Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/6lcB1paeVsTWcaNkvye9tw7Oji8.roa
File:                     6lcB1paeVsTWcaNkvye9tw7Oji8.roa (raw, json)
Hash identifier:          VlGIgFHoP01B057tsoHS/kU6LwtLpekuxJulq7MdKYU=
Subject key identifier:   EA:57:01:D6:96:9E:56:C4:D6:71:A3:64:BF:27:BD:B7:0E:CE:8E:2F
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       0197C2769C802EDD453F572DA43F5A6A0DEE
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/6lcB1paeVsTWcaNkvye9tw7Oji8.roa
Signing time:             Mon 30 Jun 2025 20:10:42 +0000
ROA not before:           Mon 30 Jun 2025 20:10:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        80.246.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c2:76:9c:80:2e:dd:45:3f:57:2d:a4:3f:5a:6a:0d:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jun 30 20:10:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea5701d6969e56c4d671a364bf27bdb70ece8e2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f3:c6:a5:fd:d2:41:35:39:1c:c1:7a:5f:99:
                    e6:e4:0b:69:44:ea:b3:5b:70:d8:bd:b5:48:fe:61:
                    f3:b3:a2:5b:26:d7:2b:32:5e:f8:89:5d:85:e9:bb:
                    54:dd:f8:f8:46:93:a3:68:62:a1:79:53:9f:d3:ff:
                    01:64:79:67:c5:5c:f7:7e:ed:99:de:0b:3c:8f:f7:
                    d9:90:20:8c:73:b2:99:1d:df:37:ff:4f:aa:9a:e0:
                    6b:81:08:eb:2f:98:4b:dc:af:ef:6f:4c:8f:42:5f:
                    bc:ef:2c:90:65:e7:d4:5f:b2:44:7e:69:a5:c8:92:
                    03:40:20:32:59:03:fa:37:f9:e6:21:73:8b:08:70:
                    f8:d5:26:af:46:c0:29:b3:e0:6e:12:a2:43:bf:a3:
                    3d:ea:88:85:c2:97:e1:45:56:d2:5e:f8:05:7d:0c:
                    85:70:dc:7e:e4:8a:1b:df:9c:58:88:e2:36:70:5c:
                    e7:a9:52:f3:23:60:bd:28:bd:e7:7b:83:3e:97:6e:
                    02:a1:80:4a:97:59:9b:0b:fc:69:29:e0:55:e7:a9:
                    33:2f:40:56:5f:27:f4:25:bb:46:de:c8:63:c6:b5:
                    cb:9c:77:6b:26:c8:8e:e1:3e:28:ee:13:45:68:12:
                    b7:d4:ac:c1:a3:ff:7f:3c:75:24:ee:5f:52:4f:c9:
                    f0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:57:01:D6:96:9E:56:C4:D6:71:A3:64:BF:27:BD:B7:0E:CE:8E:2F
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/6lcB1paeVsTWcaNkvye9tw7Oji8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:e8:77:e5:bb:3d:7f:61:6d:67:90:ef:14:bb:b1:c4:b9:ac:
         45:73:fe:c6:7c:35:34:f3:3f:32:d9:d5:b5:6e:0c:d3:ba:f2:
         e9:2a:b9:8f:44:9d:bd:6e:43:54:39:85:cb:aa:5a:e5:2e:bd:
         6e:47:f9:6c:8f:f7:19:1a:b4:5e:c1:8c:dc:0c:f5:f6:90:d3:
         92:1d:22:3e:c3:e3:01:13:23:9d:68:c1:d3:a0:92:65:a8:93:
         7a:6f:70:23:fb:68:8f:0c:cb:29:c2:d1:ea:10:98:16:d0:ce:
         38:b8:f3:4e:9c:c3:ff:50:25:30:dc:5c:51:36:e9:e6:89:7b:
         ec:02:2b:9c:02:42:7d:1d:2c:9f:16:c2:68:ac:5e:3f:99:23:
         ee:3f:8d:d6:1a:ff:ef:ea:f7:d3:6a:b2:3c:84:69:ba:e3:73:
         e7:e8:f7:5d:73:d8:b6:b8:81:72:ed:66:d9:0a:13:b5:29:16:
         bb:c3:4c:77:e9:9a:b6:06:18:ec:8c:ae:1b:30:13:82:fb:51:
         88:39:80:c9:29:80:04:bc:81:5e:5d:65:aa:a5:d3:d7:08:dc:
         c7:04:14:31:6a:2f:d8:b8:8b:b0:c5:1a:0a:c5:75:cf:7a:29:
         14:d3:01:ad:64:28:25:00:b6:91:d4:6a:49:36:6f:53:56:f0:
         5d:0e:88:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfCdpyALt1FP1ctpD9aag3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUwNjMwMjAxMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTU3MDFkNjk2OWU1NmM0ZDY3MWEzNjRiZjI3YmRiNzBlY2U4ZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PPGpf3SQTU5HMF6X5nm5AtpROqz
W3DYvbVI/mHzs6JbJtcrMl74iV2F6btU3fj4RpOjaGKheVOf0/8BZHlnxVz3fu2Z
3gs8j/fZkCCMc7KZHd83/0+qmuBrgQjrL5hL3K/vb0yPQl+87yyQZefUX7JEfmml
yJIDQCAyWQP6N/nmIXOLCHD41SavRsAps+BuEqJDv6M96oiFwpfhRVbSXvgFfQyF
cNx+5Iob35xYiOI2cFznqVLzI2C9KL3ne4M+l24CoYBKl1mbC/xpKeBV56kzL0BW
Xyf0JbtG3shjxrXLnHdrJsiO4T4o7hNFaBK31KzBo/9/PHUk7l9ST8nwgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpXAdaWnlbE1nGjZL8nvbcOzo4vMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvNmxjQjFwYWVWc1RXY2FOa3Z5ZTl0dzdPamk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPbnMA0G
CSqGSIb3DQEBCwUAA4IBAQCI6Hfluz1/YW1nkO8Uu7HEuaxFc/7GfDU08z8y2dW1
bgzTuvLpKrmPRJ29bkNUOYXLqlrlLr1uR/lsj/cZGrRewYzcDPX2kNOSHSI+w+MB
EyOdaMHToJJlqJN6b3Aj+2iPDMspwtHqEJgW0M44uPNOnMP/UCUw3FxRNunmiXvs
AiucAkJ9HSyfFsJorF4/mSPuP43WGv/v6vfTarI8hGm643Pn6Pddc9i2uIFy7WbZ
ChO1KRa7w0x36Zq2BhjsjK4bMBOC+1GIOYDJKYAEvIFeXWWqpdPXCNzHBBQxai/Y
uIuwxRoKxXXPeikU0wGtZCglALaR1GpJNm9TVvBdDoi7
-----END CERTIFICATE-----