Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/6aBtyL1HCBLQz8Fcxx2-wbI-JSY.roa
File:                     6aBtyL1HCBLQz8Fcxx2-wbI-JSY.roa (raw, json)
Hash identifier:          s+Yjky9WV0WGtiJ2UXV97kZc6gRv1napm2o37+mL6NI=
Subject key identifier:   E9:A0:6D:C8:BD:47:08:12:D0:CF:C1:5C:C7:1D:BE:C1:B2:3E:25:26
Certificate issuer:       /CN=4f3bd56e8b54e6da27bbe6622dac67cbf02a81ea
Certificate serial:       0194228DC95A17F18243270B805F7F778096
Authority key identifier: 4F:3B:D5:6E:8B:54:E6:DA:27:BB:E6:62:2D:AC:67:CB:F0:2A:81:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzvVbotU5tonu-ZiLaxny_Aqgeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/6aBtyL1HCBLQz8Fcxx2-wbI-JSY.roa
Signing time:             Wed 01 Jan 2025 15:48:25 +0000
ROA not before:           Wed 01 Jan 2025 15:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        2a0c:8fc3::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/TzvVbotU5tonu-ZiLaxny_Aqgeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/TzvVbotU5tonu-ZiLaxny_Aqgeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TzvVbotU5tonu-ZiLaxny_Aqgeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c9:5a:17:f1:82:43:27:0b:80:5f:7f:77:80:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f3bd56e8b54e6da27bbe6622dac67cbf02a81ea
        Validity
            Not Before: Jan  1 15:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9a06dc8bd470812d0cfc15cc71dbec1b23e2526
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8a:8b:76:d3:87:e3:0b:c6:a3:f2:bf:1c:d6:
                    49:3b:fd:63:5c:7b:e0:a2:37:02:6d:f0:f2:ef:f6:
                    3e:bc:d2:11:69:68:ca:83:5d:29:e8:b2:a3:8c:69:
                    e7:61:88:9a:a5:51:ad:fb:25:fb:61:dd:ad:23:a5:
                    a8:47:90:e4:bf:6b:47:b4:92:d8:cf:f2:f5:12:30:
                    8e:7d:d9:e8:8b:75:0b:3f:3c:63:29:62:6f:1e:18:
                    33:30:52:89:a1:a3:42:cc:1c:75:9b:99:9a:81:e5:
                    23:2d:a6:25:b9:cd:c0:33:b1:9d:46:a0:37:10:a5:
                    49:3f:05:aa:1f:bd:1f:3e:ab:33:ae:e6:f9:c3:78:
                    e4:8b:c5:cb:52:60:c6:4d:97:55:42:ba:25:2b:e2:
                    be:eb:6a:fd:a3:ad:5a:28:e3:68:f9:92:33:31:94:
                    ca:b4:e0:b9:ab:c5:99:ad:34:87:f9:0a:f9:fd:ae:
                    18:66:ba:37:d9:19:87:fd:f4:b8:06:19:2a:d8:54:
                    1b:fe:a3:b3:83:fa:ba:f9:d5:09:e4:aa:2a:93:ed:
                    a8:9e:26:54:5c:0f:0f:76:43:d2:f3:7e:14:8e:6a:
                    4a:0e:68:64:74:09:ae:1a:26:2f:cc:ad:0b:63:cf:
                    a3:d3:d5:d9:5d:7d:f0:b4:fb:31:ea:9b:73:54:ce:
                    9f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A0:6D:C8:BD:47:08:12:D0:CF:C1:5C:C7:1D:BE:C1:B2:3E:25:26
            X509v3 Authority Key Identifier:
