Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/6hhOpOhfqnR9-Ld8KayuH8mAoWs.roa
File:                     6hhOpOhfqnR9-Ld8KayuH8mAoWs.roa (raw, json)
Hash identifier:          YDdcSyFrdBXffZ4Dd2UbaWaiQhW+ysfcb6F+PHXrFi8=
Subject key identifier:   EA:18:4E:A4:E8:5F:AA:74:7D:F8:B7:7C:29:AC:AE:1F:C9:80:A1:6B
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       01987A38086F072EDB7F307C5F5558D0314C
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/6hhOpOhfqnR9-Ld8KayuH8mAoWs.roa
Signing time:             Tue 05 Aug 2025 12:32:29 +0000
ROA not before:           Tue 05 Aug 2025 12:32:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        81.27.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:38:08:6f:07:2e:db:7f:30:7c:5f:55:58:d0:31:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Aug  5 12:32:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea184ea4e85faa747df8b77c29acae1fc980a16b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f0:26:e3:86:c9:16:01:e4:ed:3d:bc:d7:ef:
                    d4:4c:d7:5a:0d:a3:3c:57:4d:1c:df:25:e2:bf:46:
                    79:4f:88:7b:ad:93:27:6c:db:50:d9:e2:20:a5:ab:
                    03:3f:28:8f:81:14:c8:a1:b1:f8:97:dc:cc:d4:43:
                    06:2a:8f:72:fe:35:99:cc:fd:9a:43:96:ff:13:9d:
                    ef:01:8c:59:24:35:6e:08:28:a3:dc:46:8f:15:f4:
                    93:13:98:5f:7b:cb:01:a1:ff:a2:dc:d3:57:83:8a:
                    03:bf:35:fc:5a:12:3a:72:63:aa:c9:d8:90:3d:86:
                    48:93:f3:f6:c8:f1:cb:2c:f9:aa:86:5e:51:b0:ea:
                    e9:ce:7d:b3:0c:89:b6:05:1b:0f:c2:8b:ad:45:f9:
                    86:ce:eb:15:c1:b0:79:39:0a:da:29:62:3a:6b:99:
                    39:24:29:83:48:d3:7e:25:af:b8:ed:24:fc:38:d5:
                    71:2e:24:64:72:cc:79:65:5b:36:76:85:54:61:4d:
                    5e:e7:48:fd:1a:a2:56:44:90:9b:63:b3:f7:4d:7e:
                    43:49:90:8a:77:3f:12:4e:47:86:87:44:e4:be:6a:
                    40:8b:aa:82:d1:2a:6a:a4:82:05:b7:25:0a:ff:db:
                    e5:56:83:f1:e2:2b:ea:b7:6d:bb:13:3d:b0:21:bd:
                    c8:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:18:4E:A4:E8:5F:AA:74:7D:F8:B7:7C:29:AC:AE:1F:C9:80:A1:6B
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/6hhOpOhfqnR9-Ld8KayuH8mAoWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.27.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:84:4d:f5:53:32:3a:7b:60:1b:fb:3d:3f:dc:0e:47:42:58:
         78:36:56:f5:28:04:02:8b:1f:78:e6:ea:a4:82:a7:91:01:c1:
         f3:a5:09:1a:07:13:d4:c3:93:0b:a0:51:ab:34:17:41:1a:64:
         4a:18:02:cd:32:33:8e:a2:54:6f:b9:ca:5a:c4:b5:e3:ac:a3:
         c1:51:45:36:83:db:0d:9d:c7:0a:81:ab:fb:c2:32:a5:2c:16:
         fe:05:8f:1f:1b:d6:7a:c7:e1:df:2b:26:67:47:2a:e2:8b:60:
         0e:8e:3e:8d:d6:28:d6:32:f6:5e:ff:a7:0b:b1:da:f8:c7:b5:
         a0:4c:7a:f0:f7:0d:53:e4:74:81:9d:46:28:ee:56:b5:8f:a6:
         ce:27:c8:f8:fe:db:3f:63:2b:f0:42:e9:fb:f5:20:97:09:2d:
         ac:6a:7d:21:d9:d0:06:8a:5e:8f:a2:08:c4:d0:7b:a2:64:b8:
         a7:74:00:bb:d1:e6:fd:dc:c6:3d:84:9e:51:11:61:44:74:dd:
         f4:c3:4a:c3:4f:e7:7b:f4:48:9c:e2:df:07:50:51:16:fb:a9:
         6e:7b:c9:cd:eb:83:d8:4f:d2:92:b3:da:ce:d8:d4:a3:53:e3:
         cb:02:3c:0b:30:e9:49:18:45:bb:4a:20:fc:d1:52:5c:53:14:
         19:ab:d5:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh6OAhvBy7bfzB8X1VY0DFMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjUwODA1MTIzMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTE4NGVhNGU4NWZhYTc0N2RmOGI3N2MyOWFjYWUxZmM5ODBhMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfAm44bJFgHk7T281+/UTNdaDaM8
V00c3yXiv0Z5T4h7rZMnbNtQ2eIgpasDPyiPgRTIobH4l9zM1EMGKo9y/jWZzP2a
Q5b/E53vAYxZJDVuCCij3EaPFfSTE5hfe8sBof+i3NNXg4oDvzX8WhI6cmOqydiQ
PYZIk/P2yPHLLPmqhl5RsOrpzn2zDIm2BRsPwoutRfmGzusVwbB5OQraKWI6a5k5
JCmDSNN+Ja+47ST8ONVxLiRkcsx5ZVs2doVUYU1e50j9GqJWRJCbY7P3TX5DSZCK
dz8STkeGh0TkvmpAi6qC0SpqpIIFtyUK/9vlVoPx4ivqt227Ez2wIb3IHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOoYTqToX6p0ffi3fCmsrh/JgKFrMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvNmhoT3BPaGZxblI5LUxkOEtheXVIOG1Bb1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURtUMA0G
CSqGSIb3DQEBCwUAA4IBAQCLhE31UzI6e2Ab+z0/3A5HQlh4Nlb1KAQCix945uqk
gqeRAcHzpQkaBxPUw5MLoFGrNBdBGmRKGALNMjOOolRvucpaxLXjrKPBUUU2g9sN
nccKgav7wjKlLBb+BY8fG9Z6x+HfKyZnRyrii2AOjj6N1ijWMvZe/6cLsdr4x7Wg
THrw9w1T5HSBnUYo7la1j6bOJ8j4/ts/YyvwQun79SCXCS2san0h2dAGil6PogjE
0HuiZLindAC70eb93MY9hJ5REWFEdN30w0rDT+d79Eic4t8HUFEW+6lue8nN64PY
T9KSs9rO2NSjU+PLAjwLMOlJGEW7SiD80VJcUxQZq9UX
-----END CERTIFICATE-----