Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/6thBO5jod-S22ld5I7cCUqU9PPU.roa
File:                     6thBO5jod-S22ld5I7cCUqU9PPU.roa (raw, json)
Hash identifier:          whhraWURnepuYYNpLNQlvK7It8S7aCrmfs8zXpfqsOc=
Subject key identifier:   EA:D8:41:3B:98:E8:77:E4:B6:DA:57:79:23:B7:02:52:A5:3D:3C:F5
Certificate issuer:       /CN=c87474ceb85af31122ede586d4d65b0f5b4d97f0
Certificate serial:       01983BF493ABA41AB719D2879799054D67E8
Authority key identifier: C8:74:74:CE:B8:5A:F3:11:22:ED:E5:86:D4:D6:5B:0F:5B:4D:97:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yHR0zrha8xEi7eWG1NZbD1tNl_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/6thBO5jod-S22ld5I7cCUqU9PPU.roa
Signing time:             Thu 24 Jul 2025 10:22:20 +0000
ROA not before:           Thu 24 Jul 2025 10:22:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42000
IP address blocks:        185.160.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/yHR0zrha8xEi7eWG1NZbD1tNl_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/yHR0zrha8xEi7eWG1NZbD1tNl_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yHR0zrha8xEi7eWG1NZbD1tNl_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3b:f4:93:ab:a4:1a:b7:19:d2:87:97:99:05:4d:67:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c87474ceb85af31122ede586d4d65b0f5b4d97f0
        Validity
            Not Before: Jul 24 10:22:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ead8413b98e877e4b6da577923b70252a53d3cf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:12:c4:75:2e:16:73:77:e7:14:fd:45:f0:7d:
                    08:6f:b8:5b:78:62:2e:09:74:91:12:b4:de:ef:38:
                    e7:a3:55:1b:71:74:0b:06:ce:2a:87:e8:cb:43:5b:
                    af:ca:38:d8:27:52:06:49:d8:31:53:20:e2:5e:d9:
                    5c:e1:bd:0d:63:cf:86:16:53:9b:53:0f:b4:ca:31:
                    4b:76:77:b5:23:0a:66:30:a3:5e:bb:5f:99:03:59:
                    70:c9:24:0d:3d:14:a5:37:ef:02:7c:f2:47:69:2d:
                    b1:c7:8d:0d:5c:b5:a1:2b:d0:18:a6:03:cf:9f:c6:
                    8d:ba:d7:a1:29:88:ba:2e:74:75:84:18:6e:78:d0:
                    2f:dd:53:c9:cf:d6:c6:d6:37:d6:c8:38:0d:71:ab:
                    fe:3e:c7:f4:64:a4:c4:09:da:b5:70:22:1f:18:e8:
                    39:a4:51:8b:67:80:4a:15:90:6c:ed:60:70:fc:36:
                    5c:14:ab:d3:aa:43:4d:f2:4f:d0:70:f4:bc:d7:fc:
                    3f:12:21:6a:c0:39:7b:3b:ac:96:64:06:cd:66:27:
                    85:c0:64:3b:8a:b9:41:be:38:b9:b6:a4:91:04:a0:
                    7f:3b:db:ea:5c:fd:74:e6:f3:aa:b9:4c:e6:52:d7:
                    51:ac:67:3b:ad:41:46:ea:5a:97:91:21:0c:e2:c1:
                    e8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D8:41:3B:98:E8:77:E4:B6:DA:57:79:23:B7:02:52:A5:3D:3C:F5
            X509v3 Authority Key Identifier:
