Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/IPg6gK3cvCBZgriElu-X9QULHhI.roa
File:                     IPg6gK3cvCBZgriElu-X9QULHhI.roa (raw, json)
Hash identifier:          KfBBSFaoabvdCiHx1hEd3tUcsuSp0LUQmRosJtF9Y6s=
Subject key identifier:   20:F8:3A:80:AD:DC:BC:20:59:82:B8:84:96:EF:97:F5:05:0B:1E:12
Certificate issuer:       /CN=951664521d503959212f55b2a59aec6d207b0a28
Certificate serial:       019427B3E8A9BA04D1B4A84B20BF1C0E88F8
Authority key identifier: 95:16:64:52:1D:50:39:59:21:2F:55:B2:A5:9A:EC:6D:20:7B:0A:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lRZkUh1QOVkhL1WypZrsbSB7Cig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/IPg6gK3cvCBZgriElu-X9QULHhI.roa
Signing time:             Thu 02 Jan 2025 15:48:09 +0000
ROA not before:           Thu 02 Jan 2025 15:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6883
IP address blocks:        161.110.0.0/16 maxlen: 16
                          2a0a:f500::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/lRZkUh1QOVkhL1WypZrsbSB7Cig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/lRZkUh1QOVkhL1WypZrsbSB7Cig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lRZkUh1QOVkhL1WypZrsbSB7Cig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:e8:a9:ba:04:d1:b4:a8:4b:20:bf:1c:0e:88:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=951664521d503959212f55b2a59aec6d207b0a28
        Validity
            Not Before: Jan  2 15:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20f83a80addcbc205982b88496ef97f5050b1e12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:76:67:27:7e:9b:61:4f:f0:c7:3e:b0:b8:79:
                    ab:b9:3c:23:de:6a:4e:9d:6f:5b:66:a1:64:f5:f7:
                    8d:df:d2:0a:86:b4:7f:a2:04:9d:a6:c4:50:be:d4:
                    f7:bb:02:0d:37:6d:68:02:a5:a1:e7:14:df:53:4f:
                    6d:74:b8:bb:32:00:5a:87:29:fc:af:63:9a:17:f5:
                    47:84:e2:bb:9d:f5:7e:ca:66:1d:b7:01:38:cc:23:
                    ea:44:f3:c6:ff:7e:9d:08:02:45:9c:c1:4e:52:fa:
                    13:22:85:ba:d0:dd:2f:e9:cb:86:a5:ae:12:dc:03:
                    9e:ff:7a:4f:8e:4f:ac:5a:6a:f1:d9:ae:22:29:5b:
                    1d:0a:17:2b:76:30:eb:4f:f8:5f:d7:27:1a:85:06:
                    a9:1e:a4:a9:e1:a0:9b:ca:20:ec:7f:10:74:05:28:
                    99:1c:1d:a3:59:17:ef:f0:40:33:2e:16:78:72:c9:
                    e5:6f:b2:6b:15:ae:ad:20:c4:2f:a8:ba:ca:6b:25:
                    0e:0b:b2:c3:7e:24:5c:86:13:4e:80:ad:3a:5b:53:
                    13:24:23:08:b4:d3:8e:a1:f9:fb:5d:80:be:b4:80:
                    9c:a4:a1:f3:3c:fe:d4:e2:06:c5:59:ce:f1:cb:c1:
                    76:a7:0d:99:83:66:3d:76:18:58:e7:ff:2e:d8:5c:
                    94:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F8:3A:80:AD:DC:BC:20:59:82:B8:84:96:EF:97:F5:05:0B:1E:12
            X509v3 Authority Key Identifier:
