Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/hBq6DPEIeY8Yhu3iLZgYcqX86wc.roa
File:                     hBq6DPEIeY8Yhu3iLZgYcqX86wc.roa (raw, json)
Hash identifier:          G+wF6iZXun53udNk6xg5sIb/Bo1cfj+jezlEcYlaiX8=
Subject key identifier:   84:1A:BA:0C:F1:08:79:8F:18:86:ED:E2:2D:98:18:72:A5:FC:EB:07
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0197B158E56E2778A08A116B2885F4A1DAD3
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/hBq6DPEIeY8Yhu3iLZgYcqX86wc.roa
Signing time:             Fri 27 Jun 2025 12:24:42 +0000
ROA not before:           Fri 27 Jun 2025 12:24:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21840
IP address blocks:        46.29.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b1:58:e5:6e:27:78:a0:8a:11:6b:28:85:f4:a1:da:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jun 27 12:24:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=841aba0cf108798f1886ede22d981872a5fceb07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4a:02:73:19:df:a0:ed:dd:60:13:b1:60:16:
                    1e:f8:37:bc:c7:65:26:cc:7d:f5:4d:2f:f1:28:75:
                    1f:69:1f:51:f0:64:df:88:bb:36:5b:82:60:8c:e1:
                    ce:3f:24:f4:65:f8:7b:31:3a:fb:b1:2d:bc:8f:7a:
                    2b:95:72:36:bb:7b:c0:87:e8:1c:07:db:d6:82:3a:
                    85:6d:6b:ed:eb:46:ef:6a:d8:1c:cd:f9:17:01:be:
                    06:f5:32:17:c9:4d:fb:55:d5:cd:c0:fd:40:65:db:
                    4d:da:6e:65:c6:c7:bb:bc:bf:80:9f:57:5a:77:1d:
                    84:48:dc:ba:f5:27:b2:d4:e8:38:20:2d:b2:52:d4:
                    83:aa:b7:66:80:33:62:c9:8a:61:b4:ff:87:a0:d7:
                    26:c7:7b:24:b4:98:db:f9:1a:6e:b1:a4:e5:91:da:
                    56:dc:7b:f6:0d:38:32:5b:3e:30:e4:68:ce:21:b1:
                    f7:cf:85:bb:88:d4:74:ac:cd:b1:3f:d8:ca:52:d4:
                    68:85:88:3c:05:b7:cd:2c:b8:d1:97:8b:f0:49:6c:
                    1d:e4:ca:7b:f3:4a:13:44:bd:c2:52:d3:4d:a8:ec:
                    33:a8:04:c6:14:89:fb:37:19:a5:7d:71:ff:68:36:
                    a4:3f:bd:36:12:c0:e8:5e:f8:0c:0d:92:6d:e8:ed:
                    1b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:1A:BA:0C:F1:08:79:8F:18:86:ED:E2:2D:98:18:72:A5:FC:EB:07
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/hBq6DPEIeY8Yhu3iLZgYcqX86wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:41:ee:a5:13:f1:c3:61:b5:4a:ae:c1:ad:d0:16:02:a1:f9:
         07:92:8f:28:11:5b:1d:d0:c8:93:85:60:ee:14:b7:44:7e:ff:
         f3:ba:78:92:24:71:00:94:41:e0:bd:38:8b:26:51:d1:9c:0a:
         5c:c0:da:8b:17:b5:37:04:1c:75:de:c9:8b:30:de:a4:9f:3e:
         cd:de:1f:9a:67:ae:01:72:3d:03:bf:88:59:bd:18:2f:61:04:
         98:c2:8e:fc:e3:b8:e4:c9:ef:15:ce:ec:a1:ce:72:f7:a2:dd:
         a6:39:08:82:e0:d8:eb:82:92:38:8c:93:63:54:c3:de:07:4e:
         5b:1b:2a:5d:25:46:c7:f4:43:b5:fb:96:4e:c6:3e:c8:67:ee:
         00:ab:44:cd:00:04:91:f0:4a:70:e1:4a:49:8e:92:d4:be:08:
         bd:41:7d:62:52:57:5b:77:62:fd:82:f1:23:de:c0:13:5d:b4:
         13:50:3f:1c:11:2d:de:73:46:50:57:cf:04:4a:1d:22:a9:71:
         75:34:94:30:4e:31:f1:d8:51:9b:73:33:1f:00:e0:89:9e:1b:
         f0:d0:4d:cf:45:81:de:c6:ad:37:76:3a:55:9c:cb:43:01:2f:
         f9:e0:f2:1b:30:bf:f9:b7:23:59:2e:d1:db:78:4b:61:37:a3:
         b0:4e:c5:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZexWOVuJ3igihFrKIX0odrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNjI3MTIyNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDFhYmEwY2YxMDg3OThmMTg4NmVkZTIyZDk4MTg3MmE1ZmNlYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEoCcxnfoO3dYBOxYBYe+De8x2Um
zH31TS/xKHUfaR9R8GTfiLs2W4JgjOHOPyT0Zfh7MTr7sS28j3orlXI2u3vAh+gc
B9vWgjqFbWvt60bvatgczfkXAb4G9TIXyU37VdXNwP1AZdtN2m5lxse7vL+An1da
dx2ESNy69Sey1Og4IC2yUtSDqrdmgDNiyYphtP+HoNcmx3sktJjb+RpusaTlkdpW
3Hv2DTgyWz4w5GjOIbH3z4W7iNR0rM2xP9jKUtRohYg8BbfNLLjRl4vwSWwd5Mp7
80oTRL3CUtNNqOwzqATGFIn7NxmlfXH/aDakP702EsDoXvgMDZJt6O0bCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQaugzxCHmPGIbt4i2YGHKl/OsHMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvaEJxNkRQRUllWThZaHUzaUxaZ1ljcVg4NndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh0YMA0G
CSqGSIb3DQEBCwUAA4IBAQANQe6lE/HDYbVKrsGt0BYCofkHko8oEVsd0MiThWDu
FLdEfv/zuniSJHEAlEHgvTiLJlHRnApcwNqLF7U3BBx13smLMN6knz7N3h+aZ64B
cj0Dv4hZvRgvYQSYwo7847jkye8VzuyhznL3ot2mOQiC4NjrgpI4jJNjVMPeB05b
GypdJUbH9EO1+5ZOxj7IZ+4Aq0TNAASR8Epw4UpJjpLUvgi9QX1iUldbd2L9gvEj
3sATXbQTUD8cES3ec0ZQV88ESh0iqXF1NJQwTjHx2FGbczMfAOCJnhvw0E3PRYHe
xq03djpVnMtDAS/54PIbML/5tyNZLtHbeEthN6OwTsVj
-----END CERTIFICATE-----