Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/d3EPcUHwT-eSSFHDekbKgpmD0zI.roa
File:                     d3EPcUHwT-eSSFHDekbKgpmD0zI.roa (raw, json)
Hash identifier:          3ir0iA/sdHESvEm5pfGD8XuZyzc0Szw0kMT36A+NUSA=
Subject key identifier:   77:71:0F:71:41:F0:4F:E7:92:48:51:C3:7A:46:CA:82:99:83:D3:32
Certificate issuer:       /CN=6ccf360df9a1f61e23327da0d2c09112e0a9bd69
Certificate serial:       01976973AC5A7E5D433CBE4733506FFD1A7C
Authority key identifier: 6C:CF:36:0D:F9:A1:F6:1E:23:32:7D:A0:D2:C0:91:12:E0:A9:BD:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM82Dfmh9h4jMn2g0sCREuCpvWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/d3EPcUHwT-eSSFHDekbKgpmD0zI.roa
Signing time:             Fri 13 Jun 2025 13:21:17 +0000
ROA not before:           Fri 13 Jun 2025 13:21:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54573
IP address blocks:        160.20.248.0/24 maxlen: 24
                          160.20.249.0/24 maxlen: 24
                          160.238.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/bM82Dfmh9h4jMn2g0sCREuCpvWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/bM82Dfmh9h4jMn2g0sCREuCpvWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM82Dfmh9h4jMn2g0sCREuCpvWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:69:73:ac:5a:7e:5d:43:3c:be:47:33:50:6f:fd:1a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccf360df9a1f61e23327da0d2c09112e0a9bd69
        Validity
            Not Before: Jun 13 13:21:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77710f7141f04fe7924851c37a46ca829983d332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7f:ee:9f:48:c2:ad:5e:dd:4d:ff:4a:95:2d:
                    3c:bd:13:f4:2d:83:6e:20:e2:1e:de:21:fc:35:1a:
                    d3:c9:67:67:80:66:c0:3f:25:29:05:09:66:a5:55:
                    14:0e:b1:a7:13:42:cb:f8:26:eb:38:91:2e:bf:c0:
                    ac:09:ff:09:95:5e:1c:95:60:75:23:fa:08:dc:4c:
                    31:e4:55:9a:b2:ec:84:ef:17:8e:fb:0e:8c:e2:8e:
                    4a:b1:c8:9b:1c:54:3c:8d:c8:68:28:e0:c1:b3:6f:
                    ff:57:23:14:2d:0f:be:11:f2:82:97:8f:f0:62:e0:
                    02:ee:81:71:d1:12:04:84:c8:e5:4e:b8:41:e2:7a:
                    40:10:09:f0:c7:26:52:7e:70:57:51:3c:26:6f:83:
                    b0:04:00:52:d6:1b:7b:ab:8f:72:9c:d0:e0:8e:ec:
                    31:78:2a:7e:ce:58:e5:55:c4:9c:43:73:d7:5a:89:
                    da:f1:2a:88:8d:b5:7b:f3:d1:45:3b:73:8b:c8:3f:
                    52:ea:67:5c:8c:81:c9:88:bc:97:ae:0a:0f:b2:27:
                    e8:fa:9b:9c:56:b5:ff:47:54:db:aa:0f:16:b4:99:
                    50:09:57:1c:49:71:f5:6e:e1:88:b3:cb:cd:2f:96:
                    d5:8a:4a:27:65:a7:01:62:35:b1:33:7d:30:1b:fa:
                    2a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:71:0F:71:41:F0:4F:E7:92:48:51:C3:7A:46:CA:82:99:83:D3:32
            X509v3 Authority Key Identifier:
