Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/70a0b8-4542-4840-8f19-0a68da27b3a1/1/H6SveOSdHkqZ9ueQGmlndrunnIo.roa
File:                     H6SveOSdHkqZ9ueQGmlndrunnIo.roa (raw, json)
Hash identifier:          ZjmMhBHkwqQ5K2xq1IB/uiZwUc1feHjVtHr/OyBPgVI=
Subject key identifier:   1F:A4:AF:78:E4:9D:1E:4A:99:F6:E7:90:1A:69:67:76:BB:A7:9C:8A
Certificate issuer:       /CN=6cc1850245d2bf0b583a339f2eb4f7c09059640c
Certificate serial:       019919986D935D075867A67AE185B1F24A11
Authority key identifier: 6C:C1:85:02:45:D2:BF:0B:58:3A:33:9F:2E:B4:F7:C0:90:59:64:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bMGFAkXSvwtYOjOfLrT3wJBZZAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/70a0b8-4542-4840-8f19-0a68da27b3a1/1/H6SveOSdHkqZ9ueQGmlndrunnIo.roa
Signing time:             Fri 05 Sep 2025 11:17:23 +0000
ROA not before:           Fri 05 Sep 2025 11:17:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44784
IP address blocks:        185.149.0.0/22 maxlen: 32
                          185.254.167.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/70a0b8-4542-4840-8f19-0a68da27b3a1/1/bMGFAkXSvwtYOjOfLrT3wJBZZAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/70a0b8-4542-4840-8f19-0a68da27b3a1/1/bMGFAkXSvwtYOjOfLrT3wJBZZAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bMGFAkXSvwtYOjOfLrT3wJBZZAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:19:98:6d:93:5d:07:58:67:a6:7a:e1:85:b1:f2:4a:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cc1850245d2bf0b583a339f2eb4f7c09059640c
        Validity
            Not Before: Sep  5 11:17:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fa4af78e49d1e4a99f6e7901a696776bba79c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f4:80:5f:4b:61:58:e4:5b:96:49:35:73:e3:
                    72:3f:2b:01:87:9c:36:da:e0:ef:b0:90:e5:03:72:
                    af:49:9e:b8:cc:e0:de:15:48:90:43:1a:7a:7d:8d:
                    83:16:c1:bf:a2:96:92:17:72:e0:8e:34:4c:22:45:
                    cc:4d:3b:bb:ff:6b:25:bd:a9:38:93:a0:bd:cf:72:
                    e9:2a:8b:33:b4:27:94:f4:d7:fd:18:ae:ef:04:a2:
                    22:83:63:de:f2:10:7d:2e:07:6c:9e:46:c1:a4:53:
                    ba:c4:d4:45:79:a9:3b:59:68:b5:7f:22:9d:6b:e5:
                    cc:31:8c:c3:cb:ba:c5:2d:52:41:0c:7d:ed:15:07:
                    e2:72:ba:dd:cc:67:aa:eb:8f:35:86:0e:42:17:c8:
                    67:ea:eb:80:20:69:90:c5:34:8f:a4:20:9b:27:42:
                    1e:0b:64:9c:cc:85:bd:51:b8:8e:04:2d:9b:82:e4:
                    a7:93:7e:1c:ce:7a:a0:bf:b9:15:d6:39:3b:7b:db:
                    aa:49:05:d8:e3:94:ea:e7:2f:df:60:63:69:2f:94:
                    68:de:5a:a9:d1:0d:97:62:56:c3:7a:7d:97:ca:ac:
                    20:f1:0e:ef:a5:60:b5:a9:e0:c5:c2:d7:aa:64:90:
                    8f:74:b7:3e:f7:05:6b:1f:af:a3:74:eb:59:d1:48:
                    4a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:A4:AF:78:E4:9D:1E:4A:99:F6:E7:90:1A:69:67:76:BB:A7:9C:8A
            X509v3 Authority Key Identifier:
