Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/g6Sb-zsbm1WES6HFc1zZZiQygEM.roa
File:                     g6Sb-zsbm1WES6HFc1zZZiQygEM.roa (raw, json)
Hash identifier:          GNjXKqZsFHcGyZnH0M0klj3fOamf/suoKAjpYuDpXqs=
Subject key identifier:   83:A4:9B:FB:3B:1B:9B:55:84:4B:A1:C5:73:5C:D9:66:24:32:80:43
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0198A7B490EBC6E4AB3E8DC369042F4E6C16
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/g6Sb-zsbm1WES6HFc1zZZiQygEM.roa
Signing time:             Thu 14 Aug 2025 08:31:25 +0000
ROA not before:           Thu 14 Aug 2025 08:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        185.221.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:b4:90:eb:c6:e4:ab:3e:8d:c3:69:04:2f:4e:6c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Aug 14 08:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83a49bfb3b1b9b55844ba1c5735cd96624328043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d8:be:fe:52:bd:02:c0:f2:bf:2f:ee:60:0d:
                    65:70:15:c0:a9:05:8a:73:ad:1a:95:87:0b:46:f9:
                    fc:c9:98:7f:36:38:52:69:e8:92:ef:6e:56:0b:e4:
                    8d:8f:a7:ab:73:0f:ae:cc:f0:9f:68:4d:12:d5:c4:
                    3e:a7:c8:1e:d3:3b:3d:ff:c2:73:c1:90:20:c0:1a:
                    6d:62:da:e2:40:1a:22:b2:db:50:39:f0:ef:c3:0e:
                    4a:e1:a3:c7:7b:d3:7d:0c:06:ca:73:11:56:93:1c:
                    04:1d:10:4e:03:bb:78:1c:f4:0f:6e:2e:c1:c6:49:
                    5d:97:da:90:47:c4:b0:08:d4:d2:dd:7c:5d:f6:a5:
                    24:58:cb:8b:03:10:1e:5b:45:12:f4:dc:00:23:8e:
                    8f:70:aa:7a:85:88:99:11:cb:25:aa:39:49:ee:a2:
                    f4:53:67:2f:17:4a:d0:ae:cb:1b:4f:9c:7b:6f:50:
                    c6:53:21:a6:b8:19:b4:bc:13:0e:d8:9f:46:22:2f:
                    47:ed:73:89:03:dd:ad:fe:a7:20:75:5a:8d:b2:ee:
                    3c:56:c8:01:a7:3f:35:df:bf:b0:80:f9:7e:a2:b9:
                    a4:43:33:71:b6:06:7b:51:6e:93:cc:46:8a:c2:3e:
                    45:b9:71:0a:17:64:25:5f:20:c0:db:bf:5c:44:99:
                    8e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:A4:9B:FB:3B:1B:9B:55:84:4B:A1:C5:73:5C:D9:66:24:32:80:43
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/g6Sb-zsbm1WES6HFc1zZZiQygEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:f6:54:6c:be:e6:d0:91:74:f2:cc:d3:af:f0:d6:3f:40:62:
         5f:83:43:54:fa:71:d9:af:c8:61:70:c1:f7:1a:be:af:68:fe:
         33:a2:1e:58:c4:ff:f7:d3:5e:b1:97:61:06:e7:4b:42:99:e7:
         a3:e2:67:73:34:80:59:60:5b:32:56:ad:c7:16:64:df:33:7e:
         87:93:5f:1c:07:c8:ba:7f:f7:8a:5a:8f:dd:05:aa:2b:02:ef:
         b1:94:3f:7a:83:f8:77:e6:9c:1b:c5:61:7c:1e:d0:ea:2c:e1:
         07:15:0d:33:de:8d:a9:99:5e:04:54:76:08:b3:d6:83:6a:2c:
         28:c5:e0:f4:f0:4a:6c:d0:ba:93:5d:b4:82:08:05:ee:fb:3b:
         06:bf:26:45:d9:1c:bd:7d:0e:8e:6d:c4:25:9b:65:2d:5e:fc:
         15:5e:09:fe:a3:b5:83:af:dd:b7:f7:bd:17:e0:aa:c9:ea:34:
         9a:cf:c0:5f:75:a3:dc:e5:2a:3b:cf:20:e8:3b:fa:03:fb:a9:
         8b:c4:03:24:b7:97:f3:6b:92:89:6d:68:cb:77:37:24:4e:9d:
         c0:d2:e2:b2:cc:ae:a0:25:c1:2b:ab:73:0d:0c:77:7c:a4:fc:
         55:f3:9d:8a:0c:17:3c:1f:4d:75:2f:78:d1:b6:4d:4d:8f:4a:
         19:76:c0:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZintJDrxuSrPo3DaQQvTmwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwODE0MDgzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2E0OWJmYjNiMWI5YjU1ODQ0YmExYzU3MzVjZDk2NjI0MzI4MDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ti+/lK9AsDyvy/uYA1lcBXAqQWK
c60alYcLRvn8yZh/NjhSaeiS725WC+SNj6ercw+uzPCfaE0S1cQ+p8ge0zs9/8Jz
wZAgwBptYtriQBoisttQOfDvww5K4aPHe9N9DAbKcxFWkxwEHRBOA7t4HPQPbi7B
xkldl9qQR8SwCNTS3Xxd9qUkWMuLAxAeW0US9NwAI46PcKp6hYiZEcslqjlJ7qL0
U2cvF0rQrssbT5x7b1DGUyGmuBm0vBMO2J9GIi9H7XOJA92t/qcgdVqNsu48VsgB
pz8137+wgPl+ormkQzNxtgZ7UW6TzEaKwj5FuXEKF2QlXyDA279cRJmOdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOkm/s7G5tVhEuhxXNc2WYkMoBDMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZzZTYi16c2JtMVdFUzZIRmMxelpaaVF5Z0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBud0WMA0G
CSqGSIb3DQEBCwUAA4IBAQCg9lRsvubQkXTyzNOv8NY/QGJfg0NU+nHZr8hhcMH3
Gr6vaP4zoh5YxP/3016xl2EG50tCmeej4mdzNIBZYFsyVq3HFmTfM36Hk18cB8i6
f/eKWo/dBaorAu+xlD96g/h35pwbxWF8HtDqLOEHFQ0z3o2pmV4EVHYIs9aDaiwo
xeD08Eps0LqTXbSCCAXu+zsGvyZF2Ry9fQ6ObcQlm2UtXvwVXgn+o7WDr923970X
4KrJ6jSaz8BfdaPc5So7zyDoO/oD+6mLxAMkt5fza5KJbWjLdzckTp3A0uKyzK6g
JcErq3MNDHd8pPxV852KDBc8H011L3jRtk1Nj0oZdsBX
-----END CERTIFICATE-----