Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/6C2BEepiCaQMVtCkyhz30xXe8YE.roa
File:                     6C2BEepiCaQMVtCkyhz30xXe8YE.roa (raw, json)
Hash identifier:          LcW+0th7kvny6qypqSlzBgTR2tOOaIncb1qlmtnhBg4=
Subject key identifier:   E8:2D:81:11:EA:62:09:A4:0C:56:D0:A4:CA:1C:F7:D3:15:DE:F1:81
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       019699D6736E628B3A20DB38A7D5427492EF
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/6C2BEepiCaQMVtCkyhz30xXe8YE.roa
Signing time:             Sun 04 May 2025 05:48:10 +0000
ROA not before:           Sun 04 May 2025 05:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48944
IP address blocks:        195.238.231.0/24 maxlen: 24
                          2a05:63c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 17:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:99:d6:73:6e:62:8b:3a:20:db:38:a7:d5:42:74:92:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: May  4 05:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e82d8111ea6209a40c56d0a4ca1cf7d315def181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a6:bb:27:33:15:cf:fb:b6:dc:92:53:f6:0f:
                    b2:ea:36:ba:f2:7a:96:fd:4c:55:e7:9c:cb:b8:01:
                    96:cd:99:bc:b7:28:39:ce:69:1c:40:40:37:36:94:
                    22:79:57:3d:0c:6d:1c:a9:4d:d8:25:d0:f5:39:c1:
                    a7:db:de:42:1c:c7:d3:c2:53:6e:0d:8c:c4:b6:fe:
                    4b:20:b3:d4:7e:05:68:6d:b7:07:3d:29:fc:7b:b5:
                    ec:6c:64:89:c2:f0:27:de:83:fa:9b:9d:9d:85:ac:
                    bf:0e:50:19:74:ef:6d:c0:fe:f6:c4:a1:00:4f:e1:
                    8b:8f:74:f5:09:49:2e:fc:c2:15:cd:1a:a5:7c:18:
                    ad:32:82:9e:25:0a:64:f1:d5:70:bc:62:f1:e8:40:
                    21:14:00:32:7b:33:ff:05:3a:63:ff:f2:d1:ff:c8:
                    2f:cc:7e:cb:f1:49:fd:9a:41:be:c7:16:7e:7e:f5:
                    5f:59:57:a8:50:3e:b3:64:1c:a4:6e:b5:ef:41:5c:
                    b0:36:b9:c3:73:a8:38:24:98:a5:99:0b:a8:61:50:
                    2b:ca:e9:b9:53:89:aa:49:87:62:db:ac:25:ab:02:
                    6f:35:92:60:6d:e2:8d:8c:f5:e0:bf:81:b6:9e:d6:
                    3d:c5:2a:fd:cb:16:25:d0:28:c6:a8:38:f3:73:45:
                    5b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:2D:81:11:EA:62:09:A4:0C:56:D0:A4:CA:1C:F7:D3:15:DE:F1:81
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/6C2BEepiCaQMVtCkyhz30xXe8YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.231.0/24
                IPv6:
                  2a05:63c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:ca:d6:3e:97:91:b4:78:de:4c:59:72:77:d1:64:a3:3e:98:
         6a:c2:d0:de:44:06:14:81:ce:4c:84:75:89:da:40:fd:9d:70:
         6b:1a:1e:f9:72:e5:56:44:2f:fb:c3:ce:49:f9:8d:28:a3:e1:
         d1:ce:1c:65:bd:d4:01:b7:df:77:0a:c3:d2:d2:6f:ed:f7:09:
         c0:df:ed:a6:7e:c2:c3:c0:63:61:74:15:30:ba:d4:55:6c:f5:
         9d:8c:01:74:b9:1e:ec:55:b5:7a:b7:ed:ef:b1:35:ad:a8:0b:
         04:fc:9a:18:15:f1:93:af:88:a0:c5:4e:70:72:db:ac:1d:cd:
         f9:94:00:d5:a0:03:b5:56:54:f2:50:ef:9d:cb:67:b8:e9:3f:
         4f:7e:40:de:2e:0f:5d:5e:bd:5b:d2:c5:aa:75:40:30:da:69:
         19:8d:f8:ea:c6:19:9c:94:96:f4:bc:15:8b:37:59:29:8e:db:
         9c:aa:76:1d:4a:3c:c6:58:0a:ed:f8:c8:04:7a:f6:85:3a:51:
         16:11:fb:66:68:3f:d5:49:00:b7:ac:71:e3:60:1e:a8:4e:7f:
         ce:2c:5d:5d:80:2c:8c:6f:5e:0c:4a:2c:f3:87:6f:a4:c2:97:
         4e:73:12:35:d7:4e:df:68:4b:4b:88:3e:f3:dc:ee:a1:ce:21:
         1c:33:a6:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZaZ1nNuYos6INs4p9VCdJLvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjUwNTA0MDU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODJkODExMWVhNjIwOWE0MGM1NmQwYTRjYTFjZjdkMzE1ZGVmMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKa7JzMVz/u23JJT9g+y6ja68nqW
/UxV55zLuAGWzZm8tyg5zmkcQEA3NpQieVc9DG0cqU3YJdD1OcGn295CHMfTwlNu
DYzEtv5LILPUfgVobbcHPSn8e7XsbGSJwvAn3oP6m52dhay/DlAZdO9twP72xKEA
T+GLj3T1CUku/MIVzRqlfBitMoKeJQpk8dVwvGLx6EAhFAAyezP/BTpj//LR/8gv
zH7L8Un9mkG+xxZ+fvVfWVeoUD6zZBykbrXvQVywNrnDc6g4JJilmQuoYVAryum5
U4mqSYdi26wlqwJvNZJgbeKNjPXgv4G2ntY9xSr9yxYl0CjGqDjzc0VbQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOgtgRHqYgmkDFbQpMoc99MV3vGBMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvNkMyQkVlcGlDYVFNVnRDa3loejMweFhlOFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw+7nMA0E
AgACMAcDBQMqBWPAMA0GCSqGSIb3DQEBCwUAA4IBAQB3ytY+l5G0eN5MWXJ30WSj
PphqwtDeRAYUgc5MhHWJ2kD9nXBrGh75cuVWRC/7w85J+Y0oo+HRzhxlvdQBt993
CsPS0m/t9wnA3+2mfsLDwGNhdBUwutRVbPWdjAF0uR7sVbV6t+3vsTWtqAsE/JoY
FfGTr4igxU5wctusHc35lADVoAO1VlTyUO+dy2e46T9PfkDeLg9dXr1b0sWqdUAw
2mkZjfjqxhmclJb0vBWLN1kpjtucqnYdSjzGWArt+MgEevaFOlEWEftmaD/VSQC3
rHHjYB6oTn/OLF1dgCyMb14MSizzh2+kwpdOcxI1107faEtLiD7z3O6hziEcM6bX
-----END CERTIFICATE-----