Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/H6tuFi9Z9kSQq0AcDKvLAwTMNdU.roa
File:                     H6tuFi9Z9kSQq0AcDKvLAwTMNdU.roa (raw, json)
Hash identifier:          /kG2Fx6v1vsEAcU1p5ojBIJNuUbGuznqVEsdiZLWRp0=
Subject key identifier:   1F:AB:6E:16:2F:59:F6:44:90:AB:40:1C:0C:AB:CB:03:04:CC:35:D5
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0198744DC13074C38944386725A953DF85B6
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/H6tuFi9Z9kSQq0AcDKvLAwTMNdU.roa
Signing time:             Mon 04 Aug 2025 08:58:29 +0000
ROA not before:           Mon 04 Aug 2025 08:58:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        46.249.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:4d:c1:30:74:c3:89:44:38:67:25:a9:53:df:85:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Aug  4 08:58:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fab6e162f59f64490ab401c0cabcb0304cc35d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ca:a6:0c:2f:bb:cf:bd:fc:e2:ab:76:70:0e:
                    23:df:f9:1f:38:04:45:94:a4:5c:ca:9b:a9:01:36:
                    da:08:b5:d7:18:f1:b3:77:f4:c6:ee:9e:08:63:42:
                    90:7f:c3:ee:b7:61:8f:d9:db:03:1d:ae:d4:ce:5b:
                    7d:5a:50:be:d1:2e:34:46:4c:96:a1:31:ea:44:7d:
                    c4:68:c3:15:6e:9d:8c:be:b6:d6:e1:e7:e6:41:8c:
                    eb:ce:b8:0b:f6:1f:4e:6d:4b:6f:35:aa:64:36:42:
                    fb:f6:00:de:e1:e0:98:1f:9a:17:30:87:0a:a4:07:
                    09:a8:14:a5:9f:38:9a:36:33:52:0b:a4:c9:a6:62:
                    85:61:a9:59:08:7c:db:72:56:d2:0f:11:c0:fd:0b:
                    9a:0e:1f:02:71:7d:65:aa:8c:43:9f:46:72:26:5f:
                    36:92:5c:98:7c:f6:da:13:04:4a:a4:23:f9:f2:a8:
                    ac:ee:de:ed:f6:25:bf:66:24:6e:29:76:8f:72:9d:
                    6d:28:a3:23:92:d7:59:05:eb:bd:b2:00:e1:da:8c:
                    e8:7c:fe:41:53:5b:b5:43:6f:88:ef:80:4a:d2:69:
                    9a:32:7b:ea:fa:ad:37:c4:9d:31:d3:3b:0a:0c:2a:
                    1b:d0:51:4b:5e:44:a9:17:3a:1f:95:b7:a8:bf:d5:
                    30:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AB:6E:16:2F:59:F6:44:90:AB:40:1C:0C:AB:CB:03:04:CC:35:D5
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/H6tuFi9Z9kSQq0AcDKvLAwTMNdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:33:47:f8:39:f4:2a:89:37:3b:73:17:64:db:88:d8:f3:93:
         8c:70:a6:7d:82:cb:f9:76:ff:5e:f8:45:b0:68:44:49:5f:7b:
         91:bc:08:9e:61:c6:c1:de:80:2d:ec:be:68:1d:7e:7e:d7:65:
         67:de:cb:ae:f5:8c:87:22:4c:2a:c5:e5:1b:13:6b:52:38:01:
         cb:05:f0:b0:af:5c:23:3c:f2:70:b1:9c:91:18:e1:3d:33:b5:
         dd:15:6e:68:81:17:11:42:65:cc:96:47:22:65:d9:c5:bf:c3:
         e9:b7:7b:51:db:58:66:e0:9d:cc:0e:a4:94:6a:b6:e4:7f:81:
         6a:b1:70:ad:94:66:2a:97:7a:5f:76:90:00:ab:b9:42:69:62:
         54:03:24:14:73:36:be:5e:41:3e:9a:78:2b:e9:e4:d3:43:bd:
         68:c2:ca:32:e5:fc:1c:c5:0f:b9:8f:bc:6f:b9:b9:77:4b:36:
         11:ac:19:ac:97:29:36:0b:d1:9c:80:fe:3f:1f:9c:17:a1:79:
         fd:6c:c0:bb:36:bc:43:22:e5:6a:c8:53:57:a4:fb:ac:d5:4e:
         80:35:b9:d1:c6:5f:bc:16:cc:37:35:22:e3:93:6c:92:46:1c:
         07:63:0a:3a:46:04:6f:ed:60:dc:a0:9c:b0:a5:08:c0:bd:0f:
         28:ed:78:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh0TcEwdMOJRDhnJalT34W2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwODA0MDg1ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmFiNmUxNjJmNTlmNjQ0OTBhYjQwMWMwY2FiY2IwMzA0Y2MzNWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcqmDC+7z7384qt2cA4j3/kfOARF
lKRcypupATbaCLXXGPGzd/TG7p4IY0KQf8Put2GP2dsDHa7Uzlt9WlC+0S40RkyW
oTHqRH3EaMMVbp2MvrbW4efmQYzrzrgL9h9ObUtvNapkNkL79gDe4eCYH5oXMIcK
pAcJqBSlnziaNjNSC6TJpmKFYalZCHzbclbSDxHA/QuaDh8CcX1lqoxDn0ZyJl82
klyYfPbaEwRKpCP58qis7t7t9iW/ZiRuKXaPcp1tKKMjktdZBeu9sgDh2ozofP5B
U1u1Q2+I74BK0mmaMnvq+q03xJ0x0zsKDCob0FFLXkSpFzoflbeov9Uw1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+rbhYvWfZEkKtAHAyrywMEzDXVMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvSDZ0dUZpOVo5a1NRcTBBY0RLdkxBd1RNTmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvloMA0G
CSqGSIb3DQEBCwUAA4IBAQByM0f4OfQqiTc7cxdk24jY85OMcKZ9gsv5dv9e+EWw
aERJX3uRvAieYcbB3oAt7L5oHX5+12Vn3suu9YyHIkwqxeUbE2tSOAHLBfCwr1wj
PPJwsZyRGOE9M7XdFW5ogRcRQmXMlkciZdnFv8Ppt3tR21hm4J3MDqSUarbkf4Fq
sXCtlGYql3pfdpAAq7lCaWJUAyQUcza+XkE+mngr6eTTQ71owsoy5fwcxQ+5j7xv
ubl3SzYRrBmslyk2C9GcgP4/H5wXoXn9bMC7NrxDIuVqyFNXpPus1U6ANbnRxl+8
Fsw3NSLjk2ySRhwHYwo6RgRv7WDcoJywpQjAvQ8o7XgJ
-----END CERTIFICATE-----