                keyid:6C:C1:85:02:45:D2:BF:0B:58:3A:33:9F:2E:B4:F7:C0:90:59:64:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bMGFAkXSvwtYOjOfLrT3wJBZZAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/70a0b8-4542-4840-8f19-0a68da27b3a1/1/H6SveOSdHkqZ9ueQGmlndrunnIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/70a0b8-4542-4840-8f19-0a68da27b3a1/1/bMGFAkXSvwtYOjOfLrT3wJBZZAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.0.0/22
                  185.254.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:76:3d:48:17:f4:ef:ce:8f:75:2d:fc:e3:a4:d1:c8:19:26:
         76:0e:e6:f4:4f:61:3c:2e:39:6a:d3:77:03:a9:aa:6b:93:e5:
         bb:a1:5e:e1:32:75:3d:83:c1:4a:f7:46:b3:7a:1c:74:ee:03:
         15:47:ff:ab:df:cc:34:77:2f:ba:37:d3:b7:47:93:77:9d:9c:
         52:31:c4:eb:77:42:f9:22:46:4e:a4:cc:f5:51:2e:42:15:78:
         dd:d0:0a:f8:2f:92:24:86:b2:9c:a5:d3:fc:05:e7:a8:59:ec:
         50:b0:29:cc:dc:0d:0b:7b:d8:d9:62:c1:66:0a:ff:0d:33:0e:
         be:42:07:a2:69:1d:26:64:a7:44:f2:8d:5d:a0:2a:7c:13:f0:
         84:5d:bc:1e:d9:fe:51:6f:a7:46:b0:5b:c9:a3:91:41:5a:89:
         d4:3a:da:70:38:88:9b:50:74:cd:c1:76:bd:a8:4d:85:72:e8:
         fd:7c:db:63:5e:11:ce:c2:f0:4f:52:b2:81:68:fa:9a:c6:8f:
         d4:8c:9e:83:53:90:6b:27:88:11:6b:4c:d3:5a:aa:84:72:a2:
         74:4d:72:34:9d:34:31:b4:2a:88:61:e0:47:97:34:56:2c:eb:
         54:0a:7d:d6:c7:e5:d9:88:11:34:aa:60:df:4b:14:bb:c1:85:
         ef:05:7b:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkZmG2TXQdYZ6Z64YWx8koRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYzE4NTAyNDVkMmJmMGI1ODNhMzM5ZjJlYjRmN2MwOTA1
OTY0MGMwHhcNMjUwOTA1MTExNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmE0YWY3OGU0OWQxZTRhOTlmNmU3OTAxYTY5Njc3NmJiYTc5YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/SAX0thWORblkk1c+NyPysBh5w2
2uDvsJDlA3KvSZ64zODeFUiQQxp6fY2DFsG/opaSF3LgjjRMIkXMTTu7/2slvak4
k6C9z3LpKosztCeU9Nf9GK7vBKIig2Pe8hB9LgdsnkbBpFO6xNRFeak7WWi1fyKd
a+XMMYzDy7rFLVJBDH3tFQficrrdzGeq6481hg5CF8hn6uuAIGmQxTSPpCCbJ0Ie
C2SczIW9UbiOBC2bguSnk34cznqgv7kV1jk7e9uqSQXY45Tq5y/fYGNpL5Ro3lqp
0Q2XYlbDen2Xyqwg8Q7vpWC1qeDFwteqZJCPdLc+9wVrH6+jdOtZ0UhKSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB+kr3jknR5KmfbnkBppZ3a7p5yKMB8GA1UdIwQY
MBaAFGzBhQJF0r8LWDozny6098CQWWQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk1HRkFrWFN2d3RZT2pPZkxyVDN3SkJaWkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC83MGEwYjgtNDU0Mi00ODQwLThmMTkt
MGE2OGRhMjdiM2ExLzEvSDZTdmVPU2RIa3FaOXVlUUdtbG5kcnVubklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC83MGEwYjgtNDU0Mi00ODQwLThmMTktMGE2OGRhMjdiM2Ex
LzEvYk1HRkFrWFN2d3RZT2pPZkxyVDN3SkJaWkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZUAAwQA
uf6nMA0GCSqGSIb3DQEBCwUAA4IBAQCSdj1IF/Tvzo91LfzjpNHIGSZ2Dub0T2E8
Ljlq03cDqaprk+W7oV7hMnU9g8FK90azehx07gMVR/+r38w0dy+6N9O3R5N3nZxS
McTrd0L5IkZOpMz1US5CFXjd0Ar4L5IkhrKcpdP8BeeoWexQsCnM3A0Le9jZYsFm
Cv8NMw6+QgeiaR0mZKdE8o1doCp8E/CEXbwe2f5Rb6dGsFvJo5FBWonUOtpwOIib
UHTNwXa9qE2Fcuj9fNtjXhHOwvBPUrKBaPqaxo/UjJ6DU5BrJ4gRa0zTWqqEcqJ0
TXI0nTQxtCqIYeBHlzRWLOtUCn3Wx+XZiBE0qmDfSxS7wYXvBXsE
-----END CERTIFICATE-----