Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/k6PVLlZxAI3X_AkJNP_B54WXdz0.roa
File:                     k6PVLlZxAI3X_AkJNP_B54WXdz0.roa (raw, json)
Hash identifier:          NcuIcur7U+66dD6xSrLkgdloxOkqGgs1VvRkZcvsiE0=
Subject key identifier:   93:A3:D5:2E:56:71:00:8D:D7:FC:09:09:34:FF:C1:E7:85:97:77:3D
Certificate issuer:       /CN=7e3150f8c67063121027328954968d08d4cf329a
Certificate serial:       01978903E625B914A7D33A42360D6A310548
Authority key identifier: 7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/k6PVLlZxAI3X_AkJNP_B54WXdz0.roa
Signing time:             Thu 19 Jun 2025 16:27:03 +0000
ROA not before:           Thu 19 Jun 2025 16:27:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207345
IP address blocks:        2a06:2c80:3000::/36 maxlen: 48
                          2a06:2c80:5000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:89:03:e6:25:b9:14:a7:d3:3a:42:36:0d:6a:31:05:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e3150f8c67063121027328954968d08d4cf329a
        Validity
            Not Before: Jun 19 16:27:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93a3d52e5671008dd7fc090934ffc1e78597773d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ce:70:a2:da:ea:b1:eb:f9:90:9d:d6:14:9d:
                    54:c2:aa:e3:35:44:ff:0d:f3:8b:48:92:c2:44:d1:
                    f5:be:7c:02:14:a4:7f:f5:87:6a:53:05:f1:f5:ab:
                    5b:be:44:b3:c6:ff:1a:25:76:46:44:38:db:2d:2c:
                    e6:fc:80:4e:10:82:96:d8:24:ae:79:53:ea:ce:79:
                    c7:4c:10:e5:c1:b9:fe:41:92:72:2f:35:2c:f9:a3:
                    57:3d:61:9c:8b:20:09:5d:77:65:83:16:e3:36:3a:
                    33:a5:51:17:09:e1:04:6e:51:05:d4:58:b1:4a:2d:
                    6f:51:09:2a:d3:4c:d5:47:ba:2f:9c:9c:ba:21:9d:
                    8b:bb:8b:14:0b:66:49:d0:65:ad:f2:98:33:ab:2d:
                    5e:9c:f5:cd:fc:60:e9:8c:80:1e:7c:74:3a:21:b3:
                    b5:59:c4:30:19:37:e8:c9:fc:6a:98:4e:e5:3a:dc:
                    cf:17:3f:16:d2:a5:8e:e0:26:2e:ec:93:bf:e4:90:
                    69:0c:65:45:d2:3f:09:ca:74:20:8e:3e:64:22:fa:
                    70:2a:ef:cf:cb:c9:38:64:45:98:62:51:ff:d6:a3:
                    31:b5:72:09:17:51:62:20:bd:de:04:e3:8b:cb:74:
                    67:cd:26:0b:fd:b2:c1:a9:5e:4a:e5:5a:d0:01:79:
                    7b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A3:D5:2E:56:71:00:8D:D7:FC:09:09:34:FF:C1:E7:85:97:77:3D
            X509v3 Authority Key Identifier:
                keyid:7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/k6PVLlZxAI3X_AkJNP_B54WXdz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:2c80:3000::/36
                  2a06:2c80:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         68:a7:34:97:f6:40:99:bc:7b:a9:16:66:58:71:cb:fb:c1:3b:
         db:56:16:e9:89:49:77:a8:b0:a8:91:db:f5:99:e4:73:51:cf:
         6f:36:73:c4:77:9a:1e:50:25:6c:a9:eb:8e:39:39:70:28:77:
         dc:75:80:6b:aa:62:32:e7:b6:51:a4:d5:ae:e8:88:9e:66:b7:
         82:af:fb:09:e5:9a:ab:42:dc:21:81:d3:61:b3:ae:f8:ac:9b:
         f9:d6:8b:31:74:e4:2c:27:09:2f:b8:15:b3:ac:1f:16:bd:dd:
         9f:32:b1:ba:54:8f:88:24:e5:98:a8:8c:09:c6:32:ac:83:a6:
         16:46:2e:d6:6f:47:d1:58:9e:75:fe:1c:19:38:59:1f:17:6e:
         30:ee:9b:a4:69:1d:44:f8:1b:c3:bd:1e:40:f1:15:3a:d7:76:
         7a:ca:1b:fd:c2:00:11:a7:34:9c:a9:27:e0:4c:a7:85:28:0c:
         ae:a0:b8:17:97:97:03:a5:7f:ce:e3:97:5a:dd:92:a4:9b:7c:
         51:20:23:df:bd:4a:89:05:d1:49:97:f7:5c:17:26:df:0e:ae:
         19:68:3b:48:c6:85:d2:a8:82:71:dd:81:ed:9a:05:08:75:04:
         e9:21:62:7e:a8:6e:ba:88:a2:89:63:09:b8:93:e4:b0:2a:62:
         48:bb:62:eb
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZeJA+YluRSn0zpCNg1qMQVIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMzE1MGY4YzY3MDYzMTIxMDI3MzI4OTU0OTY4ZDA4ZDRj
ZjMyOWEwHhcNMjUwNjE5MTYyNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2EzZDUyZTU2NzEwMDhkZDdmYzA5MDkzNGZmYzFlNzg1OTc3NzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc5wotrqsev5kJ3WFJ1UwqrjNUT/
DfOLSJLCRNH1vnwCFKR/9YdqUwXx9atbvkSzxv8aJXZGRDjbLSzm/IBOEIKW2CSu
eVPqznnHTBDlwbn+QZJyLzUs+aNXPWGciyAJXXdlgxbjNjozpVEXCeEEblEF1Fix
Si1vUQkq00zVR7ovnJy6IZ2Lu4sUC2ZJ0GWt8pgzqy1enPXN/GDpjIAefHQ6IbO1
WcQwGTfoyfxqmE7lOtzPFz8W0qWO4CYu7JO/5JBpDGVF0j8JynQgjj5kIvpwKu/P
y8k4ZEWYYlH/1qMxtXIJF1FiIL3eBOOLy3RnzSYL/bLBqV5K5VrQAXl7HQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFJOj1S5WcQCN1/wJCTT/weeFl3c9MB8GA1UdIwQY
MBaAFH4xUPjGcGMSECcyiVSWjQjUzzKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAt
OTM1ZTQxOGJkYmU3LzEvazZQVkxsWnhBSTNYX0FrSk5QX0I1NFdYZHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAtOTM1ZTQxOGJkYmU3
LzEvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKgYsgDAD
BgQqBiyAUDANBgkqhkiG9w0BAQsFAAOCAQEAaKc0l/ZAmbx7qRZmWHHL+8E721YW
6YlJd6iwqJHb9Znkc1HPbzZzxHeaHlAlbKnrjjk5cCh33HWAa6piMue2UaTVruiI
nma3gq/7CeWaq0LcIYHTYbOu+Kyb+daLMXTkLCcJL7gVs6wfFr3dnzKxulSPiCTl
mKiMCcYyrIOmFkYu1m9H0Viedf4cGThZHxduMO6bpGkdRPgbw70eQPEVOtd2esob
/cIAEac0nKkn4EynhSgMrqC4F5eXA6V/zuOXWt2SpJt8USAj371KiQXRSZf3XBcm
3w6uGWg7SMaF0qiCcd2B7ZoFCHUE6SFifqhuuoiiiWMJuJPksCpiSLti6w==
-----END CERTIFICATE-----