Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/PdfMVqqA6EgvDT-AxNLbPYTbtT8.roa
File:                     PdfMVqqA6EgvDT-AxNLbPYTbtT8.roa (raw, json)
Hash identifier:          y5r8QNVxbNd01/Z9ERwYArlz5xJMRUXYXoImIivDkPo=
Subject key identifier:   3D:D7:CC:56:AA:80:E8:48:2F:0D:3F:80:C4:D2:DB:3D:84:DB:B5:3F
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A42703C9AB175D80D610269151648
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/PdfMVqqA6EgvDT-AxNLbPYTbtT8.roa
Signing time:             Wed 01 Jan 2025 19:49:13 +0000
ROA not before:           Wed 01 Jan 2025 19:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49094
IP address blocks:        2a0c:da04::/38 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:42:70:3c:9a:b1:75:d8:0d:61:02:69:15:16:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dd7cc56aa80e8482f0d3f80c4d2db3d84dbb53f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:46:a3:ff:f5:f7:74:02:20:78:55:63:b5:66:
                    37:a1:46:d1:8c:b6:80:54:eb:fc:8d:77:03:4e:67:
                    3f:59:03:f2:38:28:69:33:6f:0c:52:b6:f3:48:6f:
                    72:3c:1a:58:6f:7e:f2:61:42:9a:a5:9e:9a:12:15:
                    14:08:33:32:35:4d:f3:d4:29:c1:d1:0c:1d:11:85:
                    0e:c6:bd:32:b8:78:78:a5:05:55:0d:73:18:b9:2d:
                    66:66:68:43:25:cc:ba:aa:91:b7:96:c4:82:ef:90:
                    a8:4d:23:68:eb:30:b4:61:0b:6a:9d:ae:bd:5a:0b:
                    4e:e3:2d:62:29:8f:33:ba:e5:34:0a:fd:b7:d5:c4:
                    8b:69:1f:21:11:9f:7b:f4:6e:dd:e1:51:11:ee:69:
                    fa:21:29:8f:2c:a7:7d:f6:ca:16:fa:cb:d5:cc:2f:
                    c4:72:fd:3c:02:0f:c1:58:51:c4:a2:37:f3:81:c5:
                    27:20:b7:c3:b7:e2:83:3a:30:d9:f9:86:a1:ea:f2:
                    fa:d0:14:eb:3f:0b:ca:81:48:46:5b:fb:42:6a:8a:
                    f3:a4:fc:a5:d5:1a:59:59:b8:2e:75:a9:0f:4b:c1:
                    11:36:ea:a2:42:a2:f6:7c:f7:67:00:2a:6d:37:5d:
                    7c:0d:f4:27:3f:8d:12:bb:b2:44:9a:23:41:2d:33:
                    af:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D7:CC:56:AA:80:E8:48:2F:0D:3F:80:C4:D2:DB:3D:84:DB:B5:3F
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/PdfMVqqA6EgvDT-AxNLbPYTbtT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:da04::/38

    Signature Algorithm: sha256WithRSAEncryption
         5a:df:8b:62:f6:de:49:03:f1:64:61:d1:95:72:37:b1:df:ae:
         f1:6b:72:fd:5e:98:40:5f:6b:b8:28:f4:e5:89:a1:42:f8:bd:
         7e:32:51:b4:bc:02:64:20:74:d7:e5:01:da:e0:5c:02:44:5c:
         68:b3:b1:65:a0:23:68:60:7b:75:2b:61:2f:a7:c0:a6:ed:ce:
         47:da:79:47:28:e5:a1:d7:f5:cd:40:7a:26:09:e6:80:af:80:
         09:ff:7a:c2:03:bd:82:04:b4:29:95:16:c5:98:59:30:3e:cc:
         e2:77:7c:2a:3a:55:c7:92:70:61:24:3c:6c:12:7c:2c:c4:93:
         dc:04:d4:2d:72:ca:3a:3f:05:f7:38:31:22:57:b2:59:03:d1:
         86:07:1b:54:c4:84:78:bb:aa:8e:51:45:13:55:92:9b:a2:06:
         28:4f:3f:20:ad:ce:32:6b:56:6a:02:fc:ee:00:8e:2e:e8:4d:
         de:a8:11:e6:d6:1a:61:c5:11:9b:30:8c:3d:08:40:6a:54:65:
         63:47:c7:f9:ba:64:b3:c7:bc:17:e2:1e:4a:b2:e1:1c:5d:9f:
         e7:47:94:ad:0c:4b:c1:e1:ff:5a:06:11:e9:b1:38:0a:52:1b:
         c3:6b:56:18:14:02:95:59:59:6b:25:3c:eb:ff:b9:ef:22:0c:
         ca:cb:d7:4f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjakJwPJqxddgNYQJpFRZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQ3Y2M1NmFhODBlODQ4MmYwZDNmODBjNGQyZGIzZDg0ZGJiNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0aj//X3dAIgeFVjtWY3oUbRjLaA
VOv8jXcDTmc/WQPyOChpM28MUrbzSG9yPBpYb37yYUKapZ6aEhUUCDMyNU3z1CnB
0QwdEYUOxr0yuHh4pQVVDXMYuS1mZmhDJcy6qpG3lsSC75CoTSNo6zC0YQtqna69
WgtO4y1iKY8zuuU0Cv231cSLaR8hEZ979G7d4VER7mn6ISmPLKd99soW+svVzC/E
cv08Ag/BWFHEojfzgcUnILfDt+KDOjDZ+Yah6vL60BTrPwvKgUhGW/tCaorzpPyl
1RpZWbgudakPS8ERNuqiQqL2fPdnACptN118DfQnP40Su7JEmiNBLTOvUwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFD3XzFaqgOhILw0/gMTS2z2E27U/MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvUGRmTVZxcUE2RWd2RFQtQXhOTGJQWVRidFQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgzaBAAw
DQYJKoZIhvcNAQELBQADggEBAFrfi2L23kkD8WRh0ZVyN7HfrvFrcv1emEBfa7go
9OWJoUL4vX4yUbS8AmQgdNflAdrgXAJEXGizsWWgI2hge3UrYS+nwKbtzkfaeUco
5aHX9c1AeiYJ5oCvgAn/esIDvYIEtCmVFsWYWTA+zOJ3fCo6VceScGEkPGwSfCzE
k9wE1C1yyjo/Bfc4MSJXslkD0YYHG1TEhHi7qo5RRRNVkpuiBihPPyCtzjJrVmoC
/O4Aji7oTd6oEebWGmHFEZswjD0IQGpUZWNHx/m6ZLPHvBfiHkqy4Rxdn+dHlK0M
S8Hh/1oGEemxOApSG8NrVhgUApVZWWslPOv/ue8iDMrL108=
-----END CERTIFICATE-----