Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/gAeMHhtFSbcycnERLLnOEpIkAko.roa
File:                     gAeMHhtFSbcycnERLLnOEpIkAko.roa (raw, json)
Hash identifier:          e6fugfkqh4EKp2KogcF4JNMD2SRVe0PwewPhIKGPhCE=
Subject key identifier:   80:07:8C:1E:1B:45:49:B7:32:72:71:11:2C:B9:CE:12:92:24:02:4A
Certificate issuer:       /CN=c6fc38b2a100395fa9b9919ad792e7acb2db2e07
Certificate serial:       0194274811C0324DFEB7BE516A7224690DFB
Authority key identifier: C6:FC:38:B2:A1:00:39:5F:A9:B9:91:9A:D7:92:E7:AC:B2:DB:2E:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xvw4sqEAOV-puZGa15LnrLLbLgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/gAeMHhtFSbcycnERLLnOEpIkAko.roa
Signing time:             Thu 02 Jan 2025 13:50:21 +0000
ROA not before:           Thu 02 Jan 2025 13:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215936
IP address blocks:        2001:67c:d54::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/xvw4sqEAOV-puZGa15LnrLLbLgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/xvw4sqEAOV-puZGa15LnrLLbLgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xvw4sqEAOV-puZGa15LnrLLbLgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:11:c0:32:4d:fe:b7:be:51:6a:72:24:69:0d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6fc38b2a100395fa9b9919ad792e7acb2db2e07
        Validity
            Not Before: Jan  2 13:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80078c1e1b4549b7327271112cb9ce129224024a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a6:34:6e:4c:d0:ec:be:13:0d:e0:f7:9a:4d:
                    51:41:ac:0c:b5:da:05:ef:4a:40:f6:91:8f:ee:24:
                    56:ed:78:75:de:4c:5d:8f:b3:1f:75:b1:92:51:4b:
                    b7:2d:2b:7b:e0:90:10:54:10:0e:9b:50:72:a1:d1:
                    39:1b:ce:07:09:8d:ed:64:12:06:1d:e3:8e:86:b2:
                    0e:fd:4e:8c:1b:72:58:63:d1:47:12:2f:fb:99:32:
                    2a:88:c8:55:43:13:f4:db:c5:13:a9:2a:e7:c4:b9:
                    3e:ff:a7:cc:6a:2c:22:1a:07:db:db:87:d1:d7:d0:
                    03:d1:fc:f5:e0:d5:9f:8b:db:7a:a2:7a:7b:77:9d:
                    06:8c:4f:d0:6d:fb:d3:ae:b5:67:de:59:d6:60:79:
                    7d:81:b4:58:a6:49:6b:f5:82:ce:f1:b7:b0:dc:da:
                    d3:7c:9e:68:2d:66:89:fd:9e:c5:81:c0:4b:9f:3d:
                    fb:28:8b:c9:65:10:e3:ff:77:80:00:02:f8:30:c5:
                    22:dd:ee:66:73:f5:60:d9:97:e5:63:fd:0c:ea:71:
                    b0:6e:82:23:91:3c:f4:d7:9c:bc:22:4d:13:2d:9a:
                    cb:86:71:f4:b5:bd:93:a5:20:06:7b:ee:4c:a1:71:
                    a4:f0:7b:84:a7:04:e4:be:7d:3d:34:bc:e2:17:7d:
                    50:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:07:8C:1E:1B:45:49:B7:32:72:71:11:2C:B9:CE:12:92:24:02:4A
            X509v3 Authority Key Identifier:
