Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/6DyFjxNuZaydS9bKmS0-lDimCWA.roa
File:                     6DyFjxNuZaydS9bKmS0-lDimCWA.roa (raw, json)
Hash identifier:          w+hli8OO0LCrT1s2As2YzA6/he3KpN8v/KtHkMIY6+4=
Subject key identifier:   E8:3C:85:8F:13:6E:65:AC:9D:4B:D6:CA:99:2D:3E:94:38:A6:09:60
Certificate issuer:       /CN=6f0b366a136f8fcc5df523c8d46f790791c1b3bb
Certificate serial:       0198184B01ABE81A8ABC39ABA36C90D09211
Authority key identifier: 6F:0B:36:6A:13:6F:8F:CC:5D:F5:23:C8:D4:6F:79:07:91:C1:B3:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bws2ahNvj8xd9SPI1G95B5HBs7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/6DyFjxNuZaydS9bKmS0-lDimCWA.roa
Signing time:             Thu 17 Jul 2025 12:10:25 +0000
ROA not before:           Thu 17 Jul 2025 12:10:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59723
IP address blocks:        185.191.88.0/22 maxlen: 24
                          2a0a:1640::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/bws2ahNvj8xd9SPI1G95B5HBs7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/bws2ahNvj8xd9SPI1G95B5HBs7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bws2ahNvj8xd9SPI1G95B5HBs7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:18:4b:01:ab:e8:1a:8a:bc:39:ab:a3:6c:90:d0:92:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b366a136f8fcc5df523c8d46f790791c1b3bb
        Validity
            Not Before: Jul 17 12:10:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e83c858f136e65ac9d4bd6ca992d3e9438a60960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f0:79:6c:ee:4b:7e:de:8c:08:5e:90:d7:6e:
                    72:f3:25:c9:cb:ea:88:00:47:94:27:4f:53:d9:0c:
                    1b:77:e3:83:54:52:d3:99:b4:71:da:93:90:2d:bf:
                    7e:66:52:54:d8:0c:e1:ea:f8:95:64:c4:c1:5f:85:
                    e4:86:bf:48:a6:09:0d:5d:d9:df:99:fa:44:49:ca:
                    32:f4:44:19:80:d3:d2:b1:21:4b:6c:64:c3:07:7e:
                    05:2f:0b:80:f9:81:a6:58:fa:90:c3:63:bd:9c:7b:
                    8b:30:a4:ea:d3:69:09:2b:54:ed:57:8c:6a:43:aa:
                    4c:82:de:26:ad:4a:4c:d6:6e:d8:7c:f6:63:5a:ff:
                    d6:8f:3d:2e:15:62:82:87:62:60:12:99:d1:ec:b5:
                    b1:24:37:52:5a:c8:60:fa:fe:b2:3c:a5:a6:ca:6f:
                    99:47:93:7f:9d:1c:9c:f2:2b:6d:7c:7f:02:b2:ab:
                    d8:aa:cf:9e:ba:f1:e0:46:3e:45:58:3c:12:82:fe:
                    82:8b:7a:a2:aa:a7:92:1d:f6:af:2a:15:0e:e7:21:
                    d6:c4:bc:97:40:84:89:f5:f9:64:87:ca:c5:8f:c6:
                    05:90:5d:58:d1:79:b0:37:d5:6d:54:56:fe:08:83:
                    0f:18:6c:e3:22:7f:a2:77:a0:ab:37:0e:da:b0:f8:
                    24:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:3C:85:8F:13:6E:65:AC:9D:4B:D6:CA:99:2D:3E:94:38:A6:09:60
            X509v3 Authority Key Identifier:
