ROA not before:           Thu 02 Jan 2025 07:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42474
IP address blocks:        2a06:dd01::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:af:fe:94:b9:56:1a:a5:e8:5e:53:41:b3:f8:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
        Validity
            Not Before: Jan  2 07:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86b47354144e5117a98706b3ec864296c6870ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:62:9f:bf:d5:35:c3:5a:ba:86:06:c1:20:ed:
                    77:81:3f:d9:86:4f:f3:64:de:a1:82:03:45:4f:c8:
                    24:13:b4:40:f1:8b:75:25:61:c0:57:84:71:ac:35:
                    fc:38:9b:7f:74:f9:32:42:0a:dd:a5:3d:11:61:69:
                    19:c5:6b:65:4e:f7:79:00:44:ae:e5:d6:7d:ce:0e:
                    12:9d:63:48:82:82:d9:0d:4e:58:f8:0e:91:39:1f:
                    08:6f:c4:b5:58:22:ce:2d:1e:fe:04:3e:47:75:69:
                    03:c3:07:53:7b:9f:e2:e7:ef:c7:10:35:84:f1:fb:
                    05:27:34:bd:3c:c2:94:78:fe:66:87:ad:f8:21:af:
                    0f:7c:e1:49:11:c1:9c:c7:b8:ff:29:5f:4a:4c:a0:
                    70:03:50:78:54:28:27:51:f0:c4:ed:4c:cc:c9:bd:
                    57:c1:b1:ce:db:24:10:a8:57:b9:bf:ff:3d:6c:de:
                    0e:62:92:8e:d9:7d:77:34:dd:cf:86:38:f9:a5:af:
                    ae:79:5c:90:39:43:36:b3:eb:07:d3:7c:27:00:eb:
                    6b:88:44:c2:3f:09:17:28:71:5d:81:05:33:39:85:
                    25:b6:d3:90:df:82:38:d8:88:0a:c8:5d:19:c6:2c:
                    1b:d7:39:37:a2:93:b5:28:9e:3a:4c:6e:10:c6:44:
                    22:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B4:73:54:14:4E:51:17:A9:87:06:B3:EC:86:42:96:C6:87:0C:A4
            X509v3 Authority Key Identifier:
                keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/hrRzVBROURephwaz7IZClsaHDKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:dd01::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:db:c0:d7:c2:85:27:c7:97:09:8c:05:78:3f:37:10:27:97:
         01:d0:d7:33:b7:a7:30:a7:4f:54:40:88:57:ff:b7:e1:4f:d4:
         1d:22:16:be:9b:86:7b:e3:3a:69:6a:bc:2e:d7:23:b0:36:e3:
         dc:b8:ae:cf:e9:d9:cc:62:85:34:52:b2:d9:83:10:52:c3:71:
         f3:69:08:13:b1:f3:36:cd:33:0e:76:17:8f:95:3b:6c:26:3b:
         75:ac:4f:c5:25:84:3f:8d:47:c4:3a:16:20:79:b0:93:5b:e2:
         a2:74:b5:72:88:f2:cc:6b:19:ce:6f:db:b3:e2:15:69:6c:be:
         de:3b:cb:c3:1d:36:86:f5:6d:23:52:67:2c:f9:1b:3c:4e:7e:
         35:82:8a:a8:a3:c3:b0:15:00:58:ec:3c:b0:5b:da:5f:d5:b1:
         b5:e9:0e:f8:b6:5f:05:00:a6:e0:e1:ef:53:69:b6:8c:f7:ed:
         54:21:1e:2b:c1:3a:4b:e3:2e:1b:90:14:b2:18:d2:35:a8:99:
         89:3f:c0:5b:8b:2f:54:ed:e9:1f:81:cb:7f:b2:6f:62:ec:4b:
         c5:50:32:11:a2:48:fd:f1:cf:b3:db:e4:94:bf:21:94:1c:a1:
         6e:5a:1f:04:0a:db:73:87:e4:de:2d:40:dd:ea:8e:01:13:44:
         7d:fa:92:4b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/a/+lLlWGqXoXlNBs/g1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDVi
MzJjZjIwHhcNMjUwMTAyMDc0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmI0NzM1NDE0NGU1MTE3YTk4NzA2YjNlYzg2NDI5NmM2ODcwY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2Kfv9U1w1q6hgbBIO13gT/Zhk/z
ZN6hggNFT8gkE7RA8Yt1JWHAV4RxrDX8OJt/dPkyQgrdpT0RYWkZxWtlTvd5AESu
5dZ9zg4SnWNIgoLZDU5Y+A6ROR8Ib8S1WCLOLR7+BD5HdWkDwwdTe5/i5+/HEDWE
8fsFJzS9PMKUeP5mh634Ia8PfOFJEcGcx7j/KV9KTKBwA1B4VCgnUfDE7UzMyb1X
wbHO2yQQqFe5v/89bN4OYpKO2X13NN3Phjj5pa+ueVyQOUM2s+sH03wnAOtriETC
PwkXKHFdgQUzOYUlttOQ34I42IgKyF0Zxiwb1zk3opO1KJ46TG4QxkQi7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIa0c1QUTlEXqYcGs+yGQpbGhwykMB8GA1UdIwQY
MBaAFNViDOxwl00DfXdpdYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTkt
YmU0MzRjYjlmOGY4LzEvaHJSelZCUk9VUmVwaHdhejdJWkNsc2FIREtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4
LzEvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbdATAN
BgkqhkiG9w0BAQsFAAOCAQEAgtvA18KFJ8eXCYwFeD83ECeXAdDXM7enMKdPVECI
V/+34U/UHSIWvpuGe+M6aWq8LtcjsDbj3Liuz+nZzGKFNFKy2YMQUsNx82kIE7Hz
Ns0zDnYXj5U7bCY7daxPxSWEP41HxDoWIHmwk1vionS1cojyzGsZzm/bs+IVaWy+
3jvLwx02hvVtI1JnLPkbPE5+NYKKqKPDsBUAWOw8sFvaX9WxtekO+LZfBQCm4OHv
U2m2jPftVCEeK8E6S+MuG5AUshjSNaiZiT/AW4svVO3pH4HLf7JvYuxLxVAyEaJI
/fHPs9vklL8hlByhblofBArbc4fk3i1A3eqOARNEffqSSw==
-----END CERTIFICATE-----