Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/6bG4bMO_DWkIG7hWGALOlgBVxos.roa
File:                     6bG4bMO_DWkIG7hWGALOlgBVxos.roa (raw, json)
Hash identifier:          HbRjK6s2T5/MfaBv/xCsS95H1q1BLsLbojSKMEeMqMg=
Subject key identifier:   E9:B1:B8:6C:C3:BF:0D:69:08:1B:B8:56:18:02:CE:96:00:55:C6:8B
Certificate issuer:       /CN=3be4761d44d806c3f9e4e76b79c8f2296cc7bbcf
Certificate serial:       0195479AC4A4F2AD1F6499FAD6955AE97B21
Authority key identifier: 3B:E4:76:1D:44:D8:06:C3:F9:E4:E7:6B:79:C8:F2:29:6C:C7:BB:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-R2HUTYBsP55OdrecjyKWzHu88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/6bG4bMO_DWkIG7hWGALOlgBVxos.roa
Signing time:             Thu 27 Feb 2025 13:31:20 +0000
ROA not before:           Thu 27 Feb 2025 13:31:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202234
IP address blocks:        185.49.108.0/22 maxlen: 24
                          2a04:b940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/O-R2HUTYBsP55OdrecjyKWzHu88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/O-R2HUTYBsP55OdrecjyKWzHu88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O-R2HUTYBsP55OdrecjyKWzHu88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 16:41:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:47:9a:c4:a4:f2:ad:1f:64:99:fa:d6:95:5a:e9:7b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3be4761d44d806c3f9e4e76b79c8f2296cc7bbcf
        Validity
            Not Before: Feb 27 13:31:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9b1b86cc3bf0d69081bb8561802ce960055c68b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:02:25:a6:a7:70:cf:bd:90:3b:89:6f:4a:71:
                    75:9c:bc:2b:f2:ba:66:f8:ae:c7:0b:f2:35:b4:f0:
                    dc:79:85:8f:10:1e:d5:71:15:ae:4b:31:f2:6f:95:
                    f8:ec:28:d6:1f:02:33:28:81:15:7d:8d:9d:9c:13:
                    f3:fc:cd:85:1a:de:9d:38:4b:8f:87:dc:d7:77:7e:
                    a9:e4:4d:82:3e:9e:b3:0e:f3:1f:cd:fd:34:e3:d4:
                    73:be:d3:5b:ff:e5:ac:e6:d7:ae:68:53:3c:ec:df:
                    52:4a:ae:d5:18:21:a1:bc:84:e7:ea:e4:23:94:58:
                    37:fb:94:3b:31:93:bd:d9:35:4c:3d:3d:be:2c:7f:
                    ee:e9:dc:d4:d9:49:82:ae:9d:26:b4:ad:e4:5e:f5:
                    1b:6a:c9:bf:43:f0:49:a0:09:60:dc:64:89:f5:57:
                    7f:80:18:cc:5c:c2:dc:3c:57:cb:51:c3:1e:bd:71:
                    cf:96:59:f1:da:ee:66:14:30:d2:16:9f:50:59:f3:
                    cb:34:fa:30:8d:1f:6c:94:83:25:c2:57:9e:8f:bb:
                    a4:ed:2c:e1:4c:c0:60:50:08:a7:78:5e:e5:2b:7d:
                    de:41:b0:e9:33:cb:67:89:51:79:b4:e7:78:22:dc:
                    67:7c:85:3e:d8:13:3a:3b:fc:9b:eb:2f:53:15:45:
                    3c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B1:B8:6C:C3:BF:0D:69:08:1B:B8:56:18:02:CE:96:00:55:C6:8B
            X509v3 Authority Key Identifier:
                keyid:3B:E4:76:1D:44:D8:06:C3:F9:E4:E7:6B:79:C8:F2:29:6C:C7:BB:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-R2HUTYBsP55OdrecjyKWzHu88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/6bG4bMO_DWkIG7hWGALOlgBVxos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/d2c38e-0aaf-4e3b-8ed8-b54ae6f08f4f/1/O-R2HUTYBsP55OdrecjyKWzHu88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.108.0/22
                IPv6:
                  2a04:b940::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:41:a2:75:c1:80:9b:16:04:e1:30:c9:d5:af:9e:d9:f6:da:
         50:1e:bb:da:69:6d:6f:0a:60:b5:c7:88:69:4a:91:49:6d:8e:
         04:36:cb:bf:5a:06:ed:69:ed:49:fb:4f:dd:9d:9c:0e:47:29:
         ff:bf:8e:04:37:03:ef:f7:a1:aa:72:61:3e:03:de:16:26:94:
         bb:70:d5:86:22:c0:1e:f7:17:ac:f6:04:9a:73:96:4b:7b:17:
         08:07:9a:ab:8e:a5:88:a0:4e:1d:2b:15:e0:d4:db:6c:c1:bf:
         09:75:6f:e0:2a:c6:f8:17:c1:6f:2f:ea:57:4c:cd:25:9a:64:
         fe:8a:de:9a:85:87:28:36:47:d1:0c:40:73:0d:e9:db:be:1c:
         36:7d:de:8b:02:b2:f0:65:a1:bc:07:09:15:f5:7a:17:f7:97:
         36:64:04:07:30:20:a7:86:d5:b5:a3:99:1d:19:02:e3:a8:05:
         5e:48:d6:cb:ab:0d:be:50:76:0e:c8:ac:c6:0c:76:f6:d2:05:
         41:41:ba:bd:06:10:2d:de:3f:b5:f6:10:bb:85:08:8f:0b:5e:
         0d:3c:be:38:98:df:d6:0c:6f:4f:4f:1a:98:de:43:fe:5d:72:
         95:66:ed:2e:e6:06:a5:ec:1c:e3:db:75:4d:50:3a:af:0e:02:
         ed:6f:02:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZVHmsSk8q0fZJn61pVa6XshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZTQ3NjFkNDRkODA2YzNmOWU0ZTc2Yjc5YzhmMjI5NmNj
N2JiY2YwHhcNMjUwMjI3MTMzMTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWIxYjg2Y2MzYmYwZDY5MDgxYmI4NTYxODAyY2U5NjAwNTVjNjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wIlpqdwz72QO4lvSnF1nLwr8rpm
+K7HC/I1tPDceYWPEB7VcRWuSzHyb5X47CjWHwIzKIEVfY2dnBPz/M2FGt6dOEuP
h9zXd36p5E2CPp6zDvMfzf0049RzvtNb/+Ws5teuaFM87N9SSq7VGCGhvITn6uQj
lFg3+5Q7MZO92TVMPT2+LH/u6dzU2UmCrp0mtK3kXvUbasm/Q/BJoAlg3GSJ9Vd/
gBjMXMLcPFfLUcMevXHPllnx2u5mFDDSFp9QWfPLNPowjR9slIMlwleej7uk7Szh
TMBgUAineF7lK33eQbDpM8tniVF5tOd4ItxnfIU+2BM6O/yb6y9TFUU8QQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOmxuGzDvw1pCBu4VhgCzpYAVcaLMB8GA1UdIwQY
MBaAFDvkdh1E2AbD+eTna3nI8ilsx7vPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy1SMkhVVFlCc1A1NU9kcmVjanlLV3pIdTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9kMmMzOGUtMGFhZi00ZTNiLThlZDgt
YjU0YWU2ZjA4ZjRmLzEvNmJHNGJNT19EV2tJRzdoV0dBTE9sZ0JWeG9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9kMmMzOGUtMGFhZi00ZTNiLThlZDgtYjU0YWU2ZjA4ZjRm
LzEvTy1SMkhVVFlCc1A1NU9kcmVjanlLV3pIdTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTFsMA0E
AgACMAcDBQMqBLlAMA0GCSqGSIb3DQEBCwUAA4IBAQC7QaJ1wYCbFgThMMnVr57Z
9tpQHrvaaW1vCmC1x4hpSpFJbY4ENsu/Wgbtae1J+0/dnZwORyn/v44ENwPv96Gq
cmE+A94WJpS7cNWGIsAe9xes9gSac5ZLexcIB5qrjqWIoE4dKxXg1Ntswb8JdW/g
Ksb4F8FvL+pXTM0lmmT+it6ahYcoNkfRDEBzDenbvhw2fd6LArLwZaG8BwkV9XoX
95c2ZAQHMCCnhtW1o5kdGQLjqAVeSNbLqw2+UHYOyKzGDHb20gVBQbq9BhAt3j+1
9hC7hQiPC14NPL44mN/WDG9PTxqY3kP+XXKVZu0u5gal7Bzj23VNUDqvDgLtbwLm
-----END CERTIFICATE-----