Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/6cKcdbg697__ZvwP9kwjgGEVw3Q.roa
File:                     6cKcdbg697__ZvwP9kwjgGEVw3Q.roa (raw, json)
Hash identifier:          9hVNNlmBMIccvRmDdcfQpFV8UsAlwgQb6xYm44zRJzc=
Subject key identifier:   E9:C2:9C:75:B8:3A:F7:BF:FF:66:FC:0F:F6:4C:23:80:61:15:C3:74
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198AEE0CDA673F069C87DA1324D33847050
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/6cKcdbg697__ZvwP9kwjgGEVw3Q.roa
Signing time:             Fri 15 Aug 2025 17:57:04 +0000
ROA not before:           Fri 15 Aug 2025 17:57:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399989
IP address blocks:        45.129.127.0/24 maxlen: 24
                          93.190.246.0/23 maxlen: 23
                          2a0f:bc01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ae:e0:cd:a6:73:f0:69:c8:7d:a1:32:4d:33:84:70:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 15 17:57:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9c29c75b83af7bfff66fc0ff64c23806115c374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0d:e3:5f:e1:b4:f0:d7:fe:49:7f:3c:ab:a7:
                    3a:38:58:70:e9:1d:f4:cd:ac:1b:1f:88:1b:66:78:
                    ef:62:66:4f:b0:f4:34:2d:2e:8e:80:5e:c0:62:98:
                    b3:cc:9b:91:19:ee:3e:c3:b3:bd:24:56:67:e4:54:
                    ff:5c:66:23:f6:9b:0e:d2:03:43:89:2d:97:3a:e7:
                    04:2a:96:24:1f:c8:28:89:3b:92:46:a2:bc:ab:7c:
                    ed:08:3d:98:c9:b9:38:9b:6d:bd:37:6d:90:2f:29:
                    c9:a5:9b:31:59:1c:f0:92:3e:c4:24:70:4a:fa:5a:
                    d9:54:50:6d:d0:d5:d1:f3:0f:18:a0:99:30:21:1f:
                    cc:35:d7:83:d5:91:cc:dc:5a:5e:40:f9:67:20:ed:
                    f7:06:8b:af:70:1e:c9:4e:14:c5:2f:03:6f:fa:49:
                    03:9b:83:43:f4:08:f1:50:b8:1f:38:27:70:ab:a4:
                    96:58:ba:82:66:15:cf:56:22:8a:d2:a1:48:5a:d8:
                    2a:6f:1b:38:20:87:a8:aa:5c:87:a4:ad:fe:80:3b:
                    81:9f:e5:c4:9e:0b:df:e5:c1:29:5d:3b:7a:cd:5a:
                    36:66:93:a6:27:e0:7c:42:b4:00:a9:23:d2:04:1e:
                    c5:aa:16:b9:73:8a:c0:e1:36:1c:52:65:72:00:41:
                    c1:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:C2:9C:75:B8:3A:F7:BF:FF:66:FC:0F:F6:4C:23:80:61:15:C3:74
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/6cKcdbg697__ZvwP9kwjgGEVw3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.127.0/24
                  93.190.246.0/23
                IPv6:
                  2a0f:bc01::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:c5:08:4b:64:73:51:a6:53:f1:17:53:9d:b9:25:84:66:d4:
         74:da:13:09:f9:de:24:52:06:5e:9c:b5:53:e7:b7:d4:68:9d:
         40:d9:8b:13:9d:2f:ca:55:7a:c2:e8:72:01:d1:76:7e:2b:c8:
         de:61:3c:b7:a6:f1:e3:ac:f0:d9:82:f6:04:0e:64:68:a6:85:
         44:7e:4c:06:9d:c6:d0:2f:a4:ad:35:a5:7c:a8:d0:13:41:4e:
         fa:eb:64:1b:f6:0a:bd:6e:4f:dc:5b:bd:37:37:db:43:65:b2:
         d3:03:b5:b9:f5:ae:9b:12:5b:37:4c:f3:81:f7:cd:ff:ed:52:
         b4:8e:87:5d:6a:06:58:7e:ce:b4:68:14:77:f6:2e:ae:e0:3e:
         9e:f3:da:d8:6a:13:8d:58:11:03:21:14:c8:65:39:52:35:44:
         4f:76:7b:c7:b2:cc:10:1c:73:59:e1:40:f0:9e:87:b9:2c:50:
         50:70:10:f4:3a:9f:24:f0:62:d4:8c:df:64:5c:04:b3:d2:43:
         d0:31:16:28:9e:05:5a:0f:d0:b4:df:db:1e:0c:c2:69:e4:26:
         21:30:79:d7:ce:70:3c:c8:db:fb:69:62:b2:62:26:2b:58:11:
         f2:fc:7c:c3:d9:6e:ac:f7:2a:45:dc:d1:6b:a2:c1:3d:25:bc:
         76:4f:ed:82
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZiu4M2mc/BpyH2hMk0zhHBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODE1MTc1NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWMyOWM3NWI4M2FmN2JmZmY2NmZjMGZmNjRjMjM4MDYxMTVjMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvA3jX+G08Nf+SX88q6c6OFhw6R30
zawbH4gbZnjvYmZPsPQ0LS6OgF7AYpizzJuRGe4+w7O9JFZn5FT/XGYj9psO0gND
iS2XOucEKpYkH8goiTuSRqK8q3ztCD2Yybk4m229N22QLynJpZsxWRzwkj7EJHBK
+lrZVFBt0NXR8w8YoJkwIR/MNdeD1ZHM3FpeQPlnIO33BouvcB7JThTFLwNv+kkD
m4ND9AjxULgfOCdwq6SWWLqCZhXPViKK0qFIWtgqbxs4IIeoqlyHpK3+gDuBn+XE
ngvf5cEpXTt6zVo2ZpOmJ+B8QrQAqSPSBB7Fqha5c4rA4TYcUmVyAEHBOQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOnCnHW4Ove//2b8D/ZMI4BhFcN0MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNmNLY2RiZzY5N19fWnZ3UDlrd2pnR0VWdzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALYF/AwQB
Xb72MA0EAgACMAcDBQAqD7wBMA0GCSqGSIb3DQEBCwUAA4IBAQBfxQhLZHNRplPx
F1OduSWEZtR02hMJ+d4kUgZenLVT57fUaJ1A2YsTnS/KVXrC6HIB0XZ+K8jeYTy3
pvHjrPDZgvYEDmRopoVEfkwGncbQL6StNaV8qNATQU7662Qb9gq9bk/cW703N9tD
ZbLTA7W59a6bEls3TPOB983/7VK0joddagZYfs60aBR39i6u4D6e89rYahONWBED
IRTIZTlSNURPdnvHsswQHHNZ4UDwnoe5LFBQcBD0Op8k8GLUjN9kXASz0kPQMRYo
ngVaD9C039seDMJp5CYhMHnXznA8yNv7aWKyYiYrWBHy/HzD2W6s9ypF3NFrosE9
Jbx2T+2C
-----END CERTIFICATE-----