Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/S6x2GO2EJ9KcCMRTpcGWRPoM8AY.roa
File:                     S6x2GO2EJ9KcCMRTpcGWRPoM8AY.roa (raw, json)
Hash identifier:          9sQE61f7Pr/mVJ2y8Avta2FMC1JI4rdqPKWLZVtugf0=
Subject key identifier:   4B:AC:76:18:ED:84:27:D2:9C:08:C4:53:A5:C1:96:44:FA:0C:F0:06
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       0196A10453DACF23E7F0F456B9C780A5C75E
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/S6x2GO2EJ9KcCMRTpcGWRPoM8AY.roa
Signing time:             Mon 05 May 2025 15:15:37 +0000
ROA not before:           Mon 05 May 2025 15:15:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201512
IP address blocks:        176.101.90.0/24 maxlen: 24
                          176.101.92.0/24 maxlen: 24
                          2a03:720:40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 12:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a1:04:53:da:cf:23:e7:f0:f4:56:b9:c7:80:a5:c7:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: May  5 15:15:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bac7618ed8427d29c08c453a5c19644fa0cf006
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:85:0e:85:e4:ae:28:3e:c8:46:a2:c1:02:d5:
                    cd:f7:93:a1:ab:66:01:af:b3:74:18:06:1b:bf:fd:
                    f4:fe:dd:0e:dd:b2:4c:dc:67:b8:07:dd:41:bc:a1:
                    3d:73:e9:d7:bd:de:8b:13:8e:12:af:93:e8:bd:79:
                    43:9d:76:bd:3e:5c:3f:6b:cb:79:eb:23:a5:81:85:
                    2d:4c:07:be:26:92:15:bc:bd:37:2a:c6:ea:64:aa:
                    45:85:48:54:6f:a2:65:39:16:ff:ca:1b:bf:76:42:
                    14:2a:4f:9c:2c:d8:c0:0d:c8:ba:d0:59:ce:c4:1e:
                    5e:46:2a:47:a7:39:1d:b5:da:b1:44:0a:44:e6:d3:
                    44:4d:56:34:6d:c1:24:35:13:be:f2:c8:38:a5:6d:
                    17:b6:e0:e5:e5:53:68:b4:39:53:81:ca:71:24:0a:
                    09:1b:2a:b9:0a:d6:a1:a2:a4:3e:65:3c:60:26:08:
                    2b:c0:0b:ee:9d:71:ef:c4:cc:5f:38:f2:75:50:cb:
                    f9:a4:c1:ba:a4:61:f9:56:79:91:e0:d9:58:df:4a:
                    40:fc:5d:a8:c1:91:38:3b:2a:67:7e:26:10:cd:1c:
                    f2:30:64:a5:9f:3e:ad:90:3f:30:e8:5c:4c:f7:c6:
                    ef:58:6f:dc:5a:e2:12:2f:a3:24:e1:dc:e2:70:d0:
                    a2:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:AC:76:18:ED:84:27:D2:9C:08:C4:53:A5:C1:96:44:FA:0C:F0:06
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/S6x2GO2EJ9KcCMRTpcGWRPoM8AY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.101.90.0/24
                  176.101.92.0/24
                IPv6:
                  2a03:720:40::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:33:0e:09:1a:93:83:9e:ea:98:3f:b5:10:47:58:eb:33:e1:
         4c:84:19:3f:6d:d9:08:14:e1:57:3f:48:ed:13:60:2a:6e:0c:
         c8:e6:46:0e:d6:48:ea:94:cb:18:eb:0a:69:53:95:44:0b:a8:
         f0:72:84:73:96:db:67:41:99:2d:c2:6e:89:22:71:32:9d:e5:
         7c:bb:0c:67:0e:89:b7:5f:be:fb:a6:87:ee:e4:1f:0e:77:a7:
         bd:04:ee:89:54:e1:63:12:a3:0f:8f:87:9e:85:df:3b:8c:fa:
         9d:e6:52:e5:7d:19:66:74:a6:d2:ac:dc:8d:d6:69:7b:eb:a3:
         b3:8e:c0:6d:91:b3:66:61:d1:29:21:9b:65:b3:50:2a:4c:5c:
         b4:4c:9f:52:92:c1:be:63:7f:48:79:3b:8c:8c:f5:99:6b:1e:
         a7:d6:6a:7f:76:f8:6f:8a:b5:c0:21:20:ce:35:d9:65:46:fd:
         c3:ca:8f:dd:eb:18:53:2d:87:d3:ad:1d:b9:35:cd:41:27:75:
         ff:b3:6f:0b:e1:87:74:42:64:37:f5:f5:17:76:fb:79:6e:b4:
         de:a6:2f:f8:3c:65:ae:da:29:6f:ac:a9:fe:a2:b4:69:42:7d:
         5a:c0:99:e9:44:1d:55:4c:1a:2f:05:c6:7c:e6:5d:61:bc:1c:
         7b:57:31:9f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZahBFPazyPn8PRWuceApcdeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjUwNTA1MTUxNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmFjNzYxOGVkODQyN2QyOWMwOGM0NTNhNWMxOTY0NGZhMGNmMDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YUOheSuKD7IRqLBAtXN95Ohq2YB
r7N0GAYbv/30/t0O3bJM3Ge4B91BvKE9c+nXvd6LE44Sr5PovXlDnXa9Plw/a8t5
6yOlgYUtTAe+JpIVvL03KsbqZKpFhUhUb6JlORb/yhu/dkIUKk+cLNjADci60FnO
xB5eRipHpzkdtdqxRApE5tNETVY0bcEkNRO+8sg4pW0XtuDl5VNotDlTgcpxJAoJ
Gyq5CtahoqQ+ZTxgJggrwAvunXHvxMxfOPJ1UMv5pMG6pGH5VnmR4NlY30pA/F2o
wZE4OypnfiYQzRzyMGSlnz6tkD8w6FxM98bvWG/cWuISL6Mk4dzicNCivQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEusdhjthCfSnAjEU6XBlkT6DPAGMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvUzZ4MkdPMkVKOUtjQ01SVHBjR1dSUG9NOEFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAsGVaAwQA
sGVcMA8EAgACMAkDBwAqAwcgAEAwDQYJKoZIhvcNAQELBQADggEBAF0zDgkak4Oe
6pg/tRBHWOsz4UyEGT9t2QgU4Vc/SO0TYCpuDMjmRg7WSOqUyxjrCmlTlUQLqPBy
hHOW22dBmS3CbokicTKd5Xy7DGcOibdfvvumh+7kHw53p70E7olU4WMSow+Ph56F
3zuM+p3mUuV9GWZ0ptKs3I3WaXvro7OOwG2Rs2Zh0Skhm2WzUCpMXLRMn1KSwb5j
f0h5O4yM9ZlrHqfWan92+G+KtcAhIM412WVG/cPKj93rGFMth9OtHbk1zUEndf+z
bwvhh3RCZDf19Rd2+3lutN6mL/g8Za7aKW+sqf6itGlCfVrAmelEHVVMGi8Fxnzm
XWG8HHtXMZ8=
-----END CERTIFICATE-----