Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/zIwzcZNr7m6b2pv5Zs9UDtTw7I4.roa
File:                     zIwzcZNr7m6b2pv5Zs9UDtTw7I4.roa (raw, json)
Hash identifier:          Zh83tT/zmMp8uwLUnGIJ7cbrJXbFjisKdC+aZp9oBXk=
Subject key identifier:   CC:8C:33:71:93:6B:EE:6E:9B:DA:9B:F9:66:CF:54:0E:D4:F0:EC:8E
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       0196644B2D2152D58B7FA8197672FAD777D0
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/zIwzcZNr7m6b2pv5Zs9UDtTw7I4.roa
Signing time:             Wed 23 Apr 2025 20:16:10 +0000
ROA not before:           Wed 23 Apr 2025 20:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a09:6903::/32 maxlen: 32
                          2a12:1247::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 08:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:64:4b:2d:21:52:d5:8b:7f:a8:19:76:72:fa:d7:77:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Apr 23 20:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc8c3371936bee6e9bda9bf966cf540ed4f0ec8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:da:da:f7:43:37:69:4e:90:fa:6c:a2:fa:3f:
                    a9:5c:82:2b:15:47:dc:cc:ce:ff:8f:c1:2f:eb:4c:
                    03:dd:1b:7f:6a:6d:78:c9:75:c3:55:93:4b:7f:77:
                    d6:01:09:81:8a:39:99:be:1b:6d:e3:07:11:68:26:
                    5d:b4:32:4f:5a:58:0a:06:2c:11:56:fc:46:85:b7:
                    81:81:72:db:e7:9f:59:3a:e5:d3:c0:83:86:c8:17:
                    1b:9c:45:56:c1:26:40:25:78:bc:6e:06:7c:0a:93:
                    01:c9:d9:c0:80:24:65:1e:55:26:4f:cb:d6:8c:dc:
                    38:e8:5d:9f:14:79:5f:76:f4:4a:a9:3d:a7:85:f4:
                    0e:f7:16:0c:bb:e9:4e:6c:ca:67:f6:ff:8f:21:8c:
                    bf:64:98:a1:4c:60:b9:95:c5:a1:a4:8e:99:a2:45:
                    35:b9:6e:da:4b:9e:41:d8:b0:0d:3e:a3:55:b4:6e:
                    90:2b:03:c3:bc:47:f6:10:3a:94:00:02:f5:c1:fa:
                    28:70:3e:e5:c7:c5:d4:69:36:51:7f:b2:08:1f:0b:
                    dd:98:c1:54:67:16:78:cc:ad:a5:ad:68:d3:43:1e:
                    7d:f5:4a:38:23:05:9c:a5:ba:11:c5:11:1b:de:64:
                    ed:78:c1:ab:3a:16:91:e2:a9:9f:df:64:ae:cf:8e:
                    a6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:8C:33:71:93:6B:EE:6E:9B:DA:9B:F9:66:CF:54:0E:D4:F0:EC:8E
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/zIwzcZNr7m6b2pv5Zs9UDtTw7I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6903::/32
                  2a12:1247::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:23:fb:1b:c5:3d:00:5f:4a:39:53:d0:65:81:c4:a8:e4:43:
         2f:26:92:d0:d3:26:76:76:5c:8b:2f:64:de:37:9e:26:17:8f:
         ab:07:3c:11:57:13:00:4d:95:1b:79:68:40:6c:82:a4:61:4e:
         2d:ea:05:43:54:43:25:e6:24:b1:1d:84:ee:f9:bf:05:f0:d5:
         78:cf:03:43:be:26:9a:de:28:cd:3d:3c:64:72:40:4e:0d:5b:
         50:65:25:3b:62:45:55:60:5b:65:3a:17:72:f4:21:44:42:1c:
         a3:82:39:c1:e2:9f:15:f7:00:76:a3:d0:a2:cf:c4:24:82:41:
         a9:2d:e2:2f:01:c1:20:16:9f:5a:3a:35:54:71:c3:c2:49:a1:
         66:44:38:23:e1:83:97:83:82:f4:37:ab:09:43:24:f0:e0:b6:
         c3:82:76:34:fe:40:7d:76:9f:38:00:4d:dc:48:49:20:cf:d1:
         4e:0c:9f:68:bb:bc:f9:58:bc:c8:47:b3:89:56:d5:b9:0d:bc:
         0b:30:7b:f3:97:7f:ff:5f:65:2c:c8:fb:91:be:5f:55:4a:dd:
         44:79:a4:fb:7c:47:9e:32:01:31:1e:5c:cb:9c:5d:f6:d2:80:
         b5:fb:5f:7f:f8:a4:e6:0c:63:6c:f9:06:0a:b2:ae:c0:84:6a:
         8b:f7:50:fa
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZZkSy0hUtWLf6gZdnL613fQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjUwNDIzMjAxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzhjMzM3MTkzNmJlZTZlOWJkYTliZjk2NmNmNTQwZWQ0ZjBlYzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNra90M3aU6Q+myi+j+pXIIrFUfc
zM7/j8Ev60wD3Rt/am14yXXDVZNLf3fWAQmBijmZvhtt4wcRaCZdtDJPWlgKBiwR
VvxGhbeBgXLb559ZOuXTwIOGyBcbnEVWwSZAJXi8bgZ8CpMBydnAgCRlHlUmT8vW
jNw46F2fFHlfdvRKqT2nhfQO9xYMu+lObMpn9v+PIYy/ZJihTGC5lcWhpI6ZokU1
uW7aS55B2LANPqNVtG6QKwPDvEf2EDqUAAL1wfoocD7lx8XUaTZRf7IIHwvdmMFU
ZxZ4zK2lrWjTQx599Uo4IwWcpboRxREb3mTteMGrOhaR4qmf32Suz46mqQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMyMM3GTa+5um9qb+WbPVA7U8OyOMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvekl3emNaTnI3bTZiMnB2NVpzOVVEdFR3N0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKglpAwMF
ACoSEkcwDQYJKoZIhvcNAQELBQADggEBAJMj+xvFPQBfSjlT0GWBxKjkQy8mktDT
JnZ2XIsvZN43niYXj6sHPBFXEwBNlRt5aEBsgqRhTi3qBUNUQyXmJLEdhO75vwXw
1XjPA0O+JpreKM09PGRyQE4NW1BlJTtiRVVgW2U6F3L0IURCHKOCOcHinxX3AHaj
0KLPxCSCQakt4i8BwSAWn1o6NVRxw8JJoWZEOCPhg5eDgvQ3qwlDJPDgtsOCdjT+
QH12nzgATdxISSDP0U4Mn2i7vPlYvMhHs4lW1bkNvAswe/OXf/9fZSzI+5G+X1VK
3UR5pPt8R54yATEeXMucXfbSgLX7X3/4pOYMY2z5BgqyrsCEaov3UPo=
-----END CERTIFICATE-----