Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/dc46ec-6428-4e5f-9a19-4f54ad755b20/1/6Ch2BA4EBBViUCewGb6Paaan7YI.roa
File:                     6Ch2BA4EBBViUCewGb6Paaan7YI.roa (raw, json)
Hash identifier:          WRYMr3XPQ7z0oDRXKp9hN0X+086fzEIRzfg0NuzfPNE=
Subject key identifier:   E8:28:76:04:0E:04:04:15:62:50:27:B0:19:BE:8F:69:A6:A7:ED:82
Certificate issuer:       /CN=445df13d20f3b571a4ba610b81e6303db6d099c0
Certificate serial:       0194244570E432C38DF2334E1C4BF89768E2
Authority key identifier: 44:5D:F1:3D:20:F3:B5:71:A4:BA:61:0B:81:E6:30:3D:B6:D0:99:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RF3xPSDztXGkumELgeYwPbbQmcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/dc46ec-6428-4e5f-9a19-4f54ad755b20/1/6Ch2BA4EBBViUCewGb6Paaan7YI.roa
Signing time:             Wed 01 Jan 2025 23:48:38 +0000
ROA not before:           Wed 01 Jan 2025 23:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8829
IP address blocks:        185.225.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/dc46ec-6428-4e5f-9a19-4f54ad755b20/1/RF3xPSDztXGkumELgeYwPbbQmcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/dc46ec-6428-4e5f-9a19-4f54ad755b20/1/RF3xPSDztXGkumELgeYwPbbQmcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RF3xPSDztXGkumELgeYwPbbQmcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:70:e4:32:c3:8d:f2:33:4e:1c:4b:f8:97:68:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=445df13d20f3b571a4ba610b81e6303db6d099c0
        Validity
            Not Before: Jan  1 23:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e82876040e040415625027b019be8f69a6a7ed82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:2f:fb:b1:95:8f:42:b5:ee:53:51:a3:9a:3f:
                    a1:74:8f:15:cc:a9:75:fb:a5:00:f6:40:c8:8d:17:
                    9d:3c:8a:2d:a9:e7:9b:f2:82:f6:4b:8b:f2:38:d3:
                    5a:55:1c:24:29:24:8c:94:a5:3b:f6:8f:e1:fc:e7:
                    cb:15:22:3a:a4:cd:8a:73:7b:61:af:15:ab:57:55:
                    4a:c3:39:25:73:57:4b:ed:51:82:d6:52:8a:60:1e:
                    a3:d4:81:9a:2a:d2:c4:f6:d4:9b:0a:24:32:a5:72:
                    40:4d:44:2b:e2:c0:11:be:b9:33:45:44:5a:8f:16:
                    63:8f:5a:0d:80:ce:3f:a4:cf:8c:dd:ca:b8:00:ec:
                    15:0a:ed:e9:fc:1f:9f:32:d0:f4:26:1a:ba:2d:f3:
                    e4:a8:47:03:12:17:81:ac:4e:dd:4b:3a:31:52:d1:
                    59:f3:f1:d7:c3:73:61:8e:31:46:a6:64:1f:26:b0:
                    0e:2e:7d:af:26:68:32:21:9e:50:00:da:12:31:8b:
                    42:e8:8e:ed:47:a9:78:64:7a:7e:71:a6:8a:92:d6:
                    6d:00:2d:ff:06:b5:07:c6:bf:e9:a0:23:38:c1:96:
                    84:2c:28:66:81:03:35:f2:66:58:9f:f6:30:75:e5:
                    e8:56:7e:81:b2:f4:31:3a:a0:9f:6d:30:cd:b9:57:
                    58:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:28:76:04:0E:04:04:15:62:50:27:B0:19:BE:8F:69:A6:A7:ED:82
            X509v3 Authority Key Identifier:
