Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/4MHLeZKHCc5v2eG_hUTKUO_SQW0.roa
File:                     4MHLeZKHCc5v2eG_hUTKUO_SQW0.roa (raw, json)
Hash identifier:          s89mh8mTzjBY6Fii8f0XQdlc/RvoNx8XMwrvpm8npEA=
Subject key identifier:   E0:C1:CB:79:92:87:09:CE:6F:D9:E1:BF:85:44:CA:50:EF:D2:41:6D
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       01990B67CDDE03F3309F69F72BBA9CA664E9
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/4MHLeZKHCc5v2eG_hUTKUO_SQW0.roa
Signing time:             Tue 02 Sep 2025 17:09:36 +0000
ROA not before:           Tue 02 Sep 2025 17:09:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200993
IP address blocks:        2a01:ecc0:6f4::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:67:cd:de:03:f3:30:9f:69:f7:2b:ba:9c:a6:64:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Sep  2 17:09:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0c1cb79928709ce6fd9e1bf8544ca50efd2416d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4a:5b:f3:5d:da:32:85:c7:c1:ff:67:d2:b2:
                    96:09:89:a6:8c:da:d0:c8:23:41:67:03:c8:4e:a8:
                    f2:1f:37:d9:77:0c:5e:a7:1d:6f:0d:ec:7b:07:aa:
                    3b:66:34:43:f5:8a:43:9b:a8:13:2b:89:2b:0e:02:
                    db:5e:6f:06:3b:a0:57:aa:66:bd:39:db:7c:d1:f4:
                    e4:d3:00:b5:5c:34:51:96:54:d1:73:70:2d:a7:21:
                    52:f8:db:0d:f8:8c:2a:de:6e:f1:8e:09:57:0f:a7:
                    d9:73:ef:43:7c:5f:13:2e:c8:d1:7e:fc:bc:98:81:
                    93:02:ed:3a:36:06:3e:e3:04:6c:62:49:03:fc:a8:
                    27:53:a1:50:7b:94:14:75:11:d7:d7:79:d5:0b:1e:
                    7c:fd:57:3a:c9:0f:1b:38:2d:37:f6:30:10:aa:34:
                    87:f0:4f:39:27:45:75:32:73:e0:29:57:b9:d2:37:
                    29:ea:e4:ba:ac:f4:b9:88:8f:3b:9a:d4:93:8e:d1:
                    d8:3a:13:3d:71:5a:54:c9:ca:31:4e:5a:e8:df:10:
                    d8:5b:c8:e1:ae:7b:cb:f0:aa:b5:9c:dd:03:89:18:
                    45:64:98:44:7f:72:c1:5c:93:94:11:a3:8b:1b:48:
                    49:fb:41:7f:ba:64:f1:14:cd:32:b2:59:9d:08:5a:
                    cf:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:C1:CB:79:92:87:09:CE:6F:D9:E1:BF:85:44:CA:50:EF:D2:41:6D
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/4MHLeZKHCc5v2eG_hUTKUO_SQW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:6f4::/46

    Signature Algorithm: sha256WithRSAEncryption
         6b:36:3e:09:42:9a:5c:f1:4d:ae:42:dc:99:22:50:9c:8b:cf:
         aa:ff:56:ee:c8:63:d3:b3:96:7f:5f:8d:09:a9:87:5b:69:53:
         7b:0e:0d:bd:13:0e:23:b6:39:ea:f4:af:05:94:8f:ce:14:f6:
         d5:c5:a4:b1:51:c2:49:6d:a2:0d:57:a0:07:c9:c5:26:ea:4e:
         b9:97:42:57:95:e9:a2:57:65:46:ed:9f:06:94:1d:e7:bb:91:
         96:e8:eb:0f:35:db:45:b7:a0:b1:33:4e:77:e6:95:4c:3d:ca:
         74:86:b1:44:17:4d:87:bd:68:e1:27:a8:f9:f3:95:a2:81:0b:
         5e:d8:73:22:4b:16:d6:c1:84:3f:02:02:14:38:83:bc:92:21:
         d9:1e:8b:75:94:0a:43:3e:34:f8:bf:98:d5:99:a1:b3:e6:27:
         f3:92:34:a4:4a:95:c8:db:a9:38:28:e3:ba:56:4e:e0:5c:9c:
         97:ef:3a:75:97:a8:25:23:87:7c:56:c3:38:a7:c4:ea:b5:60:
         ee:eb:aa:d9:08:8c:7b:73:e9:5a:69:ae:2d:3b:a4:1b:e5:4e:
         8e:67:8f:fa:d0:62:95:a1:2b:33:09:b3:14:4e:f4:52:ce:98:
         ec:3a:1a:49:7c:89:e9:6f:56:bd:20:27:3a:fc:3b:09:f2:5f:
         fa:3e:0a:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkLZ83eA/Mwn2n3K7qcpmTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwOTAyMTcwOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGMxY2I3OTkyODcwOWNlNmZkOWUxYmY4NTQ0Y2E1MGVmZDI0MTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUpb813aMoXHwf9n0rKWCYmmjNrQ
yCNBZwPITqjyHzfZdwxepx1vDex7B6o7ZjRD9YpDm6gTK4krDgLbXm8GO6BXqma9
Odt80fTk0wC1XDRRllTRc3AtpyFS+NsN+Iwq3m7xjglXD6fZc+9DfF8TLsjRfvy8
mIGTAu06NgY+4wRsYkkD/KgnU6FQe5QUdRHX13nVCx58/Vc6yQ8bOC039jAQqjSH
8E85J0V1MnPgKVe50jcp6uS6rPS5iI87mtSTjtHYOhM9cVpUycoxTlro3xDYW8jh
rnvL8Kq1nN0DiRhFZJhEf3LBXJOUEaOLG0hJ+0F/umTxFM0yslmdCFrPswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFODBy3mShwnOb9nhv4VEylDv0kFtMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvNE1ITGVaS0hDYzV2MmVHX2hVVEtVT19TUVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgHswAb0
MA0GCSqGSIb3DQEBCwUAA4IBAQBrNj4JQppc8U2uQtyZIlCci8+q/1buyGPTs5Z/
X40JqYdbaVN7Dg29Ew4jtjnq9K8FlI/OFPbVxaSxUcJJbaINV6AHycUm6k65l0JX
lemiV2VG7Z8GlB3nu5GW6OsPNdtFt6CxM0535pVMPcp0hrFEF02HvWjhJ6j585Wi
gQte2HMiSxbWwYQ/AgIUOIO8kiHZHot1lApDPjT4v5jVmaGz5ifzkjSkSpXI26k4
KOO6Vk7gXJyX7zp1l6glI4d8VsM4p8TqtWDu66rZCIx7c+laaa4tO6Qb5U6OZ4/6
0GKVoSszCbMUTvRSzpjsOhpJfInpb1a9ICc6/DsJ8l/6Pgq8
-----END CERTIFICATE-----