Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/6W_cfm-J8Jm0OpvUv8VEPziXvqU.roa
File:                     6W_cfm-J8Jm0OpvUv8VEPziXvqU.roa (raw, json)
Hash identifier:          ntUZRyHP+6WOiJkOEZN4Fuk1A/G3+Q9sIm3AVgN1jow=
Subject key identifier:   E9:6F:DC:7E:6F:89:F0:99:B4:3A:9B:D4:BF:C5:44:3F:38:97:BE:A5
Certificate issuer:       /CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
Certificate serial:       0195483DBB79089E7243A0031CB133052359
Authority key identifier: D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/6W_cfm-J8Jm0OpvUv8VEPziXvqU.roa
Signing time:             Thu 27 Feb 2025 16:29:20 +0000
ROA not before:           Thu 27 Feb 2025 16:29:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46606
IP address blocks:        185.195.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:48:3d:bb:79:08:9e:72:43:a0:03:1c:b1:33:05:23:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
        Validity
            Not Before: Feb 27 16:29:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e96fdc7e6f89f099b43a9bd4bfc5443f3897bea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:dd:2a:d4:4a:e2:d1:ae:bc:99:ae:d6:35:8c:
                    c8:82:75:13:4c:58:eb:dd:3f:ce:9f:a3:13:43:25:
                    9e:55:c6:df:64:79:60:68:f2:e4:fe:03:94:0c:6d:
                    c9:60:71:c6:b6:34:5e:a4:22:f8:93:f1:95:91:d8:
                    a9:c5:2b:4e:1b:a0:16:29:80:97:42:99:11:66:a7:
                    ec:91:df:a7:b4:34:55:ff:00:bb:3e:77:1a:be:37:
                    b6:b8:e6:93:ad:b4:5a:1d:ea:bc:11:9c:ce:9a:22:
                    53:2c:ee:06:77:96:73:9b:4e:31:48:c9:80:35:88:
                    88:b5:12:81:eb:6a:a9:c9:b2:5d:4f:c7:41:a5:7b:
                    de:ab:f0:37:17:b7:dd:1a:f7:f1:47:ce:91:b5:d3:
                    df:f9:67:37:53:75:39:13:6e:16:4a:a3:68:cb:54:
                    56:f3:1b:17:4e:90:1d:3e:10:c4:b7:c1:7a:e7:56:
                    9f:c6:81:2f:ce:05:94:18:e9:10:b7:68:eb:70:0e:
                    f8:1a:76:70:a2:8d:0e:f0:c9:21:c2:e7:a6:32:2e:
                    5b:c1:a0:8b:52:10:54:80:e9:be:1f:3d:62:32:70:
                    d8:c5:29:a6:9a:b5:76:b9:51:84:6c:9a:73:08:47:
                    f4:df:26:9c:8e:e1:6d:c1:51:e8:f8:1f:bd:68:9e:
                    13:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:6F:DC:7E:6F:89:F0:99:B4:3A:9B:D4:BF:C5:44:3F:38:97:BE:A5
            X509v3 Authority Key Identifier:
                keyid:D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/6W_cfm-J8Jm0OpvUv8VEPziXvqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:ed:d9:15:c2:9d:c5:d0:fa:c4:d9:e1:1a:48:77:09:b5:c4:
         ad:23:d3:d6:07:fc:71:c4:71:69:25:f7:80:9f:37:b3:17:a1:
         a7:2b:7f:3e:39:19:73:7d:8b:7e:e6:06:32:e8:d0:7c:7a:c2:
         15:4c:d5:71:04:b1:e4:80:2b:6c:29:d6:72:e9:ef:6b:62:9f:
         5b:79:cb:4d:59:f9:2b:de:30:a5:a3:f6:75:90:f7:b5:d5:52:
         39:a4:38:96:77:74:c4:da:70:18:92:5e:4b:2f:1e:bd:3a:59:
         63:ff:58:6b:c8:48:e6:2e:94:af:a8:16:1a:e0:57:b6:94:3d:
         a4:ee:d3:00:bc:6e:38:ec:52:b8:da:e3:36:88:59:fd:7d:0b:
         08:90:15:96:99:ea:67:a5:09:f8:ba:b0:d6:93:c1:7d:84:ec:
         ed:cb:4f:29:ac:4a:38:cf:ae:81:62:e5:d7:0a:c5:e9:3f:1c:
         23:25:a8:a3:20:0f:b5:31:58:8e:0d:1c:63:8a:0b:f6:6a:e0:
         94:1a:02:ef:36:ba:d2:58:bd:e7:cf:8b:aa:6a:4b:45:24:40:
         c4:22:6f:19:2c:e1:aa:18:42:b1:5a:35:19:db:7a:12:a5:7a:
         07:91:a6:41:8d:09:de:d2:6e:d2:3e:c6:97:53:d9:39:18:90:
         84:1a:a6:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVIPbt5CJ5yQ6ADHLEzBSNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2FlOWRjOWY0M2EyNjllYjBhY2NmMzQ4OGU4NjFmNGZm
MGU4OWUwHhcNMjUwMjI3MTYyOTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTZmZGM3ZTZmODlmMDk5YjQzYTliZDRiZmM1NDQzZjM4OTdiZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnt0q1Eri0a68ma7WNYzIgnUTTFjr
3T/On6MTQyWeVcbfZHlgaPLk/gOUDG3JYHHGtjRepCL4k/GVkdipxStOG6AWKYCX
QpkRZqfskd+ntDRV/wC7Pncavje2uOaTrbRaHeq8EZzOmiJTLO4Gd5Zzm04xSMmA
NYiItRKB62qpybJdT8dBpXveq/A3F7fdGvfxR86RtdPf+Wc3U3U5E24WSqNoy1RW
8xsXTpAdPhDEt8F651afxoEvzgWUGOkQt2jrcA74GnZwoo0O8MkhwuemMi5bwaCL
UhBUgOm+Hz1iMnDYxSmmmrV2uVGEbJpzCEf03yacjuFtwVHo+B+9aJ4T0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlv3H5vifCZtDqb1L/FRD84l76lMB8GA1UdIwQY
MBaAFNF66dyfQ6Jp6wrM80iOhh9P8OieMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUt
ZmRhNGU4YTViNDZlLzEvNldfY2ZtLUo4Sm0wT3B2VXY4VkVQemlYdnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUtZmRhNGU4YTViNDZl
LzEvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucMMMA0G
CSqGSIb3DQEBCwUAA4IBAQCM7dkVwp3F0PrE2eEaSHcJtcStI9PWB/xxxHFpJfeA
nzezF6GnK38+ORlzfYt+5gYy6NB8esIVTNVxBLHkgCtsKdZy6e9rYp9bectNWfkr
3jClo/Z1kPe11VI5pDiWd3TE2nAYkl5LLx69Ollj/1hryEjmLpSvqBYa4Fe2lD2k
7tMAvG447FK42uM2iFn9fQsIkBWWmepnpQn4urDWk8F9hOzty08prEo4z66BYuXX
CsXpPxwjJaijIA+1MViODRxjigv2auCUGgLvNrrSWL3nz4uqaktFJEDEIm8ZLOGq
GEKxWjUZ23oSpXoHkaZBjQne0m7SPsaXU9k5GJCEGqaG
-----END CERTIFICATE-----