                keyid:C6:FC:38:B2:A1:00:39:5F:A9:B9:91:9A:D7:92:E7:AC:B2:DB:2E:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xvw4sqEAOV-puZGa15LnrLLbLgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/gAeMHhtFSbcycnERLLnOEpIkAko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/99800d-151f-4e30-9fd8-a89a7028d429/1/xvw4sqEAOV-puZGa15LnrLLbLgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d54::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:37:e2:9f:9e:11:c4:b5:68:92:20:56:9f:d4:4f:f2:69:a4:
         63:21:05:f8:78:a9:30:f8:d4:98:25:3c:9a:25:09:db:c1:9d:
         c8:81:f8:63:35:f3:fd:52:98:4e:59:59:be:60:90:5f:db:e2:
         4b:e0:a0:56:09:7a:4a:9a:4e:69:7b:6f:48:b5:91:cb:4f:2f:
         b7:07:21:a4:ab:8b:76:92:7a:e5:64:b3:46:a1:a2:b0:a3:54:
         1b:c6:17:67:fd:03:df:b5:bc:a8:3d:3d:b3:1d:3b:49:f0:44:
         50:e4:13:ea:96:ec:0f:42:75:a8:f6:77:08:dc:03:e5:11:98:
         fc:2d:d6:1d:74:82:cf:43:84:48:c2:cd:38:67:7e:11:f2:3c:
         b4:10:e5:19:20:7e:42:ae:8b:cb:df:68:22:fa:85:0c:06:6f:
         61:58:45:53:99:0b:99:4d:3c:6a:79:0b:13:3d:4d:44:9d:62:
         80:a7:8b:02:e5:b2:ef:17:28:01:aa:55:d1:96:cd:ac:f0:c0:
         27:21:bd:dd:0d:e0:2e:dd:3e:a4:d2:b8:4a:ac:54:45:65:31:
         e3:0e:dc:cf:d0:53:c9:d1:4c:32:4f:ec:f1:56:d8:8a:b6:8e:
         2a:5d:78:6a:3c:d6:f6:36:dd:a6:fd:08:20:46:f5:d3:61:96:
         b4:4d:03:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnSBHAMk3+t75RanIkaQ37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZmMzOGIyYTEwMDM5NWZhOWI5OTE5YWQ3OTJlN2FjYjJk
YjJlMDcwHhcNMjUwMTAyMTM1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDA3OGMxZTFiNDU0OWI3MzI3MjcxMTEyY2I5Y2UxMjkyMjQwMjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaY0bkzQ7L4TDeD3mk1RQawMtdoF
70pA9pGP7iRW7Xh13kxdj7MfdbGSUUu3LSt74JAQVBAOm1ByodE5G84HCY3tZBIG
HeOOhrIO/U6MG3JYY9FHEi/7mTIqiMhVQxP028UTqSrnxLk+/6fMaiwiGgfb24fR
19AD0fz14NWfi9t6onp7d50GjE/QbfvTrrVn3lnWYHl9gbRYpklr9YLO8bew3NrT
fJ5oLWaJ/Z7FgcBLnz37KIvJZRDj/3eAAAL4MMUi3e5mc/Vg2ZflY/0M6nGwboIj
kTz015y8Ik0TLZrLhnH0tb2TpSAGe+5MoXGk8HuEpwTkvn09NLziF31QWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIAHjB4bRUm3MnJxESy5zhKSJAJKMB8GA1UdIwQY
MBaAFMb8OLKhADlfqbmRmteS56yy2y4HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHZ3NHNxRUFPVi1wdVpHYTE1TG5yTExiTGdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OTgwMGQtMTUxZi00ZTMwLTlmZDgt
YTg5YTcwMjhkNDI5LzEvZ0FlTUhodEZTYmN5Y25FUkxMbk9FcElrQWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OTgwMGQtMTUxZi00ZTMwLTlmZDgtYTg5YTcwMjhkNDI5
LzEveHZ3NHNxRUFPVi1wdVpHYTE1TG5yTExiTGdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA1U
MA0GCSqGSIb3DQEBCwUAA4IBAQBrN+KfnhHEtWiSIFaf1E/yaaRjIQX4eKkw+NSY
JTyaJQnbwZ3IgfhjNfP9UphOWVm+YJBf2+JL4KBWCXpKmk5pe29ItZHLTy+3ByGk
q4t2knrlZLNGoaKwo1Qbxhdn/QPftbyoPT2zHTtJ8ERQ5BPqluwPQnWo9ncI3APl
EZj8LdYddILPQ4RIws04Z34R8jy0EOUZIH5CrovL32gi+oUMBm9hWEVTmQuZTTxq
eQsTPU1EnWKAp4sC5bLvFygBqlXRls2s8MAnIb3dDeAu3T6k0rhKrFRFZTHjDtzP
0FPJ0UwyT+zxVtiKto4qXXhqPNb2Nt2m/QggRvXTYZa0TQP/
-----END CERTIFICATE-----