Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/6d_4DsA-qL2qj0TDRCvwbOxR00Q.roa
File:                     6d_4DsA-qL2qj0TDRCvwbOxR00Q.roa (raw, json)
Hash identifier:          Brgopk4ClilzEVF+gNj8w0ZmRV8dCg1gMkmnChzGTmg=
Subject key identifier:   E9:DF:F8:0E:C0:3E:A8:BD:AA:8F:44:C3:44:2B:F0:6C:EC:51:D3:44
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0199959744EB9CDA796770F762491208806D
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/6d_4DsA-qL2qj0TDRCvwbOxR00Q.roa
Signing time:             Mon 29 Sep 2025 13:09:02 +0000
ROA not before:           Mon 29 Sep 2025 13:09:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25184
IP address blocks:        46.38.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:95:97:44:eb:9c:da:79:67:70:f7:62:49:12:08:80:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Sep 29 13:09:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9dff80ec03ea8bdaa8f44c3442bf06cec51d344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:84:97:35:50:67:d3:ff:55:6f:3a:ae:bd:0a:
                    fa:2e:f4:17:13:e2:fe:3c:e1:f9:f3:a3:41:73:2d:
                    6c:43:16:18:a7:e2:ee:ae:48:ad:f7:3d:74:8d:91:
                    88:45:3b:5b:77:29:cc:5d:4f:71:79:ee:77:cb:10:
                    be:9e:8d:b0:ca:43:d2:be:bb:5a:e0:b7:ba:d8:f3:
                    dc:63:c9:e2:17:6e:2a:19:7c:c5:9e:0b:ff:6c:51:
                    aa:09:a2:90:e1:70:74:fc:68:57:c5:bd:ba:2c:2c:
                    1e:62:a6:b2:8b:df:03:32:c7:8e:30:34:96:6e:06:
                    ae:42:d7:58:05:84:93:3c:8c:93:7a:dd:92:86:83:
                    9f:c7:76:94:9e:bd:f1:97:3c:47:9c:e4:4a:df:4f:
                    06:8e:4c:67:70:a3:f2:7a:fd:99:dd:5a:6a:17:47:
                    d6:65:41:bb:e0:27:22:5b:47:1f:3a:af:d8:2c:10:
                    e5:5c:67:b0:cb:7b:52:96:8e:44:67:ba:48:ab:14:
                    e4:fe:1f:e7:85:05:fc:3e:c7:ef:e6:25:91:da:b4:
                    b7:5f:43:54:af:8f:c1:c0:b6:f9:78:1c:69:24:b7:
                    1b:24:08:14:8b:25:d6:ce:a1:c2:64:b8:ab:ad:b6:
                    fb:a8:e8:40:fb:92:d7:69:e3:41:71:96:bf:54:38:
                    e3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:DF:F8:0E:C0:3E:A8:BD:AA:8F:44:C3:44:2B:F0:6C:EC:51:D3:44
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/6d_4DsA-qL2qj0TDRCvwbOxR00Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:b5:6a:bd:b3:6b:9d:fb:3a:72:f5:7b:1f:64:98:f8:66:26:
         89:b8:b1:ab:c8:19:20:55:39:b9:f1:f0:a2:42:72:3e:09:bf:
         17:c9:fa:73:80:fd:9b:75:1d:0b:a8:fb:c7:96:a4:58:41:c3:
         c4:51:90:63:fa:ca:4c:02:44:75:6b:af:96:c6:37:a9:df:4f:
         b5:18:b5:75:01:ba:1a:d6:69:87:d3:46:97:52:76:a1:67:0d:
         cb:0f:95:dd:fb:5a:90:57:de:d9:0a:94:42:fb:55:c3:4b:e5:
         e5:14:3a:2f:c1:1b:68:01:60:f6:56:3e:a7:ec:59:e0:c1:6c:
         9e:b1:c5:d9:04:e3:10:c3:04:6e:bd:5c:60:57:71:7d:c5:22:
         71:49:7c:76:fa:30:9f:0b:85:dd:35:53:df:1f:7d:aa:90:02:
         b2:3f:32:eb:11:3d:34:67:d1:4a:47:dc:12:3f:31:b1:f7:2c:
         f1:be:fe:46:6e:f9:0e:8b:a5:79:83:02:e7:11:cb:6c:12:e4:
         2f:a9:64:b5:be:6d:c1:65:18:c4:85:42:14:d6:02:c6:d4:29:
         ad:da:d9:e3:ed:61:31:3f:15:23:d1:c5:77:ac:b2:2d:52:aa:
         fe:8f:a8:b2:b8:f9:f0:76:01:06:5e:0f:5e:2f:9a:8d:45:84:
         92:e2:c4:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmVl0TrnNp5Z3D3YkkSCIBtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwOTI5MTMwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWRmZjgwZWMwM2VhOGJkYWE4ZjQ0YzM0NDJiZjA2Y2VjNTFkMzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvISXNVBn0/9VbzquvQr6LvQXE+L+
POH586NBcy1sQxYYp+Lurkit9z10jZGIRTtbdynMXU9xee53yxC+no2wykPSvrta
4Le62PPcY8niF24qGXzFngv/bFGqCaKQ4XB0/GhXxb26LCweYqayi98DMseOMDSW
bgauQtdYBYSTPIyTet2ShoOfx3aUnr3xlzxHnORK308GjkxncKPyev2Z3VpqF0fW
ZUG74CciW0cfOq/YLBDlXGewy3tSlo5EZ7pIqxTk/h/nhQX8Psfv5iWR2rS3X0NU
r4/BwLb5eBxpJLcbJAgUiyXWzqHCZLirrbb7qOhA+5LXaeNBcZa/VDjj5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnf+A7APqi9qo9Ew0Qr8GzsUdNEMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvNmRfNERzQS1xTDJxajBURFJDdndiT3hSMDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiaQMA0G
CSqGSIb3DQEBCwUAA4IBAQBVtWq9s2ud+zpy9XsfZJj4ZiaJuLGryBkgVTm58fCi
QnI+Cb8XyfpzgP2bdR0LqPvHlqRYQcPEUZBj+spMAkR1a6+Wxjep30+1GLV1Aboa
1mmH00aXUnahZw3LD5Xd+1qQV97ZCpRC+1XDS+XlFDovwRtoAWD2Vj6n7FngwWye
scXZBOMQwwRuvVxgV3F9xSJxSXx2+jCfC4XdNVPfH32qkAKyPzLrET00Z9FKR9wS
PzGx9yzxvv5GbvkOi6V5gwLnEctsEuQvqWS1vm3BZRjEhUIU1gLG1Cmt2tnj7WEx
PxUj0cV3rLItUqr+j6iyuPnwdgEGXg9eL5qNRYSS4sTa
-----END CERTIFICATE-----