                keyid:44:5D:F1:3D:20:F3:B5:71:A4:BA:61:0B:81:E6:30:3D:B6:D0:99:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RF3xPSDztXGkumELgeYwPbbQmcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/dc46ec-6428-4e5f-9a19-4f54ad755b20/1/6Ch2BA4EBBViUCewGb6Paaan7YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/dc46ec-6428-4e5f-9a19-4f54ad755b20/1/RF3xPSDztXGkumELgeYwPbbQmcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:28:5b:93:7e:e7:88:25:4e:95:44:9b:5c:00:96:a3:d9:e7:
         a8:f8:21:60:18:01:4c:40:62:af:af:9e:ae:ea:ee:fb:36:6e:
         dd:48:42:8d:01:29:30:72:bb:63:da:6f:e1:1f:b5:16:65:5e:
         9b:e9:f8:3c:68:e8:19:50:89:40:19:d2:45:4b:e9:98:e0:58:
         c0:e0:84:1f:38:7f:6a:7c:82:28:9d:a8:59:94:1d:69:cf:8c:
         69:b4:49:7c:68:62:ec:25:82:95:40:e5:5b:ba:9c:cc:75:b1:
         de:bd:73:7b:65:d9:14:af:b4:28:3c:ec:55:e2:c5:d4:d3:05:
         a4:02:33:1a:50:fb:9f:29:f8:7e:87:a8:16:66:c2:d7:3e:5e:
         80:42:5f:29:b6:6e:89:01:fd:73:7a:04:a1:81:85:88:f4:c7:
         01:e9:f1:de:cd:f3:2d:a3:2a:8d:22:84:2b:2b:f7:06:9b:b0:
         79:a1:e9:04:5b:dc:ad:44:cf:a7:b1:8b:6f:ee:88:c4:0f:5d:
         37:1f:b8:a3:0c:a3:95:ee:ea:64:7c:ff:c0:ef:50:8d:0a:85:
         41:ed:73:db:9b:d0:f9:08:c1:8c:b1:a9:57:c6:07:fd:c4:64:
         ab:a6:79:b1:94:ff:1d:f7:4f:c6:8a:43:6a:49:5f:84:10:1e:
         33:93:28:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRXDkMsON8jNOHEv4l2jiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NWRmMTNkMjBmM2I1NzFhNGJhNjEwYjgxZTYzMDNkYjZk
MDk5YzAwHhcNMjUwMTAxMjM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODI4NzYwNDBlMDQwNDE1NjI1MDI3YjAxOWJlOGY2OWE2YTdlZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9S/7sZWPQrXuU1Gjmj+hdI8VzKl1
+6UA9kDIjRedPIotqeeb8oL2S4vyONNaVRwkKSSMlKU79o/h/OfLFSI6pM2Kc3th
rxWrV1VKwzklc1dL7VGC1lKKYB6j1IGaKtLE9tSbCiQypXJATUQr4sARvrkzRURa
jxZjj1oNgM4/pM+M3cq4AOwVCu3p/B+fMtD0Jhq6LfPkqEcDEheBrE7dSzoxUtFZ
8/HXw3NhjjFGpmQfJrAOLn2vJmgyIZ5QANoSMYtC6I7tR6l4ZHp+caaKktZtAC3/
BrUHxr/poCM4wZaELChmgQM18mZYn/YwdeXoVn6BsvQxOqCfbTDNuVdY2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOgodgQOBAQVYlAnsBm+j2mmp+2CMB8GA1UdIwQY
MBaAFERd8T0g87VxpLphC4HmMD220JnAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkYzeFBTRHp0WEdrdW1FTGdlWXdQYmJRbWNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9kYzQ2ZWMtNjQyOC00ZTVmLTlhMTkt
NGY1NGFkNzU1YjIwLzEvNkNoMkJBNEVCQlZpVUNld0diNlBhYWFuN1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9kYzQ2ZWMtNjQyOC00ZTVmLTlhMTktNGY1NGFkNzU1YjIw
LzEvUkYzeFBTRHp0WEdrdW1FTGdlWXdQYmJRbWNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHhMA0G
CSqGSIb3DQEBCwUAA4IBAQAoKFuTfueIJU6VRJtcAJaj2eeo+CFgGAFMQGKvr56u
6u77Nm7dSEKNASkwcrtj2m/hH7UWZV6b6fg8aOgZUIlAGdJFS+mY4FjA4IQfOH9q
fIIonahZlB1pz4xptEl8aGLsJYKVQOVbupzMdbHevXN7ZdkUr7QoPOxV4sXU0wWk
AjMaUPufKfh+h6gWZsLXPl6AQl8ptm6JAf1zegShgYWI9McB6fHezfMtoyqNIoQr
K/cGm7B5oekEW9ytRM+nsYtv7ojED103H7ijDKOV7upkfP/A71CNCoVB7XPbm9D5
CMGMsalXxgf9xGSrpnmxlP8d90/GikNqSV+EEB4zkyjX
-----END CERTIFICATE-----