Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/rC-6_MpLFXNC_yVcHN7bocmTRFo.roa
File:                     rC-6_MpLFXNC_yVcHN7bocmTRFo.roa (raw, json)
Hash identifier:          F2+vYnjsDip5hlFlmE+A+nvZymiYmgHK6+W34puVOf4=
Subject key identifier:   AC:2F:BA:FC:CA:4B:15:73:42:FF:25:5C:1C:DE:DB:A1:C9:93:44:5A
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       0197EAC4AB85E1CC8FD06DEF33F63A1197E8
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/rC-6_MpLFXNC_yVcHN7bocmTRFo.roa
Signing time:             Tue 08 Jul 2025 16:00:46 +0000
ROA not before:           Tue 08 Jul 2025 16:00:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216334
IP address blocks:        176.98.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ea:c4:ab:85:e1:cc:8f:d0:6d:ef:33:f6:3a:11:97:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Jul  8 16:00:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac2fbafcca4b157342ff255c1cdedba1c993445a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:70:f3:9c:1f:e5:9f:57:19:5d:4f:c0:d4:19:
                    34:87:ff:4d:2c:31:20:8a:cb:c9:61:ab:6d:8a:7b:
                    9d:67:d0:24:35:af:df:b1:6a:ba:97:9f:77:73:d5:
                    45:60:c8:df:46:d7:93:02:f0:4d:de:66:73:8f:f8:
                    3b:cb:a5:9c:65:5f:c7:b7:ab:3a:3c:f9:ea:98:f6:
                    04:b7:35:d8:da:a1:97:be:a6:3c:08:96:00:6a:a4:
                    b8:65:12:e1:17:b7:08:be:10:82:83:30:17:e0:33:
                    b0:6e:73:30:13:9c:4b:92:39:73:e5:e4:8a:e6:11:
                    c4:ea:1c:1c:5b:30:5d:28:12:4b:e4:39:c9:40:8e:
                    fa:b5:98:78:ae:b1:32:a1:e6:8d:0f:94:6b:bb:33:
                    d2:57:bf:30:c1:2a:f1:13:1a:b7:a5:ff:6b:fc:c1:
                    e1:8a:24:da:bb:82:e0:d3:d5:da:ba:6b:0c:f2:5c:
                    70:5e:d2:c7:ea:4a:20:e4:7a:7b:d1:b6:e5:72:3b:
                    cf:05:30:11:5b:ce:78:f9:0b:a4:da:92:d2:30:0f:
                    e6:24:84:b7:0a:d8:22:ca:5c:c3:69:7d:89:48:b1:
                    c9:ed:74:d8:e4:98:66:e8:f8:a3:62:e4:96:9d:df:
                    0d:16:b7:07:50:2f:13:e9:57:98:08:2e:a5:b6:64:
                    35:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:2F:BA:FC:CA:4B:15:73:42:FF:25:5C:1C:DE:DB:A1:C9:93:44:5A
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/rC-6_MpLFXNC_yVcHN7bocmTRFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.98.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:e6:23:39:88:fc:a1:d5:d8:fd:1e:a8:06:f5:b2:04:01:a3:
         9e:aa:5d:bd:29:c9:d4:d1:1d:f6:a3:6d:05:8d:b3:b8:a0:79:
         ca:db:d4:13:03:3c:b3:76:c7:2b:ea:01:0e:1b:04:fa:7c:32:
         53:87:e7:9d:8d:19:0b:c6:63:08:7f:f0:83:db:bf:43:b6:9d:
         10:93:94:a6:8c:42:03:c5:27:35:6c:36:cc:75:3e:27:3e:fb:
         58:c8:f9:b2:f6:4b:87:b3:ee:a9:d8:45:9d:3b:8b:fb:8e:c8:
         00:7b:df:7e:c8:82:a0:e9:88:84:56:f2:ec:f0:7b:0b:9b:93:
         56:34:87:07:b3:32:21:1b:18:24:59:0c:81:07:ce:04:7b:56:
         1e:5e:a6:e2:b3:bb:b9:04:f8:9b:d2:93:58:33:9d:0e:7f:12:
         3a:5c:1f:5c:5b:17:51:d1:08:e3:cc:91:22:a4:79:fb:44:90:
         7b:2e:3c:b9:18:ef:fc:58:9b:21:67:bc:aa:db:48:8b:33:eb:
         e3:3d:8b:d3:d5:88:52:f8:c0:f2:89:3c:b5:f6:e1:f6:d0:34:
         2e:26:af:d0:89:85:0e:46:77:52:3f:bd:f9:09:fa:1a:db:28:
         ee:f6:1c:80:c7:de:b1:15:c5:ff:a2:da:9b:7f:b2:fa:46:87:
         0f:89:e4:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfqxKuF4cyP0G3vM/Y6EZfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwNzA4MTYwMDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzJmYmFmY2NhNGIxNTczNDJmZjI1NWMxY2RlZGJhMWM5OTM0NDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnDznB/ln1cZXU/A1Bk0h/9NLDEg
isvJYattinudZ9AkNa/fsWq6l593c9VFYMjfRteTAvBN3mZzj/g7y6WcZV/Ht6s6
PPnqmPYEtzXY2qGXvqY8CJYAaqS4ZRLhF7cIvhCCgzAX4DOwbnMwE5xLkjlz5eSK
5hHE6hwcWzBdKBJL5DnJQI76tZh4rrEyoeaND5RruzPSV78wwSrxExq3pf9r/MHh
iiTau4Lg09XaumsM8lxwXtLH6kog5Hp70bblcjvPBTARW854+Quk2pLSMA/mJIS3
CtgiylzDaX2JSLHJ7XTY5Jhm6PijYuSWnd8NFrcHUC8T6VeYCC6ltmQ1hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwvuvzKSxVzQv8lXBze26HJk0RaMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvckMtNl9NcExGWE5DX3lWY0hON2JvY21UUkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGK9MA0G
CSqGSIb3DQEBCwUAA4IBAQAA5iM5iPyh1dj9HqgG9bIEAaOeql29KcnU0R32o20F
jbO4oHnK29QTAzyzdscr6gEOGwT6fDJTh+edjRkLxmMIf/CD279Dtp0Qk5SmjEID
xSc1bDbMdT4nPvtYyPmy9kuHs+6p2EWdO4v7jsgAe99+yIKg6YiEVvLs8HsLm5NW
NIcHszIhGxgkWQyBB84Ee1YeXqbis7u5BPib0pNYM50OfxI6XB9cWxdR0QjjzJEi
pHn7RJB7Ljy5GO/8WJshZ7yq20iLM+vjPYvT1YhS+MDyiTy19uH20DQuJq/QiYUO
RndSP735Cfoa2yju9hyAx96xFcX/otqbf7L6RocPieSZ
-----END CERTIFICATE-----