Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/p8yh7cpRxTyZ1PP7mS2mLTKixUQ.roa
File:                     p8yh7cpRxTyZ1PP7mS2mLTKixUQ.roa (raw, json)
Hash identifier:          OxdG54zVI8TmiMuPSkefFSPZVVftVNj4uTPLezk6AtU=
Subject key identifier:   A7:CC:A1:ED:CA:51:C5:3C:99:D4:F3:FB:99:2D:A6:2D:32:A2:C5:44
Certificate issuer:       /CN=6d42cff18334b2ff76b15ad944a8a9135e90568c
Certificate serial:       019685E3A49D75848156D985AB333B3A2FD9
Authority key identifier: 6D:42:CF:F1:83:34:B2:FF:76:B1:5A:D9:44:A8:A9:13:5E:90:56:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bULP8YM0sv92sVrZRKipE16QVow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/p8yh7cpRxTyZ1PP7mS2mLTKixUQ.roa
Signing time:             Wed 30 Apr 2025 08:50:10 +0000
ROA not before:           Wed 30 Apr 2025 08:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47239
IP address blocks:        2a06:e044:13::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/bULP8YM0sv92sVrZRKipE16QVow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/bULP8YM0sv92sVrZRKipE16QVow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bULP8YM0sv92sVrZRKipE16QVow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 05:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:85:e3:a4:9d:75:84:81:56:d9:85:ab:33:3b:3a:2f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d42cff18334b2ff76b15ad944a8a9135e90568c
        Validity
            Not Before: Apr 30 08:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7cca1edca51c53c99d4f3fb992da62d32a2c544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e6:75:bd:b1:44:7b:b8:1f:f7:da:97:44:73:
                    2b:91:fc:5f:b4:89:2c:0b:dd:42:47:1f:a4:0e:e4:
                    55:27:ec:e7:3f:66:65:45:da:3a:eb:bb:a8:9d:8b:
                    4c:cb:a4:41:63:97:38:83:68:46:27:43:2b:0f:c7:
                    50:bf:07:34:1e:5a:8a:3c:74:59:cc:64:27:c3:ec:
                    c6:3d:3c:53:b3:c2:ff:b8:ec:a1:34:33:2a:7c:ca:
                    0f:f1:0e:62:a3:9b:e1:49:70:73:01:8c:94:42:89:
                    f5:64:ff:1e:56:ee:d2:de:2b:e6:4b:7a:44:8b:01:
                    d6:3f:4b:c8:65:43:02:b2:09:22:18:57:04:d8:3b:
                    99:56:6d:ee:28:99:14:56:7c:21:94:7f:4d:28:8f:
                    ff:c8:26:25:46:e8:84:ce:f8:a2:0d:9e:4d:b0:f8:
                    5b:67:0b:23:6e:c5:72:9b:5a:02:a5:7c:39:ce:ec:
                    8f:ea:9a:05:97:a2:da:fc:a6:7a:29:60:9b:b3:de:
                    cc:e2:97:bc:1d:7b:8d:f1:71:98:06:42:d1:f9:7c:
                    ea:97:95:92:32:00:03:41:32:af:5e:b9:7f:c6:5e:
                    17:af:b5:3e:32:06:8a:1c:ed:ca:d4:76:f8:82:c8:
                    c8:51:ce:34:12:2d:d8:67:cf:f7:c4:96:ba:80:1e:
                    68:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:CC:A1:ED:CA:51:C5:3C:99:D4:F3:FB:99:2D:A6:2D:32:A2:C5:44
            X509v3 Authority Key Identifier:
