Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/b6ZzKOMlbidIPPMmelSif3w-9QM.roa
File:                     b6ZzKOMlbidIPPMmelSif3w-9QM.roa (raw, json)
Hash identifier:          2SCmCkEfpqWs55+MpqiuJcmKP1bT8emMjJpFq+nQcFs=
Subject key identifier:   6F:A6:73:28:E3:25:6E:27:48:3C:F3:26:7A:54:A2:7F:7C:3E:F5:03
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       0198A1C033BAD84615909FFD2E540C1A4D91
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/b6ZzKOMlbidIPPMmelSif3w-9QM.roa
Signing time:             Wed 13 Aug 2025 04:46:24 +0000
ROA not before:           Wed 13 Aug 2025 04:46:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.18.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a1:c0:33:ba:d8:46:15:90:9f:fd:2e:54:0c:1a:4d:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: Aug 13 04:46:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fa67328e3256e27483cf3267a54a27f7c3ef503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:08:83:87:14:91:bd:a6:45:30:82:e3:87:ae:
                    b3:bd:ae:05:c6:b0:4d:cb:16:15:38:1d:18:99:f3:
                    d7:3c:32:52:69:60:20:1e:47:2c:67:87:71:3c:e7:
                    b0:f9:66:72:12:ce:9a:8f:96:46:20:3e:05:f8:05:
                    2a:46:e4:d7:e4:4d:15:56:06:2d:66:0e:ce:fc:af:
                    10:9b:ba:42:8c:1f:45:8f:64:49:57:b1:db:c7:b1:
                    f5:a3:33:20:16:8c:a4:3c:10:c4:46:07:2a:f5:36:
                    71:fd:56:e2:42:bd:a1:9f:4e:b0:61:85:9b:93:d2:
                    07:ae:be:62:9d:bb:9c:0f:e8:dc:ed:ac:a1:6b:0c:
                    71:d4:8f:be:9a:14:d8:b6:e9:ea:0f:58:8c:08:44:
                    6a:99:09:40:93:15:75:93:bf:ba:b8:56:9d:fd:0c:
                    4e:ba:0a:66:42:6d:a8:17:1c:cf:f5:0a:7c:3c:b9:
                    c0:4b:d5:75:a1:93:b4:fc:4a:fc:ba:b6:78:d9:cc:
                    63:b3:1a:49:52:99:4d:15:c6:22:ad:66:81:89:67:
                    21:a8:0b:67:78:f7:01:13:78:a3:fd:dc:9f:bd:9c:
                    77:3d:61:d4:e3:3f:42:2f:50:aa:ad:14:d4:77:90:
                    d6:c2:ab:68:aa:46:7f:86:ce:37:62:bc:d3:35:63:
                    18:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:A6:73:28:E3:25:6E:27:48:3C:F3:26:7A:54:A2:7F:7C:3E:F5:03
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/b6ZzKOMlbidIPPMmelSif3w-9QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:84:62:a8:3c:bb:de:5e:18:94:70:93:00:2a:5c:af:b0:e3:
         9a:9f:43:fe:e8:90:a6:97:7c:a9:5a:7f:fa:5d:18:07:e8:33:
         cb:44:a5:79:07:57:10:b8:40:38:14:06:ec:9a:c6:3a:12:f1:
         df:72:f0:3a:8f:d9:5c:5a:64:74:3b:07:83:06:c0:33:0f:dd:
         22:5c:7f:80:b4:89:cd:a2:b9:7d:95:ce:97:6d:af:f8:dd:96:
         1d:62:a4:c3:18:ac:fe:34:6b:ce:c3:7a:73:a6:e2:dd:32:22:
         ec:7c:aa:e3:73:10:09:9a:10:fc:1b:8d:b6:af:d9:6f:6d:a9:
         22:9a:ff:88:b7:de:4f:d6:32:bb:f8:d2:5e:fa:c8:3c:f9:5c:
         f7:bd:d2:79:33:ef:90:2c:f2:1e:7e:e6:cf:1c:3b:f6:67:98:
         c4:1e:5e:17:e0:74:e1:bf:4a:4e:60:dd:f4:2e:38:09:e3:88:
         9d:7c:34:56:dc:ce:b0:6b:6f:97:3a:43:b6:3d:4c:64:d0:83:
         c0:3d:57:c3:10:3d:f2:4d:14:a9:5d:b5:65:e9:9a:20:d8:d6:
         3a:69:6a:03:7f:ae:46:3c:02:39:ae:0d:09:b0:28:10:05:1b:
         be:03:88:b7:ce:8c:8b:1a:d1:fd:c4:4d:4a:ec:b1:e8:86:1f:
         32:13:99:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZihwDO62EYVkJ/9LlQMGk2RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjUwODEzMDQ0NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmE2NzMyOGUzMjU2ZTI3NDgzY2YzMjY3YTU0YTI3ZjdjM2VmNTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgiDhxSRvaZFMILjh66zva4FxrBN
yxYVOB0YmfPXPDJSaWAgHkcsZ4dxPOew+WZyEs6aj5ZGID4F+AUqRuTX5E0VVgYt
Zg7O/K8Qm7pCjB9Fj2RJV7Hbx7H1ozMgFoykPBDERgcq9TZx/VbiQr2hn06wYYWb
k9IHrr5inbucD+jc7ayhawxx1I++mhTYtunqD1iMCERqmQlAkxV1k7+6uFad/QxO
ugpmQm2oFxzP9Qp8PLnAS9V1oZO0/Er8urZ42cxjsxpJUplNFcYirWaBiWchqAtn
ePcBE3ij/dyfvZx3PWHU4z9CL1CqrRTUd5DWwqtoqkZ/hs43YrzTNWMYcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+mcyjjJW4nSDzzJnpUon98PvUDMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvYjZaektPTWxiaWRJUFBNbWVsU2lmM3ctOVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI4MA0G
CSqGSIb3DQEBCwUAA4IBAQCUhGKoPLveXhiUcJMAKlyvsOOan0P+6JCml3ypWn/6
XRgH6DPLRKV5B1cQuEA4FAbsmsY6EvHfcvA6j9lcWmR0OweDBsAzD90iXH+AtInN
orl9lc6Xba/43ZYdYqTDGKz+NGvOw3pzpuLdMiLsfKrjcxAJmhD8G422r9lvbaki
mv+It95P1jK7+NJe+sg8+Vz3vdJ5M++QLPIefubPHDv2Z5jEHl4X4HThv0pOYN30
LjgJ44idfDRW3M6wa2+XOkO2PUxk0IPAPVfDED3yTRSpXbVl6Zog2NY6aWoDf65G
PAI5rg0JsCgQBRu+A4i3zoyLGtH9xE1K7LHohh8yE5nT
-----END CERTIFICATE-----