Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/tJp6RAZ2Y3Z3o2R75yur_W5Ex-w.roa
File:                     tJp6RAZ2Y3Z3o2R75yur_W5Ex-w.roa (raw, json)
Hash identifier:          GGPR+7RZv9vuHEdD+t//WBPxSiCJToRwFhnk1FKFqWc=
Subject key identifier:   B4:9A:7A:44:06:76:63:76:77:A3:64:7B:E7:2B:AB:FD:6E:44:C7:EC
Certificate issuer:       /CN=3fe14329b6c1e695011a82406f7af48f4bb10ad4
Certificate serial:       019762D507BAB04D5437D1AD80B46629BC11
Authority key identifier: 3F:E1:43:29:B6:C1:E6:95:01:1A:82:40:6F:7A:F4:8F:4B:B1:0A:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/tJp6RAZ2Y3Z3o2R75yur_W5Ex-w.roa
Signing time:             Thu 12 Jun 2025 06:30:17 +0000
ROA not before:           Thu 12 Jun 2025 06:30:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203917
IP address blocks:        185.227.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:62:d5:07:ba:b0:4d:54:37:d1:ad:80:b4:66:29:bc:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fe14329b6c1e695011a82406f7af48f4bb10ad4
        Validity
            Not Before: Jun 12 06:30:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b49a7a440676637677a3647be72babfd6e44c7ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:21:17:02:28:9b:9f:eb:ff:ab:13:9a:0e:dd:
                    d9:0d:90:97:e8:50:be:05:64:e7:fa:29:73:d4:ca:
                    7a:9a:40:84:47:e3:2e:75:85:8e:c6:81:80:73:42:
                    37:d5:60:bf:ca:a5:2f:32:a7:4a:6f:6d:81:5d:e2:
                    25:d4:74:6a:52:74:68:54:62:78:6e:4e:6a:4d:2a:
                    d4:04:53:29:4b:be:3a:dd:71:bf:33:47:3d:bb:cb:
                    38:05:59:7a:5b:3f:ca:67:7d:b0:3a:b0:1e:90:f3:
                    99:c1:cc:35:35:90:02:d4:23:67:60:4a:0b:c3:a4:
                    a0:83:66:50:96:88:d8:c6:68:f7:e8:e0:ea:7d:09:
                    57:95:2c:33:d7:0c:d9:a3:19:1f:4b:11:fd:ce:37:
                    26:75:ce:22:c8:14:ff:a8:17:d2:f7:2d:a2:32:16:
                    4c:19:f0:50:1b:a0:06:32:10:c9:95:d6:45:11:8d:
                    6e:f4:58:7c:dd:b7:a8:50:10:5e:be:06:30:3f:da:
                    f3:7d:9b:03:65:05:6a:e2:25:d1:ab:df:63:ac:a8:
                    6a:08:45:42:9a:27:be:21:76:db:53:11:0a:7e:11:
                    04:71:c8:1d:06:0c:b7:3e:b3:dc:ed:95:5c:5d:5d:
                    18:eb:96:2d:27:fd:1d:4b:fb:74:dc:2d:9d:56:bd:
                    db:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:9A:7A:44:06:76:63:76:77:A3:64:7B:E7:2B:AB:FD:6E:44:C7:EC
            X509v3 Authority Key Identifier:
                keyid:3F:E1:43:29:B6:C1:E6:95:01:1A:82:40:6F:7A:F4:8F:4B:B1:0A:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/tJp6RAZ2Y3Z3o2R75yur_W5Ex-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:44:75:3c:6c:ae:cf:57:dc:bc:30:5d:12:b2:fc:df:8a:4b:
