Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/hMydcbetvC8tmVard7inOTsJrKg.roa
File:                     hMydcbetvC8tmVard7inOTsJrKg.roa (raw, json)
Hash identifier:          l5ZgoP9gkbhu9PWnFl16dpbIegVWhzcazk4u45t7sUU=
Subject key identifier:   84:CC:9D:71:B7:AD:BC:2F:2D:99:56:AB:77:B8:A7:39:3B:09:AC:A8
Certificate issuer:       /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial:       0196452982ED593712850AEB66179945E6CC
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/hMydcbetvC8tmVard7inOTsJrKg.roa
Signing time:             Thu 17 Apr 2025 19:11:10 +0000
ROA not before:           Thu 17 Apr 2025 19:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215236
IP address blocks:        2a06:d1c1:80::/44 maxlen: 48
                          2a06:d1c1:80::/48 maxlen: 48
                          2a06:d1c1:8b::/48 maxlen: 48
                          2a06:d1c1:8d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 15:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:45:29:82:ed:59:37:12:85:0a:eb:66:17:99:45:e6:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
        Validity
            Not Before: Apr 17 19:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84cc9d71b7adbc2f2d9956ab77b8a7393b09aca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:83:c5:e8:2b:7b:0b:51:b0:33:f6:0f:f3:44:
                    05:15:25:33:9c:36:4a:d3:4e:07:98:f4:1f:3b:c8:
                    33:33:4d:de:d6:2a:b9:3d:81:4d:93:3f:e2:61:d0:
                    60:6d:ff:36:14:bd:f8:e2:5e:48:dd:aa:81:c0:c6:
                    ae:51:13:d0:d7:3f:40:11:4e:e7:62:2b:b5:5b:6f:
                    6a:42:46:b7:e0:9f:86:71:d4:4b:74:62:de:65:93:
                    0e:03:22:ea:cf:7f:29:aa:a0:2c:3f:33:fa:f6:0e:
                    f9:fa:e4:d0:d7:04:36:49:aa:24:9f:c2:e6:94:ca:
                    ac:51:f8:e6:29:c0:ad:69:9c:77:60:bd:ef:d4:c8:
                    57:4e:36:5e:7b:7f:a7:11:16:db:63:91:22:75:7e:
                    22:84:fb:36:d7:52:bf:a0:7f:65:77:14:52:90:cd:
                    cf:58:c3:de:5a:34:76:67:04:e8:a7:12:8f:e2:73:
                    b7:cd:e7:7b:d4:f1:bb:c3:f1:da:32:a0:be:17:0f:
                    e2:d7:c9:a1:d9:94:20:c3:99:04:ec:0c:49:0d:e2:
                    c6:48:5f:a4:fe:fa:0e:cf:c5:b5:d2:7f:b9:1f:1e:
                    72:8d:98:fa:f9:1f:47:59:d2:0e:ac:ea:e3:d4:f2:
                    8b:5c:11:17:69:ff:51:73:6b:6d:bc:91:21:63:ca:
                    f5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:CC:9D:71:B7:AD:BC:2F:2D:99:56:AB:77:B8:A7:39:3B:09:AC:A8
            X509v3 Authority Key Identifier:
                keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/hMydcbetvC8tmVard7inOTsJrKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d1c1:80::/44

    Signature Algorithm: sha256WithRSAEncryption
         51:f5:d9:cc:66:c1:cc:0d:b4:37:31:e0:d8:a0:a3:9d:cc:e8:
         6d:3c:8c:c9:8b:07:75:1d:66:75:43:43:f2:50:e2:fb:b4:30:
         dd:6f:dd:75:42:60:90:4f:1b:d2:13:27:9a:b3:fc:68:1b:fe:
         42:3a:63:cf:bf:1e:38:3b:74:2f:33:e6:83:02:f5:4a:18:b3:
         bb:27:c9:04:2f:78:a9:91:b5:f4:b8:71:68:46:c0:82:f8:fa:
         18:cf:61:be:79:6b:3a:ab:68:6c:0e:75:14:17:a3:08:23:75:
         47:d0:99:58:95:30:7c:c2:72:9d:38:c7:14:31:f3:5b:3f:8f:
         22:e2:57:1b:be:e6:46:8b:ba:2e:17:60:87:29:e8:cd:2f:4e:
         4e:74:a6:ea:cc:c9:e0:49:35:97:c9:b5:7d:fc:c3:4b:7a:d9:
         6b:46:66:c2:34:7a:13:e6:86:b7:10:21:c6:92:9d:f0:f4:d8:
         4c:b0:92:8c:d2:4f:08:c5:7f:bf:1d:8b:58:c3:aa:b4:62:34:
         9a:56:de:7a:e4:e4:a7:4a:7a:95:45:9c:fe:e0:d8:f0:fb:d1:
         6d:bf:e1:cc:14:03:47:b3:49:55:64:63:2f:f9:25:3e:68:7d:
         0c:49:98:a3:c8:07:60:ed:06:f0:29:31:ac:7a:73:5c:19:4f:
         60:02:96:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZFKYLtWTcShQrrZheZRebMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjUwNDE3MTkxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGNjOWQ3MWI3YWRiYzJmMmQ5OTU2YWI3N2I4YTczOTNiMDlhY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6IPF6Ct7C1GwM/YP80QFFSUznDZK
004HmPQfO8gzM03e1iq5PYFNkz/iYdBgbf82FL344l5I3aqBwMauURPQ1z9AEU7n
Yiu1W29qQka34J+GcdRLdGLeZZMOAyLqz38pqqAsPzP69g75+uTQ1wQ2Saokn8Lm
lMqsUfjmKcCtaZx3YL3v1MhXTjZee3+nERbbY5EidX4ihPs211K/oH9ldxRSkM3P
WMPeWjR2ZwTopxKP4nO3zed71PG7w/HaMqC+Fw/i18mh2ZQgw5kE7AxJDeLGSF+k
/voOz8W10n+5Hx5yjZj6+R9HWdIOrOrj1PKLXBEXaf9Rc2ttvJEhY8r1bwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFITMnXG3rbwvLZlWq3e4pzk7CayoMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvaE15ZGNiZXR2Qzh0bVZhcmQ3aW5PVHNKcktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbRwQCA
MA0GCSqGSIb3DQEBCwUAA4IBAQBR9dnMZsHMDbQ3MeDYoKOdzOhtPIzJiwd1HWZ1
Q0PyUOL7tDDdb911QmCQTxvSEyeas/xoG/5COmPPvx44O3QvM+aDAvVKGLO7J8kE
L3ipkbX0uHFoRsCC+PoYz2G+eWs6q2hsDnUUF6MII3VH0JlYlTB8wnKdOMcUMfNb
P48i4lcbvuZGi7ouF2CHKejNL05OdKbqzMngSTWXybV9/MNLetlrRmbCNHoT5oa3
ECHGkp3w9NhMsJKM0k8IxX+/HYtYw6q0YjSaVt565OSnSnqVRZz+4Njw+9Ftv+HM
FANHs0lVZGMv+SU+aH0MSZijyAdg7QbwKTGsenNcGU9gApa/
-----END CERTIFICATE-----