Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/6bP2Hbq7B8FfgSpm-g0RjnRG09M.roa
File:                     6bP2Hbq7B8FfgSpm-g0RjnRG09M.roa (raw, json)
Hash identifier:          dhy3foa2kdGd9tWYMEzVZ1K79M1Cxv3oKtbrCE9/V7s=
Subject key identifier:   E9:B3:F6:1D:BA:BB:07:C1:5F:81:2A:66:FA:0D:11:8E:74:46:D3:D3
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       01977800A98EF0A79E3E61BC5AF4AA296963
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/6bP2Hbq7B8FfgSpm-g0RjnRG09M.roa
Signing time:             Mon 16 Jun 2025 09:09:58 +0000
ROA not before:           Mon 16 Jun 2025 09:09:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        185.49.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:00:a9:8e:f0:a7:9e:3e:61:bc:5a:f4:aa:29:69:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: Jun 16 09:09:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9b3f61dbabb07c15f812a66fa0d118e7446d3d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4f:a0:c4:77:d1:88:3a:c9:a3:c5:82:cf:7a:
                    3b:db:c3:e7:3d:3f:5a:ca:3b:18:ef:1e:2d:dc:f1:
                    c1:70:d9:9d:81:0f:df:52:af:d0:7c:49:aa:76:83:
                    00:77:2d:7b:98:34:bf:d5:1a:c9:47:1b:19:43:eb:
                    d7:3a:86:70:36:be:ac:8a:c3:55:2f:43:c4:3b:7c:
                    26:89:ff:03:64:64:b1:b1:2d:61:44:c1:ac:5f:e3:
                    42:23:ee:f4:e1:e4:c1:ea:d2:09:c6:ad:6b:f2:d6:
                    fb:15:d7:d9:6f:bc:d9:83:b7:8a:0d:11:cb:52:ab:
                    6d:c7:c0:7c:42:5d:eb:e8:67:7f:9a:62:90:47:57:
                    d3:8a:20:5f:24:cb:45:a9:bc:1f:0d:a0:04:3f:c4:
                    de:9d:80:5a:9d:0e:34:90:98:c8:5d:a8:3e:96:69:
                    bd:ab:f0:0f:8b:16:ad:ed:2f:de:4f:68:a6:de:d1:
                    2d:3c:31:42:c8:82:46:4b:17:7c:ab:09:7b:76:54:
                    21:76:0a:1c:d4:2c:42:11:ec:39:7a:e5:6e:b6:10:
                    6a:1a:c4:94:bb:87:dc:4c:f3:cc:7f:d4:c8:80:77:
                    12:e6:d4:76:f1:ae:62:0a:a4:c2:c0:dc:2b:0c:c5:
                    db:f0:dc:1e:c9:1e:d3:85:68:92:eb:3c:b6:35:63:
                    f8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B3:F6:1D:BA:BB:07:C1:5F:81:2A:66:FA:0D:11:8E:74:46:D3:D3
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/6bP2Hbq7B8FfgSpm-g0RjnRG09M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:46:aa:f5:24:b6:40:8d:30:eb:c2:b6:12:8b:4c:db:41:87:
         91:96:8a:e2:32:ed:63:be:66:fd:b8:7b:ed:bf:f5:77:ca:ab:
         1a:ee:11:7a:bd:c5:ff:e7:18:65:64:6f:09:45:73:3a:31:d2:
         98:54:3a:15:2a:ae:fc:31:e9:63:e4:7b:16:81:7a:63:98:1b:
         87:2a:56:80:79:44:3d:d0:32:dd:47:82:01:e1:e8:4b:2a:e0:
         60:28:15:0a:b6:2b:a8:71:38:b0:fc:d1:08:d3:3a:68:d4:52:
         dc:b9:67:4a:19:6d:5b:02:2b:17:1b:40:a2:b0:88:7a:a5:25:
         b4:68:cf:57:a5:9c:a4:79:47:45:74:b1:fd:5c:08:8e:60:a3:
         25:ee:bd:5e:9a:e3:fc:8d:7f:13:56:8c:a5:87:98:18:97:07:
         c9:49:e5:91:d3:cb:0a:7d:96:24:fd:44:d5:08:e0:0a:a5:57:
         b0:37:e2:5a:c3:5a:84:0c:0f:81:84:06:b9:47:7a:01:6f:68:
         a2:e3:f5:04:2c:dc:6f:4b:39:cf:8c:9f:47:0c:6e:9d:86:92:
         ad:19:3a:65:43:20:27:63:92:c4:b9:c6:f8:b2:ba:d5:da:0f:
         7b:34:74:b7:f3:2b:bf:16:b2:1c:dd:db:f1:af:6c:2e:00:e0:
         fc:64:b3:46
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZd4AKmO8KeePmG8WvSqKWljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjUwNjE2MDkwOTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWIzZjYxZGJhYmIwN2MxNWY4MTJhNjZmYTBkMTE4ZTc0NDZkM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU+gxHfRiDrJo8WCz3o728PnPT9a
yjsY7x4t3PHBcNmdgQ/fUq/QfEmqdoMAdy17mDS/1RrJRxsZQ+vXOoZwNr6sisNV
L0PEO3wmif8DZGSxsS1hRMGsX+NCI+704eTB6tIJxq1r8tb7FdfZb7zZg7eKDRHL
Uqttx8B8Ql3r6Gd/mmKQR1fTiiBfJMtFqbwfDaAEP8TenYBanQ40kJjIXag+lmm9
q/APixat7S/eT2im3tEtPDFCyIJGSxd8qwl7dlQhdgoc1CxCEew5euVuthBqGsSU
u4fcTPPMf9TIgHcS5tR28a5iCqTCwNwrDMXb8NweyR7ThWiS6zy2NWP40QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOmz9h26uwfBX4EqZvoNEY50RtPTMB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xLzZiUDJIYnE3QjhGZmdTcG0tZzBSam5SRzA5TS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5MWkw
DQYJKoZIhvcNAQELBQADggEBAB5GqvUktkCNMOvCthKLTNtBh5GWiuIy7WO+Zv24
e+2/9XfKqxruEXq9xf/nGGVkbwlFczox0phUOhUqrvwx6WPkexaBemOYG4cqVoB5
RD3QMt1HggHh6Esq4GAoFQq2K6hxOLD80QjTOmjUUty5Z0oZbVsCKxcbQKKwiHql
JbRoz1elnKR5R0V0sf1cCI5goyXuvV6a4/yNfxNWjKWHmBiXB8lJ5ZHTywp9liT9
RNUI4AqlV7A34lrDWoQMD4GEBrlHegFvaKLj9QQs3G9LOc+Mn0cMbp2Gkq0ZOmVD
ICdjksS5xviyutXaD3s0dLfzK78Wshzd2/GvbC4A4Pxks0Y=
-----END CERTIFICATE-----