Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/PHtBkybuDbyXOFl45Xw0hqq8DAk.roa
File:                     PHtBkybuDbyXOFl45Xw0hqq8DAk.roa (raw, json)
Hash identifier:          NKtVEXp1RdigcVVM8Ciz5aZIP1pR6FDWkIrHRrfhch0=
Subject key identifier:   3C:7B:41:93:26:EE:0D:BC:97:38:59:78:E5:7C:34:86:AA:BC:0C:09
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A4F0B0F237F8199EC0C1DC2317448
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/PHtBkybuDbyXOFl45Xw0hqq8DAk.roa
Signing time:             Wed 01 Jan 2025 19:49:16 +0000
ROA not before:           Wed 01 Jan 2025 19:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206499
IP address blocks:        2a0c:da04:c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4f:0b:0f:23:7f:81:99:ec:0c:1d:c2:31:74:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c7b419326ee0dbc97385978e57c3486aabc0c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d3:8c:a4:78:d5:12:e7:7d:a6:4f:cf:d4:86:
                    e7:a8:4f:aa:bb:fe:cd:c8:53:2e:dd:f3:fd:d9:a7:
                    e2:13:2a:9f:19:52:73:f2:30:e8:41:2b:98:ac:4d:
                    54:58:0b:4b:82:74:27:36:ff:c7:ca:d6:27:11:d9:
                    77:45:14:9d:d3:09:04:5e:db:2e:ea:60:aa:d8:e0:
                    bc:da:de:69:ac:ce:63:57:a3:a7:fa:93:19:cc:2b:
                    d2:a8:2d:3b:6a:ca:65:cc:c0:47:de:00:20:57:d0:
                    cb:58:3e:13:ae:49:c7:e0:2b:45:9d:df:8a:72:29:
                    b4:72:d2:6c:8e:1f:12:d2:7a:7b:36:12:9b:c6:07:
                    7a:c7:c7:65:95:d8:a4:28:7a:07:ac:e7:0c:3d:5e:
                    13:37:f5:af:9b:6b:08:87:aa:f8:71:0b:62:93:d7:
                    88:46:5a:cd:50:44:06:1e:7a:fc:41:7e:ec:2f:de:
                    08:72:5a:e2:a1:5b:2b:63:00:bb:9c:e7:ee:fa:ca:
                    80:22:73:13:53:b5:59:b9:5f:76:1a:5f:66:2c:a4:
                    e8:a7:0e:96:6b:5e:5c:3a:9f:5f:9b:85:0c:e0:4c:
                    92:0c:d9:e1:b1:89:db:63:da:14:e1:b4:0a:5e:9b:
                    45:e2:15:2c:a4:52:52:27:10:e3:9a:72:21:45:12:
                    cb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:7B:41:93:26:EE:0D:BC:97:38:59:78:E5:7C:34:86:AA:BC:0C:09
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/PHtBkybuDbyXOFl45Xw0hqq8DAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:da04:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:03:6c:e1:d8:30:34:45:31:38:ab:15:a4:6c:a0:ee:30:e6:
         04:cc:58:55:90:2c:4f:35:82:78:2a:69:d5:71:83:39:b5:62:
         0e:bc:7b:25:e3:10:5f:12:b4:d5:99:98:32:b4:fc:21:9b:18:
         05:d0:2f:4d:7b:45:db:c2:db:31:71:5d:61:29:7d:25:75:93:
         1f:c7:1c:31:11:24:91:2c:90:73:a6:d7:9a:68:76:41:2a:19:
         98:9e:18:cb:e3:13:b8:26:0c:92:cd:10:e0:d5:0d:de:72:34:
         6b:4b:6c:39:96:f5:f9:ec:4e:2f:0b:dc:47:aa:3d:c8:4d:f5:
         c5:f1:dd:6b:71:1a:0c:04:e6:35:33:54:05:93:92:7e:9f:4c:
         39:ef:cd:11:db:e0:81:ec:36:a4:df:e4:c1:28:81:46:d1:4e:
         5d:08:55:1b:31:09:b3:a1:ab:73:1a:31:d9:1c:25:31:a1:2e:
         94:c4:31:ef:68:e1:6b:36:59:21:75:84:24:ee:d9:ec:01:ae:
         c2:2f:18:ff:5d:91:59:91:5e:bc:81:96:ee:75:f5:0e:22:8e:
         a2:a1:e2:6d:31:7c:2e:b3:9f:dd:e6:1c:b7:73:10:fd:24:e5:
         10:66:11:07:84:0b:c3:f8:63:87:82:76:34:e6:a4:cd:d6:74:
         00:89:90:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjak8LDyN/gZnsDB3CMXRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzdiNDE5MzI2ZWUwZGJjOTczODU5NzhlNTdjMzQ4NmFhYmMwYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytOMpHjVEud9pk/P1IbnqE+qu/7N
yFMu3fP92afiEyqfGVJz8jDoQSuYrE1UWAtLgnQnNv/HytYnEdl3RRSd0wkEXtsu
6mCq2OC82t5prM5jV6On+pMZzCvSqC07asplzMBH3gAgV9DLWD4TrknH4CtFnd+K
cim0ctJsjh8S0np7NhKbxgd6x8dlldikKHoHrOcMPV4TN/Wvm2sIh6r4cQtik9eI
RlrNUEQGHnr8QX7sL94IclrioVsrYwC7nOfu+sqAInMTU7VZuV92Gl9mLKTopw6W
a15cOp9fm4UM4EySDNnhsYnbY9oU4bQKXptF4hUspFJSJxDjmnIhRRLLOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDx7QZMm7g28lzhZeOV8NIaqvAwJMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvUEh0Qmt5YnVEYnlYT0ZsNDVYdzBocXE4REFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgzaBAAM
MA0GCSqGSIb3DQEBCwUAA4IBAQC/A2zh2DA0RTE4qxWkbKDuMOYEzFhVkCxPNYJ4
KmnVcYM5tWIOvHsl4xBfErTVmZgytPwhmxgF0C9Ne0XbwtsxcV1hKX0ldZMfxxwx
ESSRLJBzpteaaHZBKhmYnhjL4xO4JgySzRDg1Q3ecjRrS2w5lvX57E4vC9xHqj3I
TfXF8d1rcRoMBOY1M1QFk5J+n0w5780R2+CB7Dak3+TBKIFG0U5dCFUbMQmzoatz
GjHZHCUxoS6UxDHvaOFrNlkhdYQk7tnsAa7CLxj/XZFZkV68gZbudfUOIo6ioeJt
MXwus5/d5hy3cxD9JOUQZhEHhAvD+GOHgnY05qTN1nQAiZC/
-----END CERTIFICATE-----