                keyid:6F:0B:36:6A:13:6F:8F:CC:5D:F5:23:C8:D4:6F:79:07:91:C1:B3:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bws2ahNvj8xd9SPI1G95B5HBs7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/6DyFjxNuZaydS9bKmS0-lDimCWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d23dde-e24f-4258-a7ce-eef6c2f45176/1/bws2ahNvj8xd9SPI1G95B5HBs7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.88.0/22
                IPv6:
                  2a0a:1640::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:4c:43:2a:cb:3c:5f:9c:ce:e4:78:b5:aa:dd:ac:4e:ca:1d:
         cf:c9:8b:62:5d:bf:64:e4:79:a5:eb:c5:42:8d:36:af:fb:88:
         38:14:8c:23:6e:8c:f3:6a:4d:60:0c:6a:d1:bd:84:16:fc:e9:
         51:15:4d:3e:e5:bb:ab:16:62:ea:b8:f2:ec:80:25:33:0a:00:
         97:7d:87:44:7c:ae:5e:a6:af:70:99:a4:92:91:3f:07:c9:64:
         57:c8:01:a8:51:8e:75:1e:89:7f:ce:b0:a0:89:cb:2b:ba:de:
         be:34:d3:14:ef:36:1f:2c:a6:7b:a1:13:b3:6e:99:2e:86:f9:
         d7:ba:ce:11:95:fb:ac:b8:22:90:37:2a:fa:6e:f2:78:c6:7a:
         32:1d:c6:27:cd:34:5e:b5:3e:e2:ec:5b:e0:5c:8a:11:2d:d9:
         b1:82:a2:06:d3:6a:09:ea:4d:70:be:ed:0a:af:b3:09:14:f4:
         91:3a:7a:3a:d0:a5:91:50:d5:bc:34:1c:75:82:b6:d4:b7:04:
         35:80:11:63:c0:a9:33:ef:8f:48:14:6c:53:16:8b:0b:a7:03:
         4b:bd:3e:38:0d:80:7a:74:65:57:50:87:5a:60:ef:e9:d6:ef:
         db:f2:27:44:07:66:3b:6a:56:67:9d:73:8c:0f:8b:31:f3:d3:
         50:4f:50:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZgYSwGr6BqKvDmro2yQ0JIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIzNjZhMTM2ZjhmY2M1ZGY1MjNjOGQ0NmY3OTA3OTFj
MWIzYmIwHhcNMjUwNzE3MTIxMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODNjODU4ZjEzNmU2NWFjOWQ0YmQ2Y2E5OTJkM2U5NDM4YTYwOTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/B5bO5Lft6MCF6Q125y8yXJy+qI
AEeUJ09T2Qwbd+ODVFLTmbRx2pOQLb9+ZlJU2Azh6viVZMTBX4Xkhr9IpgkNXdnf
mfpEScoy9EQZgNPSsSFLbGTDB34FLwuA+YGmWPqQw2O9nHuLMKTq02kJK1TtV4xq
Q6pMgt4mrUpM1m7YfPZjWv/Wjz0uFWKCh2JgEpnR7LWxJDdSWshg+v6yPKWmym+Z
R5N/nRyc8ittfH8CsqvYqs+euvHgRj5FWDwSgv6Ci3qiqqeSHfavKhUO5yHWxLyX
QISJ9flkh8rFj8YFkF1Y0XmwN9VtVFb+CIMPGGzjIn+id6CrNw7asPgkgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOg8hY8TbmWsnUvWypktPpQ4pglgMB8GA1UdIwQY
MBaAFG8LNmoTb4/MXfUjyNRveQeRwbO7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzMmFoTnZqOHhkOVNQSTFHOTVCNUhCczdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kMjNkZGUtZTI0Zi00MjU4LWE3Y2Ut
ZWVmNmMyZjQ1MTc2LzEvNkR5Rmp4TnVaYXlkUzliS21TMC1sRGltQ1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kMjNkZGUtZTI0Zi00MjU4LWE3Y2UtZWVmNmMyZjQ1MTc2
LzEvYndzMmFoTnZqOHhkOVNQSTFHOTVCNUhCczdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub9YMA0E
AgACMAcDBQMqChZAMA0GCSqGSIb3DQEBCwUAA4IBAQA3TEMqyzxfnM7keLWq3axO
yh3PyYtiXb9k5Hml68VCjTav+4g4FIwjbozzak1gDGrRvYQW/OlRFU0+5burFmLq
uPLsgCUzCgCXfYdEfK5epq9wmaSSkT8HyWRXyAGoUY51Hol/zrCgicsrut6+NNMU
7zYfLKZ7oROzbpkuhvnXus4RlfusuCKQNyr6bvJ4xnoyHcYnzTRetT7i7FvgXIoR
LdmxgqIG02oJ6k1wvu0Kr7MJFPSROno60KWRUNW8NBx1grbUtwQ1gBFjwKkz749I
FGxTFosLpwNLvT44DYB6dGVXUIdaYO/p1u/b8idEB2Y7alZnnXOMD4sx89NQT1C1
-----END CERTIFICATE-----