Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tuig2McYqtXX_-PGUedAeeH6Gc8.roa
File:                     tuig2McYqtXX_-PGUedAeeH6Gc8.roa (raw, json)
Hash identifier:          mNb7ugtDqM+5WQB4XF8NRapcLPX1pQXy2Ip8g/Fb0zE=
Subject key identifier:   B6:E8:A0:D8:C7:18:AA:D5:D7:FF:E3:C6:51:E7:40:79:E1:FA:19:CF
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       0198984C7D6E7EC58DDA9A6EAFA79A014FB5
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tuig2McYqtXX_-PGUedAeeH6Gc8.roa
Signing time:             Mon 11 Aug 2025 08:43:26 +0000
ROA not before:           Mon 11 Aug 2025 08:43:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60700
IP address blocks:        194.44.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 23:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:4c:7d:6e:7e:c5:8d:da:9a:6e:af:a7:9a:01:4f:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Aug 11 08:43:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6e8a0d8c718aad5d7ffe3c651e74079e1fa19cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:50:02:82:dc:20:a4:af:07:38:ef:57:4c:7f:
                    53:7f:9e:6c:d9:cd:8e:cb:44:53:dd:e1:5d:43:14:
                    4b:36:09:93:c0:55:cc:19:a3:8b:a7:6c:e3:98:66:
                    2d:e6:4e:41:64:2e:dc:ab:3d:87:9f:29:ce:25:d5:
                    ce:4d:dc:62:c9:d1:1d:ca:2f:52:30:87:9e:15:59:
                    cc:80:3d:9e:91:db:44:6b:9a:30:6c:ed:34:d8:77:
                    1b:d5:11:f7:c5:4b:73:ee:e5:87:fe:f5:e7:5c:1f:
                    e5:6d:aa:36:5d:d2:15:18:c7:39:e2:f0:dd:51:30:
                    81:51:fd:e4:7f:6c:d6:0f:8d:0f:e9:ad:7b:4f:d7:
                    d5:1c:bd:76:cd:57:48:57:42:a0:c0:57:2e:fd:ad:
                    ee:fe:1d:ce:e6:ff:3e:1f:d2:54:a7:b3:13:bb:c6:
                    c1:f5:91:2d:72:7e:c4:d8:6e:c6:ab:2b:de:38:36:
                    5f:2a:cf:23:15:81:11:d2:22:22:88:29:bd:39:4d:
                    17:8d:ee:99:5c:b3:6e:02:aa:c2:8b:7a:0a:3a:6b:
                    09:e8:ca:e1:d9:e9:89:e2:7f:d3:b6:e1:f0:26:0c:
                    d0:36:df:56:3b:ef:1e:45:0b:45:58:6a:1b:24:3d:
                    da:66:d6:10:5d:df:a9:fc:7d:09:b7:3f:4d:01:58:
                    c1:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:E8:A0:D8:C7:18:AA:D5:D7:FF:E3:C6:51:E7:40:79:E1:FA:19:CF
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tuig2McYqtXX_-PGUedAeeH6Gc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:58:bb:b4:17:9a:ab:30:2c:7d:6f:21:ef:20:f5:04:37:c8:
         0f:08:51:06:02:03:cb:82:bf:65:bc:47:a5:6f:73:77:59:5b:
         c3:09:7d:bf:a1:50:c2:bf:79:a1:de:a2:17:51:46:33:5b:89:
         00:f7:3a:d1:81:3c:65:cd:1d:08:bc:82:9c:e2:fe:5d:cb:ae:
         c7:0d:16:ec:73:9d:6d:8f:37:5f:34:1a:e7:3b:3b:44:26:d8:
         bc:87:9f:45:9a:0b:82:39:fa:5b:5b:a0:72:74:66:05:53:2d:
         3d:a4:cf:52:2b:b2:8d:05:61:22:39:2c:54:e6:37:0f:03:81:
         6f:e9:39:40:d4:e9:fa:32:d2:6d:cd:e9:21:fc:a9:ce:99:15:
         99:25:8f:95:b8:02:45:db:91:fd:35:5e:70:0c:32:e7:c2:fe:
         ef:1f:31:4a:68:e4:d1:b9:8c:db:df:3d:1c:9a:e7:a8:0f:0f:
         52:09:93:94:48:2c:5a:29:a7:15:27:43:5e:3c:ca:7a:23:97:
         2d:d6:22:11:29:49:db:fd:48:db:c9:e8:c0:19:26:65:75:80:
         71:b6:6f:05:f4:50:1d:a1:f6:07:cf:20:e0:c9:ed:90:08:ae:
         2c:e9:84:e7:04:ba:ef:ca:89:45:85:fb:ea:ee:47:2f:16:e0:
         a4:2b:06:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYTH1ufsWN2ppur6eaAU+1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwODExMDg0MzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmU4YTBkOGM3MThhYWQ1ZDdmZmUzYzY1MWU3NDA3OWUxZmExOWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlACgtwgpK8HOO9XTH9Tf55s2c2O
y0RT3eFdQxRLNgmTwFXMGaOLp2zjmGYt5k5BZC7cqz2HnynOJdXOTdxiydEdyi9S
MIeeFVnMgD2ekdtEa5owbO002Hcb1RH3xUtz7uWH/vXnXB/lbao2XdIVGMc54vDd
UTCBUf3kf2zWD40P6a17T9fVHL12zVdIV0KgwFcu/a3u/h3O5v8+H9JUp7MTu8bB
9ZEtcn7E2G7GqyveODZfKs8jFYER0iIiiCm9OU0Xje6ZXLNuAqrCi3oKOmsJ6Mrh
2emJ4n/TtuHwJgzQNt9WO+8eRQtFWGobJD3aZtYQXd+p/H0Jtz9NAVjBiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbooNjHGKrV1//jxlHnQHnh+hnPMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvdHVpZzJNY1lxdFhYXy1QR1VlZEFlZUg2R2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiweMA0G
CSqGSIb3DQEBCwUAA4IBAQCNWLu0F5qrMCx9byHvIPUEN8gPCFEGAgPLgr9lvEel
b3N3WVvDCX2/oVDCv3mh3qIXUUYzW4kA9zrRgTxlzR0IvIKc4v5dy67HDRbsc51t
jzdfNBrnOztEJti8h59FmguCOfpbW6BydGYFUy09pM9SK7KNBWEiOSxU5jcPA4Fv
6TlA1On6MtJtzekh/KnOmRWZJY+VuAJF25H9NV5wDDLnwv7vHzFKaOTRuYzb3z0c
mueoDw9SCZOUSCxaKacVJ0NePMp6I5ct1iIRKUnb/UjbyejAGSZldYBxtm8F9FAd
ofYHzyDgye2QCK4s6YTnBLrvyolFhfvq7kcvFuCkKwaI
-----END CERTIFICATE-----