                keyid:C8:74:74:CE:B8:5A:F3:11:22:ED:E5:86:D4:D6:5B:0F:5B:4D:97:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yHR0zrha8xEi7eWG1NZbD1tNl_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/6thBO5jod-S22ld5I7cCUqU9PPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/52d75c-e8a0-4ec8-b00f-03586523b133/1/yHR0zrha8xEi7eWG1NZbD1tNl_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:6a:26:46:92:ea:f9:88:d3:e0:7f:6f:c5:61:60:2e:ce:54:
         b6:67:eb:98:d4:78:93:59:cc:c2:d5:d4:1e:d3:27:96:7d:33:
         95:72:13:95:9c:70:93:2b:f7:d6:bd:39:b5:ea:86:d3:50:06:
         ad:d1:ff:21:37:f4:f3:96:01:1c:55:b9:c4:d1:b2:b2:f5:f4:
         b2:b3:96:a5:08:15:4a:e9:4f:fa:84:88:ee:21:5e:b2:22:bb:
         56:41:e1:48:6f:57:5a:ad:24:6d:89:41:8d:5f:99:b0:ac:a0:
         2e:45:d9:a1:90:d8:e1:70:d8:94:32:7e:37:cc:02:f8:0c:56:
         87:f3:ae:74:6b:24:1f:e1:a9:d5:ad:fc:28:1e:90:03:f6:d8:
         f8:a8:9d:83:11:2d:a1:60:41:36:74:b6:68:14:61:26:0f:85:
         be:74:ab:9e:73:66:bc:f6:f9:f4:21:95:b6:79:1f:3c:6a:9c:
         22:92:e4:83:36:04:08:f4:e8:04:0a:92:81:93:f1:3b:a6:fc:
         ad:56:e7:7f:7d:9e:3a:56:7c:69:56:e0:32:cd:19:40:2f:07:
         a3:38:fa:7b:53:61:a2:09:62:05:fe:b3:81:8d:36:e4:00:a7:
         60:d2:97:76:c7:b4:87:29:0b:7b:f8:b8:74:06:1c:63:09:8d:
         c1:05:9d:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg79JOrpBq3GdKHl5kFTWfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NzQ3NGNlYjg1YWYzMTEyMmVkZTU4NmQ0ZDY1YjBmNWI0
ZDk3ZjAwHhcNMjUwNzI0MTAyMjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWQ4NDEzYjk4ZTg3N2U0YjZkYTU3NzkyM2I3MDI1MmE1M2QzY2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxLEdS4Wc3fnFP1F8H0Ib7hbeGIu
CXSRErTe7zjno1UbcXQLBs4qh+jLQ1uvyjjYJ1IGSdgxUyDiXtlc4b0NY8+GFlOb
Uw+0yjFLdne1IwpmMKNeu1+ZA1lwySQNPRSlN+8CfPJHaS2xx40NXLWhK9AYpgPP
n8aNutehKYi6LnR1hBhueNAv3VPJz9bG1jfWyDgNcav+Psf0ZKTECdq1cCIfGOg5
pFGLZ4BKFZBs7WBw/DZcFKvTqkNN8k/QcPS81/w/EiFqwDl7O6yWZAbNZieFwGQ7
irlBvji5tqSRBKB/O9vqXP105vOquUzmUtdRrGc7rUFG6lqXkSEM4sHoeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrYQTuY6HfkttpXeSO3AlKlPTz1MB8GA1UdIwQY
MBaAFMh0dM64WvMRIu3lhtTWWw9bTZfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUhSMHpyaGE4eEVpN2VXRzFOWmJEMXRObF9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi81MmQ3NWMtZThhMC00ZWM4LWIwMGYt
MDM1ODY1MjNiMTMzLzEvNnRoQk81am9kLVMyMmxkNUk3Y0NVcVU5UFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi81MmQ3NWMtZThhMC00ZWM4LWIwMGYtMDM1ODY1MjNiMTMz
LzEveUhSMHpyaGE4eEVpN2VXRzFOWmJEMXRObF9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaAUMA0G
CSqGSIb3DQEBCwUAA4IBAQB8aiZGkur5iNPgf2/FYWAuzlS2Z+uY1HiTWczC1dQe
0yeWfTOVchOVnHCTK/fWvTm16obTUAat0f8hN/TzlgEcVbnE0bKy9fSys5alCBVK
6U/6hIjuIV6yIrtWQeFIb1darSRtiUGNX5mwrKAuRdmhkNjhcNiUMn43zAL4DFaH
8650ayQf4anVrfwoHpAD9tj4qJ2DES2hYEE2dLZoFGEmD4W+dKuec2a89vn0IZW2
eR88apwikuSDNgQI9OgECpKBk/E7pvytVud/fZ46VnxpVuAyzRlALwejOPp7U2Gi
CWIF/rOBjTbkAKdg0pd2x7SHKQt7+Lh0BhxjCY3BBZ36
-----END CERTIFICATE-----