Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/H6uD3b5s6RNqvIc6qZVAzojQRkY.roa
File:                     H6uD3b5s6RNqvIc6qZVAzojQRkY.roa (raw, json)
Hash identifier:          p/DJTJUWkWKVj1cadXkZn9BGGLEb2ftBgIA3ZTuC58g=
Subject key identifier:   1F:AB:83:DD:BE:6C:E9:13:6A:BC:87:3A:A9:95:40:CE:88:D0:46:46
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0197269DF2EBEAADFB6464D21C612110E9BA
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/H6uD3b5s6RNqvIc6qZVAzojQRkY.roa
Signing time:             Sat 31 May 2025 13:52:54 +0000
ROA not before:           Sat 31 May 2025 13:52:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216169
IP address blocks:        46.38.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 07:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:26:9d:f2:eb:ea:ad:fb:64:64:d2:1c:61:21:10:e9:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: May 31 13:52:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fab83ddbe6ce9136abc873aa99540ce88d04646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:54:42:68:c4:28:e4:f4:2a:b6:9f:56:60:f1:
                    75:9b:ad:01:78:aa:87:5b:05:c4:3b:92:4a:00:4a:
                    14:30:25:48:41:21:86:db:ea:f9:02:60:07:bb:80:
                    44:52:0f:15:33:7e:ce:64:69:de:e4:c5:dd:9d:6b:
                    b2:1e:5e:ae:6b:cd:e1:44:80:ce:3f:a3:96:ab:eb:
                    59:a8:0d:17:e5:8c:31:27:e0:9d:08:02:4d:e8:87:
                    80:66:80:bc:bd:49:25:53:1e:81:b7:f3:7f:8f:ea:
                    32:56:60:6f:40:c2:c3:dc:94:00:39:58:cf:cf:fc:
                    5a:6a:c0:1e:a4:51:d3:b8:83:5a:0c:38:99:39:9e:
                    79:96:28:54:36:8c:b5:f7:ea:e3:2b:b7:a0:b9:d1:
                    0f:6a:e0:93:6f:a3:2b:30:39:67:76:86:85:40:8a:
                    17:65:42:69:34:1d:28:69:cc:82:53:0e:9b:fa:31:
                    da:13:07:da:51:aa:ab:ac:d9:ff:13:7e:d3:52:36:
                    c8:5f:ae:19:0b:a4:5d:53:f9:c8:3d:74:64:fc:4c:
                    45:6f:e9:93:3e:7a:69:41:d0:14:49:da:71:1e:ff:
                    ca:f5:4e:87:65:52:29:6c:28:bf:ea:f0:3a:3f:e3:
                    0b:0d:ac:1e:64:e0:a3:10:45:13:53:ae:48:19:70:
                    0a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AB:83:DD:BE:6C:E9:13:6A:BC:87:3A:A9:95:40:CE:88:D0:46:46
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/H6uD3b5s6RNqvIc6qZVAzojQRkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:22:88:e0:6e:d1:aa:89:19:5d:30:75:6b:89:f7:f4:7d:5d:
         36:d8:8a:4a:ea:6d:2c:d6:3c:88:32:74:d3:20:2c:22:b9:90:
         a0:2d:02:d0:9e:74:e3:63:eb:04:e6:9d:86:60:f8:9f:6e:c7:
         3c:8f:e8:e1:21:e9:42:73:a3:de:a5:e9:94:df:b8:6a:96:b8:
         4f:b9:20:b8:84:bc:69:c6:0f:33:c1:2c:a6:25:bc:87:76:76:
         32:a9:60:11:c9:f0:ae:ea:8d:2b:df:bd:9b:7e:f0:64:81:d1:
         29:cd:ed:9e:23:5e:41:a1:fb:67:d0:98:30:c4:45:2a:8d:17:
         97:f3:af:d7:63:bd:7c:dc:43:01:9c:69:92:69:b4:db:de:a1:
         75:0e:6e:3f:09:8e:6b:ff:94:0f:3b:b1:a3:b8:44:e9:23:3d:
         0d:d9:85:3d:a3:22:e8:e4:40:4b:d5:6f:6e:fd:22:f4:c1:cf:
         ab:a3:39:f9:ea:2a:4c:e5:87:fd:62:57:31:f1:ec:e8:e4:9c:
         65:4d:fe:5b:26:2a:81:ef:a8:ba:15:16:f0:29:de:68:cd:f3:
         78:67:f7:da:31:ba:80:b9:29:e5:43:e8:4b:86:ce:e5:77:04:
         f1:dc:1f:7e:3c:c3:b9:5d:0a:20:10:15:9d:5c:b0:13:84:36:
         43:f5:83:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcmnfLr6q37ZGTSHGEhEOm6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNTMxMTM1MjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmFiODNkZGJlNmNlOTEzNmFiYzg3M2FhOTk1NDBjZTg4ZDA0NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVRCaMQo5PQqtp9WYPF1m60BeKqH
WwXEO5JKAEoUMCVIQSGG2+r5AmAHu4BEUg8VM37OZGne5MXdnWuyHl6ua83hRIDO
P6OWq+tZqA0X5YwxJ+CdCAJN6IeAZoC8vUklUx6Bt/N/j+oyVmBvQMLD3JQAOVjP
z/xaasAepFHTuINaDDiZOZ55lihUNoy19+rjK7egudEPauCTb6MrMDlndoaFQIoX
ZUJpNB0oacyCUw6b+jHaEwfaUaqrrNn/E37TUjbIX64ZC6RdU/nIPXRk/ExFb+mT
PnppQdAUSdpxHv/K9U6HZVIpbCi/6vA6P+MLDaweZOCjEEUTU65IGXAKvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+rg92+bOkTaryHOqmVQM6I0EZGMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvSDZ1RDNiNXM2Uk5xdkljNnFaVkF6b2pRUmtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiaOMA0G
CSqGSIb3DQEBCwUAA4IBAQAzIojgbtGqiRldMHVriff0fV022IpK6m0s1jyIMnTT
ICwiuZCgLQLQnnTjY+sE5p2GYPifbsc8j+jhIelCc6PepemU37hqlrhPuSC4hLxp
xg8zwSymJbyHdnYyqWARyfCu6o0r372bfvBkgdEpze2eI15Boftn0JgwxEUqjReX
86/XY7183EMBnGmSabTb3qF1Dm4/CY5r/5QPO7GjuETpIz0N2YU9oyLo5EBL1W9u
/SL0wc+rozn56ipM5Yf9Ylcx8ezo5JxlTf5bJiqB76i6FRbwKd5ozfN4Z/faMbqA
uSnlQ+hLhs7ldwTx3B9+PMO5XQogEBWdXLAThDZD9YMY
-----END CERTIFICATE-----