Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/g6q7q2HLmrL68PDSTTyRIYBNcJY.roa
File:                     g6q7q2HLmrL68PDSTTyRIYBNcJY.roa (raw, json)
Hash identifier:          eTY6Q+eiIrBv9YE0+f1h1CVgS/oOAfzZcA42kSmU6+0=
Subject key identifier:   83:AA:BB:AB:61:CB:9A:B2:FA:F0:F0:D2:4D:3C:91:21:80:4D:70:96
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       0197351DD87B6E843BED9C1627FFB5D972BC
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/g6q7q2HLmrL68PDSTTyRIYBNcJY.roa
Signing time:             Tue 03 Jun 2025 09:27:17 +0000
ROA not before:           Tue 03 Jun 2025 09:27:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        89.18.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:1d:d8:7b:6e:84:3b:ed:9c:16:27:ff:b5:d9:72:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: Jun  3 09:27:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83aabbab61cb9ab2faf0f0d24d3c9121804d7096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:27:0d:ae:f3:95:ba:b6:27:7a:b1:77:4b:be:
                    d2:00:ed:ee:4e:5a:61:bb:c5:5e:41:20:3d:0f:ff:
                    e1:df:d7:2e:b1:7f:09:26:63:31:18:3a:6f:fe:0e:
                    66:1f:7f:11:73:7b:42:14:10:7f:2b:2a:a6:f4:6e:
                    86:99:d3:78:c8:99:8b:36:d1:0b:22:c4:ad:74:2d:
                    5f:a4:ca:cb:f8:62:b1:22:04:9a:fa:fc:b9:fb:31:
                    5b:63:16:66:2a:c6:c3:fe:0f:3b:5d:c8:d9:c7:14:
                    56:07:9c:89:ca:d3:d9:f7:c5:38:f5:5f:ad:88:bf:
                    9a:16:d3:4a:b4:45:15:53:00:63:a4:07:48:e5:ae:
                    61:d4:92:b0:51:7b:0c:49:3c:b7:b8:f4:fc:45:0c:
                    8b:7e:d9:c8:7a:3f:ce:39:a4:96:6c:40:0a:66:3b:
                    5d:4b:cb:18:37:fb:56:f5:bc:10:35:57:29:b8:72:
                    21:e6:6e:33:aa:0e:21:15:34:3e:ad:8f:7f:84:72:
                    59:bb:79:14:5b:2e:de:91:70:e8:a6:4f:3b:63:fb:
                    ee:49:ac:37:e8:f8:a5:d1:06:a6:75:a6:aa:6e:cd:
                    45:c9:a8:d4:2a:a4:35:19:8e:45:d2:b4:8b:d3:ab:
                    4e:03:b2:58:e0:14:2b:2a:ce:e0:ce:c7:22:fe:3b:
                    f2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:AA:BB:AB:61:CB:9A:B2:FA:F0:F0:D2:4D:3C:91:21:80:4D:70:96
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/g6q7q2HLmrL68PDSTTyRIYBNcJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:51:b8:b4:8f:fb:13:12:a7:76:3f:bf:14:46:a0:e6:c2:58:
         a1:46:bb:58:d0:97:0e:29:5b:74:f0:56:d5:54:0a:6e:b2:da:
         bb:d7:3d:9a:4f:7a:3b:34:11:65:76:aa:de:d5:08:0f:ca:96:
         80:9a:62:87:f0:1f:52:3a:a7:6b:36:a4:66:fd:ab:bd:5c:90:
         49:c6:4a:4d:c9:c0:ab:5d:03:06:4f:85:34:a3:f8:8e:fc:19:
         f8:7f:e2:d7:fc:a7:66:47:f4:b8:5e:b8:fe:86:eb:80:3a:b9:
         e3:f6:ab:9d:f7:fb:f9:9d:c4:5b:94:ee:0b:2d:7c:3b:63:bb:
         7e:41:99:fe:50:b1:fd:c4:eb:a2:eb:7c:c5:4a:91:30:83:e1:
         c1:bd:de:96:fa:d6:4b:9a:a7:88:9d:90:96:4c:d8:af:db:2a:
         2c:67:28:77:c7:d4:56:4e:3d:cd:7c:e5:5c:ec:bd:74:63:71:
         4f:82:43:01:3e:7d:04:a8:39:df:92:d9:7f:21:cb:81:17:0c:
         2e:d2:c7:98:0b:06:1a:ab:7e:8c:1d:4f:1b:e5:92:b0:dc:25:
         78:b5:e7:ba:1d:dd:b1:bc:78:b5:84:4d:88:53:76:31:ef:9c:
         79:af:e0:df:2f:e6:15:7f:b8:ff:16:e5:7d:71:b6:b6:1a:74:
         ce:99:0e:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc1Hdh7boQ77ZwWJ/+12XK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjUwNjAzMDkyNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2FhYmJhYjYxY2I5YWIyZmFmMGYwZDI0ZDNjOTEyMTgwNGQ3MDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8CcNrvOVurYnerF3S77SAO3uTlph
u8VeQSA9D//h39cusX8JJmMxGDpv/g5mH38Rc3tCFBB/Kyqm9G6GmdN4yJmLNtEL
IsStdC1fpMrL+GKxIgSa+vy5+zFbYxZmKsbD/g87XcjZxxRWB5yJytPZ98U49V+t
iL+aFtNKtEUVUwBjpAdI5a5h1JKwUXsMSTy3uPT8RQyLftnIej/OOaSWbEAKZjtd
S8sYN/tW9bwQNVcpuHIh5m4zqg4hFTQ+rY9/hHJZu3kUWy7ekXDopk87Y/vuSaw3
6Pil0Qamdaaqbs1FyajUKqQ1GY5F0rSL06tOA7JY4BQrKs7gzsci/jvy+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOqu6thy5qy+vDw0k08kSGATXCWMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvZzZxN3EySExtckw2OFBEU1RUeVJJWUJOY0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI0MA0G
CSqGSIb3DQEBCwUAA4IBAQBWUbi0j/sTEqd2P78URqDmwlihRrtY0JcOKVt08FbV
VApustq71z2aT3o7NBFldqre1QgPypaAmmKH8B9SOqdrNqRm/au9XJBJxkpNycCr
XQMGT4U0o/iO/Bn4f+LX/KdmR/S4Xrj+huuAOrnj9qud9/v5ncRblO4LLXw7Y7t+
QZn+ULH9xOui63zFSpEwg+HBvd6W+tZLmqeInZCWTNiv2yosZyh3x9RWTj3NfOVc
7L10Y3FPgkMBPn0EqDnfktl/IcuBFwwu0seYCwYaq36MHU8b5ZKw3CV4tee6Hd2x
vHi1hE2IU3Yx75x5r+DfL+YVf7j/FuV9cba2GnTOmQ5j
-----END CERTIFICATE-----