                keyid:95:16:64:52:1D:50:39:59:21:2F:55:B2:A5:9A:EC:6D:20:7B:0A:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lRZkUh1QOVkhL1WypZrsbSB7Cig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/IPg6gK3cvCBZgriElu-X9QULHhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/lRZkUh1QOVkhL1WypZrsbSB7Cig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.110.0.0/16
                IPv6:
                  2a0a:f500::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:78:e5:25:f6:38:5a:f4:d0:5c:34:1b:e3:97:fb:bd:04:8f:
         21:19:84:28:c9:36:cc:b5:c1:3d:2a:ad:b0:f2:92:c2:ed:57:
         ea:59:2d:08:24:8b:ca:78:f6:df:14:47:c9:f6:89:76:83:07:
         37:82:4d:96:2d:55:a2:70:5b:21:98:bc:08:34:43:24:c1:0a:
         7f:f9:fc:ed:e4:b3:f2:33:0a:17:a2:68:a3:51:11:58:74:57:
         2f:02:1a:86:4a:db:eb:c8:ad:25:5c:b2:a9:1d:78:d6:b4:e5:
         6a:4c:e8:a5:15:43:d2:84:70:ac:56:31:34:e5:9c:c7:39:e9:
         05:31:ab:7c:3c:ef:b1:64:37:20:a8:25:12:a5:69:06:bf:08:
         18:57:13:4c:bc:2b:89:7e:08:c9:28:82:a3:ec:43:59:b6:ff:
         af:5a:55:79:56:5b:09:11:f0:cb:47:70:d3:f4:31:5b:5c:cd:
         59:ce:0e:59:62:2f:f8:c5:48:bd:41:e4:68:4d:f1:84:90:cb:
         b0:dd:de:b0:12:b6:f4:28:97:af:d3:ea:62:96:1e:bc:e4:24:
         41:df:89:be:67:d4:e0:55:ff:68:aa:af:14:56:eb:e0:16:d3:
         39:ba:41:03:e4:5c:7c:3f:e7:23:ce:a7:b7:d7:93:cb:9d:bb:
         21:0f:6a:ef
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQns+ipugTRtKhLIL8cDoj4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MTY2NDUyMWQ1MDM5NTkyMTJmNTViMmE1OWFlYzZkMjA3
YjBhMjgwHhcNMjUwMTAyMTU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGY4M2E4MGFkZGNiYzIwNTk4MmI4ODQ5NmVmOTdmNTA1MGIxZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXZnJ36bYU/wxz6wuHmruTwj3mpO
nW9bZqFk9feN39IKhrR/ogSdpsRQvtT3uwINN21oAqWh5xTfU09tdLi7MgBahyn8
r2OaF/VHhOK7nfV+ymYdtwE4zCPqRPPG/36dCAJFnMFOUvoTIoW60N0v6cuGpa4S
3AOe/3pPjk+sWmrx2a4iKVsdChcrdjDrT/hf1ycahQapHqSp4aCbyiDsfxB0BSiZ
HB2jWRfv8EAzLhZ4csnlb7JrFa6tIMQvqLrKayUOC7LDfiRchhNOgK06W1MTJCMI
tNOOofn7XYC+tICcpKHzPP7U4gbFWc7xy8F2pw2Zg2Y9dhhY5/8u2FyUHQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCD4OoCt3LwgWYK4hJbvl/UFCx4SMB8GA1UdIwQY
MBaAFJUWZFIdUDlZIS9VsqWa7G0gewooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFJaa1VoMVFPVmtoTDFXeXBacnNiU0I3Q2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8yYzM2MTktMmM1OS00NmQyLWFhYWUt
ZWY3NDUzYWQwOTlmLzEvSVBnNmdLM2N2Q0JaZ3JpRWx1LVg5UVVMSGhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8yYzM2MTktMmM1OS00NmQyLWFhYWUtZWY3NDUzYWQwOTlm
LzEvbFJaa1VoMVFPVmtoTDFXeXBacnNiU0I3Q2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAoW4wDQQC
AAIwBwMFACoK9QAwDQYJKoZIhvcNAQELBQADggEBAK945SX2OFr00Fw0G+OX+70E
jyEZhCjJNsy1wT0qrbDyksLtV+pZLQgki8p49t8UR8n2iXaDBzeCTZYtVaJwWyGY
vAg0QyTBCn/5/O3ks/IzCheiaKNREVh0Vy8CGoZK2+vIrSVcsqkdeNa05WpM6KUV
Q9KEcKxWMTTlnMc56QUxq3w877FkNyCoJRKlaQa/CBhXE0y8K4l+CMkogqPsQ1m2
/69aVXlWWwkR8MtHcNP0MVtczVnODlliL/jFSL1B5GhN8YSQy7Dd3rAStvQol6/T
6mKWHrzkJEHfib5n1OBV/2iqrxRW6+AW0zm6QQPkXHw/5yPOp7fXk8uduyEPau8=
-----END CERTIFICATE-----