         41:e5:74:1c:bc:b1:51:cb:61:bc:f3:75:d2:82:ac:b6:9e:10:
         eb:1c:14:e2:ed:49:10:69:b5:64:36:56:f5:42:c1:cd:01:b0:
         ea:a5:51:d7:13:8b:7e:b6:af:1b:a2:1b:a4:95:2d:86:78:f0:
         88:1e:af:c7:57:47:55:76:26:c7:0d:cf:d9:22:9a:17:11:2f:
         86:ae:ee:1c:ef:0c:44:fd:4f:44:84:1a:56:05:1a:b5:72:60:
         4c:e4:49:e8:2f:b0:2d:1b:1e:70:6c:24:a0:f5:e4:a1:65:cc:
         2f:b8:74:d4:3a:93:c0:62:32:3a:aa:07:f1:e8:6f:10:9c:a3:
         bf:1d:48:9b:a3:06:d9:e9:e5:92:ec:f3:eb:29:df:22:30:66:
         a4:58:3c:25:53:49:4c:b4:19:45:23:78:3f:27:76:c0:ef:92:
         75:0c:63:b6:c4:ae:82:06:54:e9:d0:b7:f0:bc:1c:85:eb:7f:
         6e:f2:e5:41:f9:55:b3:85:a5:dd:a8:dd:a1:f5:39:d4:dc:fa:
         92:92:11:d6:c9:4a:32:9e:b4:52:f0:9a:1b:d8:26:e5:b9:b9:
         e9:8d:9f:e0:17:3b:d5:ed:cc:f2:07:64:a5:9f:66:93:5b:b6:
         c7:b4:b4:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdi1Qe6sE1UN9GtgLRmKbwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZTE0MzI5YjZjMWU2OTUwMTFhODI0MDZmN2FmNDhmNGJi
MTBhZDQwHhcNMjUwNjEyMDYzMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDlhN2E0NDA2NzY2Mzc2NzdhMzY0N2JlNzJiYWJmZDZlNDRjN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CEXAiibn+v/qxOaDt3ZDZCX6FC+
BWTn+ilz1Mp6mkCER+MudYWOxoGAc0I31WC/yqUvMqdKb22BXeIl1HRqUnRoVGJ4
bk5qTSrUBFMpS7463XG/M0c9u8s4BVl6Wz/KZ32wOrAekPOZwcw1NZAC1CNnYEoL
w6Sgg2ZQlojYxmj36ODqfQlXlSwz1wzZoxkfSxH9zjcmdc4iyBT/qBfS9y2iMhZM
GfBQG6AGMhDJldZFEY1u9Fh83beoUBBevgYwP9rzfZsDZQVq4iXRq99jrKhqCEVC
mie+IXbbUxEKfhEEccgdBgy3PrPc7ZVcXV0Y65YtJ/0dS/t03C2dVr3brwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSaekQGdmN2d6Nke+crq/1uRMfsMB8GA1UdIwQY
MBaAFD/hQym2weaVARqCQG969I9LsQrUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC1GREtiYkI1cFVCR29KQWIzcjBqMHV4Q3RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMGM2YzQtYWIyOC00NDA1LWI2OTQt
YzNkNTdlMjM4N2NhLzEvdEpwNlJBWjJZM1ozbzJSNzV5dXJfVzVFeC13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMGM2YzQtYWIyOC00NDA1LWI2OTQtYzNkNTdlMjM4N2Nh
LzEvUC1GREtiYkI1cFVCR29KQWIzcjBqMHV4Q3RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueMGMA0G
CSqGSIb3DQEBCwUAA4IBAQB5RHU8bK7PV9y8MF0SsvzfiktB5XQcvLFRy2G883XS
gqy2nhDrHBTi7UkQabVkNlb1QsHNAbDqpVHXE4t+tq8bohuklS2GePCIHq/HV0dV
dibHDc/ZIpoXES+Gru4c7wxE/U9EhBpWBRq1cmBM5EnoL7AtGx5wbCSg9eShZcwv
uHTUOpPAYjI6qgfx6G8QnKO/HUibowbZ6eWS7PPrKd8iMGakWDwlU0lMtBlFI3g/
J3bA75J1DGO2xK6CBlTp0LfwvByF639u8uVB+VWzhaXdqN2h9TnU3PqSkhHWyUoy
nrRS8Job2CblubnpjZ/gFzvV7czyB2Sln2aTW7bHtLR/
-----END CERTIFICATE-----