Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/6M8HqKSI22ar6eaAcnn8ev1P9AQ.roa
File:                     6M8HqKSI22ar6eaAcnn8ev1P9AQ.roa (raw, json)
Hash identifier:          nVlGdB/dQUdpvwsW+Z7Kxz9y2rH9JWzBWwfpv9z8khM=
Subject key identifier:   E8:CF:07:A8:A4:88:DB:66:AB:E9:E6:80:72:79:FC:7A:FD:4F:F4:04
Certificate issuer:       /CN=94948e5f2fa04b222a6e96883b840f7124531556
Certificate serial:       019426D9142E1B80FA62D28060D2233167D1
Authority key identifier: 94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/6M8HqKSI22ar6eaAcnn8ev1P9AQ.roa
Signing time:             Thu 02 Jan 2025 11:49:08 +0000
ROA not before:           Thu 02 Jan 2025 11:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61330
IP address blocks:        185.141.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:14:2e:1b:80:fa:62:d2:80:60:d2:23:31:67:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94948e5f2fa04b222a6e96883b840f7124531556
        Validity
            Not Before: Jan  2 11:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8cf07a8a488db66abe9e6807279fc7afd4ff404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3c:90:84:71:76:37:52:27:aa:b6:48:2f:6d:
                    b0:c9:b2:9c:58:2d:fc:48:0c:52:aa:a3:49:a0:5f:
                    51:2a:f7:05:08:0c:6c:1c:77:0a:48:20:4a:11:cc:
                    fa:af:18:4e:1e:21:2b:e9:5c:2c:c3:18:29:9f:5b:
                    58:99:6c:5b:83:cd:bf:b7:74:57:1f:c7:0d:47:94:
                    3c:d7:17:1f:81:ed:04:f8:bd:b4:18:70:b6:f6:ef:
                    ef:26:99:00:34:74:e6:e7:95:6b:a0:dd:09:03:97:
                    1b:e8:c8:b2:f3:16:e9:1c:e9:00:97:a4:70:05:73:
                    66:d4:f1:34:a7:16:f7:17:7a:df:c8:14:8e:fd:30:
                    c9:17:de:af:4a:cb:b8:d7:6b:7f:3b:90:c9:98:2a:
                    29:ca:0f:da:52:0a:5a:82:cf:9f:b8:39:74:51:2f:
                    8f:05:05:0e:af:5c:e6:81:b7:f6:85:1d:04:db:cf:
                    8e:20:3c:47:c2:72:5a:3b:82:40:df:68:78:51:c2:
                    7b:16:37:ad:9a:63:f7:29:88:24:7b:16:2b:11:38:
                    c2:9e:6e:80:dd:23:13:52:e2:ce:e8:be:16:85:6f:
                    13:99:9e:3a:df:36:ae:34:f3:be:31:66:a4:71:87:
                    2f:50:e7:54:98:c1:59:36:d5:c4:13:f5:2c:d1:2f:
                    a4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:CF:07:A8:A4:88:DB:66:AB:E9:E6:80:72:79:FC:7A:FD:4F:F4:04
            X509v3 Authority Key Identifier:
                keyid:94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/6M8HqKSI22ar6eaAcnn8ev1P9AQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:9d:51:56:24:f6:c1:82:5c:52:ba:47:15:e4:0f:46:1a:b1:
         49:95:13:22:5e:74:bd:88:c1:eb:35:f6:3f:90:22:b5:83:c1:
         1d:07:34:de:a4:b7:aa:b8:ae:ba:f7:17:e4:bd:3d:50:5f:46:
         94:17:e8:a3:4f:b5:bd:ea:29:63:78:96:2b:29:9b:7d:85:99:
         ff:94:e7:a5:69:ec:1d:44:1b:56:05:44:2c:99:7b:01:88:74:
         e9:01:1d:a3:25:5a:92:9b:38:73:dc:30:83:78:5a:c8:d5:9d:
         23:2e:11:84:6b:9a:aa:d7:51:96:1a:9c:52:09:5c:05:0c:c6:
         c4:8c:62:5f:33:c9:78:3e:71:e7:ee:ae:5b:68:33:46:34:1e:
         62:3e:91:4f:f9:d3:89:bc:25:38:25:c0:d4:1c:c0:b8:86:50:
         dc:4c:79:9a:7c:c2:fb:5c:9b:bc:e8:40:a5:16:9f:bc:21:94:
         a9:f7:c4:b5:40:ec:a5:2e:06:ed:9a:6c:84:94:95:00:62:ff:
         97:08:dc:7f:f8:cd:e9:9a:3d:cf:ed:39:99:3b:57:3e:15:18:
         9e:d6:a4:87:ce:ce:17:f1:f4:9c:97:93:64:f2:af:0d:91:87:
         29:f8:ba:09:c3:ce:7a:e2:1f:90:46:6e:ca:85:38:64:5e:11:
         cd:2f:87:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2RQuG4D6YtKAYNIjMWfRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OTQ4ZTVmMmZhMDRiMjIyYTZlOTY4ODNiODQwZjcxMjQ1
MzE1NTYwHhcNMjUwMTAyMTE0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGNmMDdhOGE0ODhkYjY2YWJlOWU2ODA3Mjc5ZmM3YWZkNGZmNDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTyQhHF2N1InqrZIL22wybKcWC38
SAxSqqNJoF9RKvcFCAxsHHcKSCBKEcz6rxhOHiEr6Vwswxgpn1tYmWxbg82/t3RX
H8cNR5Q81xcfge0E+L20GHC29u/vJpkANHTm55VroN0JA5cb6Miy8xbpHOkAl6Rw
BXNm1PE0pxb3F3rfyBSO/TDJF96vSsu412t/O5DJmCopyg/aUgpags+fuDl0US+P
BQUOr1zmgbf2hR0E28+OIDxHwnJaO4JA32h4UcJ7FjetmmP3KYgkexYrETjCnm6A
3SMTUuLO6L4WhW8TmZ463zauNPO+MWakcYcvUOdUmMFZNtXEE/Us0S+kkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjPB6ikiNtmq+nmgHJ5/Hr9T/QEMB8GA1UdIwQY
MBaAFJSUjl8voEsiKm6WiDuED3EkUxVWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODct
NjQxYjhlNjBkM2UyLzEvNk04SHFLU0kyMmFyNmVhQWNubjhldjFQOUFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODctNjQxYjhlNjBkM2Uy
LzEvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY0ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCNnVFWJPbBglxSukcV5A9GGrFJlRMiXnS9iMHrNfY/
kCK1g8EdBzTepLequK669xfkvT1QX0aUF+ijT7W96iljeJYrKZt9hZn/lOelaewd
RBtWBUQsmXsBiHTpAR2jJVqSmzhz3DCDeFrI1Z0jLhGEa5qq11GWGpxSCVwFDMbE
jGJfM8l4PnHn7q5baDNGNB5iPpFP+dOJvCU4JcDUHMC4hlDcTHmafML7XJu86ECl
Fp+8IZSp98S1QOylLgbtmmyElJUAYv+XCNx/+M3pmj3P7TmZO1c+FRie1qSHzs4X
8fScl5Nk8q8NkYcp+LoJw8564h+QRm7KhThkXhHNL4ef
-----END CERTIFICATE-----