                keyid:6D:42:CF:F1:83:34:B2:FF:76:B1:5A:D9:44:A8:A9:13:5E:90:56:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bULP8YM0sv92sVrZRKipE16QVow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/p8yh7cpRxTyZ1PP7mS2mLTKixUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/60d930-bd46-4517-ab0e-a6ce8355b2e0/1/bULP8YM0sv92sVrZRKipE16QVow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e044:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:bb:5c:31:94:d0:d6:0f:04:52:2d:0e:86:27:70:2d:8c:f9:
         3d:d6:38:ad:ec:3e:b1:f1:b3:a1:04:19:ff:58:9c:c8:e8:ca:
         00:c0:dd:f1:cb:b5:4e:85:95:fa:9e:f1:07:39:d9:33:3a:33:
         f1:90:00:83:a3:c1:96:94:28:c1:46:d4:f9:01:93:50:89:fb:
         a7:b0:f4:8a:f7:ac:0d:28:cb:0e:67:ff:70:1b:b6:1b:b6:fc:
         e5:e9:1b:8e:f5:8e:03:cc:12:af:80:9e:d4:4a:ec:dc:8e:d8:
         74:75:4e:11:36:31:e1:99:cb:cb:27:27:07:b3:c5:82:8e:f9:
         86:fd:af:52:80:7c:82:24:6e:53:af:30:92:63:b8:f0:90:87:
         dc:f9:61:03:d8:1a:6d:78:fa:17:39:a4:89:c1:c1:cd:44:9a:
         68:c9:5a:c7:00:14:e1:3f:cf:5e:68:78:a0:4a:ca:c3:07:b9:
         bd:3f:af:ce:7a:5e:5b:79:bd:b9:c2:e9:31:00:72:dd:2a:3b:
         09:e4:0d:71:0a:5d:71:26:9c:84:e0:f0:24:86:cc:85:27:51:
         64:a2:47:a0:5a:ce:dd:a6:83:0a:b9:37:2d:6d:7a:74:ce:35:
         40:4e:dc:56:f7:a6:c3:1e:0d:14:90:f3:d3:71:72:fb:54:7f:
         31:a7:79:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZaF46SddYSBVtmFqzM7Oi/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNDJjZmYxODMzNGIyZmY3NmIxNWFkOTQ0YThhOTEzNWU5
MDU2OGMwHhcNMjUwNDMwMDg1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2NjYTFlZGNhNTFjNTNjOTlkNGYzZmI5OTJkYTYyZDMyYTJjNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueZ1vbFEe7gf99qXRHMrkfxftIks
C91CRx+kDuRVJ+znP2ZlRdo667uonYtMy6RBY5c4g2hGJ0MrD8dQvwc0HlqKPHRZ
zGQnw+zGPTxTs8L/uOyhNDMqfMoP8Q5io5vhSXBzAYyUQon1ZP8eVu7S3ivmS3pE
iwHWP0vIZUMCsgkiGFcE2DuZVm3uKJkUVnwhlH9NKI//yCYlRuiEzviiDZ5NsPhb
ZwsjbsVym1oCpXw5zuyP6poFl6La/KZ6KWCbs97M4pe8HXuN8XGYBkLR+Xzql5WS
MgADQTKvXrl/xl4Xr7U+MgaKHO3K1Hb4gsjIUc40Ei3YZ8/3xJa6gB5okwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKfMoe3KUcU8mdTz+5ktpi0yosVEMB8GA1UdIwQY
MBaAFG1Cz/GDNLL/drFa2USoqRNekFaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlVMUDhZTTBzdjkyc1ZyWlJLaXBFMTZRVm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC82MGQ5MzAtYmQ0Ni00NTE3LWFiMGUt
YTZjZTgzNTViMmUwLzEvcDh5aDdjcFJ4VHlaMVBQN21TMm1MVEtpeFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC82MGQ5MzAtYmQ0Ni00NTE3LWFiMGUtYTZjZTgzNTViMmUw
LzEvYlVMUDhZTTBzdjkyc1ZyWlJLaXBFMTZRVm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbgRAAT
MA0GCSqGSIb3DQEBCwUAA4IBAQCeu1wxlNDWDwRSLQ6GJ3AtjPk91jit7D6x8bOh
BBn/WJzI6MoAwN3xy7VOhZX6nvEHOdkzOjPxkACDo8GWlCjBRtT5AZNQifunsPSK
96wNKMsOZ/9wG7Ybtvzl6RuO9Y4DzBKvgJ7USuzcjth0dU4RNjHhmcvLJycHs8WC
jvmG/a9SgHyCJG5TrzCSY7jwkIfc+WED2BptePoXOaSJwcHNRJpoyVrHABThP89e
aHigSsrDB7m9P6/Oel5beb25wukxAHLdKjsJ5A1xCl1xJpyE4PAkhsyFJ1Fkokeg
Ws7dpoMKuTctbXp0zjVATtxW96bDHg0UkPPTcXL7VH8xp3lm
-----END CERTIFICATE-----