                keyid:4F:3B:D5:6E:8B:54:E6:DA:27:BB:E6:62:2D:AC:67:CB:F0:2A:81:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzvVbotU5tonu-ZiLaxny_Aqgeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/6aBtyL1HCBLQz8Fcxx2-wbI-JSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/6fe149-8a72-47fd-8735-7dc5bddf91b5/1/TzvVbotU5tonu-ZiLaxny_Aqgeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:8fc3::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:98:b3:0c:37:9c:bd:6e:67:f6:df:5f:1c:8b:83:84:22:c1:
         ab:03:dd:d2:5d:20:61:6f:6f:45:14:7d:c9:fd:8c:f8:8c:72:
         89:69:af:71:41:85:05:94:6c:e5:58:e0:64:d2:0a:84:54:ea:
         d3:c4:94:75:4e:69:8e:ef:5d:8b:9a:7b:62:61:49:ec:81:7e:
         78:c4:1b:ae:14:33:de:66:3e:ca:45:44:fc:5c:05:21:66:48:
         72:ca:7a:21:02:09:55:30:da:97:49:7d:5d:c8:3b:21:35:a8:
         e1:df:99:d7:b8:20:4a:5d:1f:f4:8a:a9:1a:fd:b6:3c:22:b8:
         bd:43:0c:83:b5:65:87:9a:b9:6c:3d:db:86:32:c1:77:f7:1b:
         cd:81:da:9b:a9:4d:b3:2e:b8:d5:af:05:a3:bf:31:d6:71:31:
         0e:c9:9b:00:09:45:54:83:10:50:24:cb:92:59:c1:95:b0:70:
         e6:b1:3a:df:8d:18:65:0f:0e:8a:11:dd:6a:a7:92:6d:bd:1c:
         47:55:df:fa:81:d2:b7:64:10:2a:b6:81:35:92:ea:50:89:cf:
         fb:2f:6e:3e:b7:7c:5a:95:86:6c:6a:5a:ab:2c:ce:e5:41:91:
         c0:ad:b4:0d:38:90:4c:7b:c7:1a:7c:8c:bc:02:4b:42:cc:cc:
         fe:70:c3:64
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijclaF/GCQycLgF9/d4CWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmM2JkNTZlOGI1NGU2ZGEyN2JiZTY2MjJkYWM2N2NiZjAy
YTgxZWEwHhcNMjUwMTAxMTU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWEwNmRjOGJkNDcwODEyZDBjZmMxNWNjNzFkYmVjMWIyM2UyNTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YqLdtOH4wvGo/K/HNZJO/1jXHvg
ojcCbfDy7/Y+vNIRaWjKg10p6LKjjGnnYYiapVGt+yX7Yd2tI6WoR5Dkv2tHtJLY
z/L1EjCOfdnoi3ULPzxjKWJvHhgzMFKJoaNCzBx1m5mageUjLaYluc3AM7GdRqA3
EKVJPwWqH70fPqszrub5w3jki8XLUmDGTZdVQrolK+K+62r9o61aKONo+ZIzMZTK
tOC5q8WZrTSH+Qr5/a4YZro32RmH/fS4Bhkq2FQb/qOzg/q6+dUJ5Koqk+2oniZU
XA8PdkPS834UjmpKDmhkdAmuGiYvzK0LY8+j09XZXX3wtPsx6ptzVM6fvwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOmgbci9RwgS0M/BXMcdvsGyPiUmMB8GA1UdIwQY
MBaAFE871W6LVObaJ7vmYi2sZ8vwKoHqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHp2VmJvdFU1dG9udS1aaUxheG55X0FxZ2VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS82ZmUxNDktOGE3Mi00N2ZkLTg3MzUt
N2RjNWJkZGY5MWI1LzEvNmFCdHlMMUhDQkxRejhGY3h4Mi13YkktSlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS82ZmUxNDktOGE3Mi00N2ZkLTg3MzUtN2RjNWJkZGY5MWI1
LzEvVHp2VmJvdFU1dG9udS1aaUxheG55X0FxZ2VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgyPwzAN
BgkqhkiG9w0BAQsFAAOCAQEAaZizDDecvW5n9t9fHIuDhCLBqwPd0l0gYW9vRRR9
yf2M+IxyiWmvcUGFBZRs5VjgZNIKhFTq08SUdU5pju9di5p7YmFJ7IF+eMQbrhQz
3mY+ykVE/FwFIWZIcsp6IQIJVTDal0l9Xcg7ITWo4d+Z17ggSl0f9IqpGv22PCK4
vUMMg7Vlh5q5bD3bhjLBd/cbzYHam6lNsy641a8Fo78x1nExDsmbAAlFVIMQUCTL
klnBlbBw5rE6340YZQ8OihHdaqeSbb0cR1Xf+oHSt2QQKraBNZLqUInP+y9uPrd8
WpWGbGpaqyzO5UGRwK20DTiQTHvHGnyMvAJLQszM/nDDZA==
-----END CERTIFICATE-----