                keyid:6C:CF:36:0D:F9:A1:F6:1E:23:32:7D:A0:D2:C0:91:12:E0:A9:BD:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM82Dfmh9h4jMn2g0sCREuCpvWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/d3EPcUHwT-eSSFHDekbKgpmD0zI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/bM82Dfmh9h4jMn2g0sCREuCpvWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.248.0/23
                  160.238.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:4d:12:4a:ec:e0:85:1b:f8:b5:b2:00:e6:fe:b9:d5:af:bb:
         32:3e:2c:c7:bd:45:b0:66:d3:9e:d7:b9:ae:c7:5e:5d:d3:54:
         a8:64:67:f5:03:90:27:88:4a:6d:56:a1:b1:c8:39:8e:d5:b6:
         63:a2:bf:14:f9:59:9f:95:ae:15:93:df:15:6b:e9:13:a4:12:
         ce:c2:17:43:9d:60:84:16:93:be:37:46:b7:bb:d5:48:4e:34:
         33:ea:ff:8a:d4:ba:eb:0b:af:9d:57:01:a5:66:c4:cd:20:a8:
         3e:4e:3c:e0:98:be:13:33:1c:81:ac:c6:af:e3:56:ca:f8:c2:
         6d:34:c4:04:c4:22:81:1a:da:59:b3:2e:d1:55:6f:04:5f:f8:
         66:d6:71:5f:a7:35:b2:81:c5:52:3a:fa:3d:b0:ce:ab:be:93:
         f9:af:3a:e6:51:f1:41:d4:8c:12:22:e0:59:a0:ad:ee:e9:7f:
         09:83:14:4e:f0:74:c3:6d:e2:d3:f4:20:83:6b:43:98:01:c0:
         c0:68:1b:1b:8f:50:a9:24:aa:41:3d:40:a1:3a:f8:c9:72:98:
         99:4c:e1:9c:43:63:e1:0c:cf:1d:b0:eb:97:1a:66:70:08:cb:
         4f:34:41:07:ad:de:b7:05:51:a2:ee:6c:e3:5e:4f:32:e4:b9:
         f5:dc:6b:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdpc6xafl1DPL5HM1Bv/Rp8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjY2YzNjBkZjlhMWY2MWUyMzMyN2RhMGQyYzA5MTEyZTBh
OWJkNjkwHhcNMjUwNjEzMTMyMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzcxMGY3MTQxZjA0ZmU3OTI0ODUxYzM3YTQ2Y2E4Mjk5ODNkMzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33/un0jCrV7dTf9KlS08vRP0LYNu
IOIe3iH8NRrTyWdngGbAPyUpBQlmpVUUDrGnE0LL+CbrOJEuv8CsCf8JlV4clWB1
I/oI3Ewx5FWasuyE7xeO+w6M4o5KscibHFQ8jchoKODBs2//VyMULQ++EfKCl4/w
YuAC7oFx0RIEhMjlTrhB4npAEAnwxyZSfnBXUTwmb4OwBABS1ht7q49ynNDgjuwx
eCp+zljlVcScQ3PXWona8SqIjbV789FFO3OLyD9S6mdcjIHJiLyXrgoPsifo+puc
VrX/R1Tbqg8WtJlQCVccSXH1buGIs8vNL5bVikonZacBYjWxM30wG/oqIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHdxD3FB8E/nkkhRw3pGyoKZg9MyMB8GA1UdIwQY
MBaAFGzPNg35ofYeIzJ9oNLAkRLgqb1pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk04MkRmbWg5aDRqTW4yZzBzQ1JFdUNwdldrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8wNmFjNGYtOTgzMy00ZThkLWIzNTIt
NzcxNDBkMDk3ODNjLzEvZDNFUGNVSHdULWVTU0ZIRGVrYktncG1EMHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8wNmFjNGYtOTgzMy00ZThkLWIzNTItNzcxNDBkMDk3ODNj
LzEvYk04MkRmbWg5aDRqTW4yZzBzQ1JFdUNwdldrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBoBT4AwQA
oO49MA0GCSqGSIb3DQEBCwUAA4IBAQCATRJK7OCFG/i1sgDm/rnVr7syPizHvUWw
ZtOe17mux15d01SoZGf1A5AniEptVqGxyDmO1bZjor8U+Vmfla4Vk98Va+kTpBLO
whdDnWCEFpO+N0a3u9VITjQz6v+K1LrrC6+dVwGlZsTNIKg+TjzgmL4TMxyBrMav
41bK+MJtNMQExCKBGtpZsy7RVW8EX/hm1nFfpzWygcVSOvo9sM6rvpP5rzrmUfFB
1IwSIuBZoK3u6X8JgxRO8HTDbeLT9CCDa0OYAcDAaBsbj1CpJKpBPUChOvjJcpiZ
TOGcQ2PhDM8dsOuXGmZwCMtPNEEHrd63BVGi7mzjXk8y5Ln13Gua
-----END CERTIFICATE-----