Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/aTnEZ3qJi3HsJl9jOBdQ5POjAmI.roa
File:                     aTnEZ3qJi3HsJl9jOBdQ5POjAmI.roa (raw, json)
Hash identifier:          qnfjLM+QmLtrI4x3Fm5+QIexxVzibi6cTtgoV9o6gj4=
Subject key identifier:   69:39:C4:67:7A:89:8B:71:EC:26:5F:63:38:17:50:E4:F3:A3:02:62
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0197A65420B3763491CCBDA5E21226CC019E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/aTnEZ3qJi3HsJl9jOBdQ5POjAmI.roa
Signing time:             Wed 25 Jun 2025 09:03:40 +0000
ROA not before:           Wed 25 Jun 2025 09:03:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216309
IP address blocks:        94.249.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 13:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:54:20:b3:76:34:91:cc:bd:a5:e2:12:26:cc:01:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jun 25 09:03:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6939c4677a898b71ec265f63381750e4f3a30262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e1:2e:18:b4:3c:5a:da:8d:2a:ae:11:bb:f5:
                    73:00:3e:82:e1:e0:8c:fb:55:3d:f9:1c:0d:85:f9:
                    64:dc:79:3b:04:bd:94:77:c8:bd:e0:e0:ba:66:51:
                    9a:ba:3b:19:39:c6:83:92:d3:19:d9:af:b1:81:b3:
                    ff:b4:33:69:e4:33:54:81:17:62:c8:e2:ab:db:73:
                    70:bc:85:e0:fe:b5:c6:ec:11:4e:18:39:f6:12:61:
                    12:c3:9a:28:99:2f:c8:38:63:36:3d:f3:cb:be:b3:
                    91:dd:50:32:e9:c4:32:02:2a:2e:e4:62:c1:f5:96:
                    18:5c:5d:f0:81:d4:b8:cc:26:1c:c2:6e:1b:ab:f2:
                    d2:9d:7f:e9:bb:de:a7:14:35:41:91:4b:a8:64:e9:
                    4a:a3:f7:57:35:36:e6:af:4d:e8:35:53:d3:66:b3:
                    d7:c2:cc:63:78:c9:51:9e:d2:21:ef:5a:9b:26:fb:
                    1e:90:ad:cd:a2:dc:d8:37:52:39:65:cf:f7:66:df:
                    15:3e:f2:d2:f4:9a:2c:e2:be:46:9d:f1:f5:03:c7:
                    ae:9f:a9:24:14:49:bb:65:2a:fb:cd:e8:9a:00:9f:
                    9e:92:ff:25:51:7f:92:e7:f4:e4:af:73:06:05:5a:
                    fb:c4:96:46:4b:59:da:8e:49:55:4b:8f:5a:2a:d7:
                    f3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:39:C4:67:7A:89:8B:71:EC:26:5F:63:38:17:50:E4:F3:A3:02:62
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/aTnEZ3qJi3HsJl9jOBdQ5POjAmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.249.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:29:2c:15:bd:f2:01:ed:5b:6d:dd:dc:4e:d7:50:36:09:66:
         4f:22:73:7a:67:00:70:e7:52:59:5b:cc:1f:94:0c:00:12:0a:
         f4:ab:1a:0c:b6:39:3e:e3:51:07:85:cc:f9:b3:6f:db:79:64:
         4d:4b:0b:53:15:35:24:4c:73:3c:37:38:aa:d8:f7:69:15:7b:
         7c:0c:94:d6:14:23:64:11:5b:06:ab:02:ee:37:fa:39:5c:59:
         9b:cd:65:24:4a:e3:09:49:fb:d2:c4:63:d8:ea:f9:33:0a:f4:
         15:3e:46:0c:cc:b1:82:19:08:57:dc:11:07:36:c0:aa:1e:b1:
         e7:66:6c:15:77:db:8d:28:93:ff:44:69:ee:6f:50:86:aa:89:
         87:af:1f:3a:58:44:62:bc:8e:18:f8:ba:0c:ed:23:50:f0:34:
         be:19:56:ec:2c:9a:c6:ba:b0:23:e3:5a:05:19:de:31:4f:13:
         a0:fb:6a:ae:95:8d:45:f2:c8:26:27:b2:e9:30:c0:36:a7:c7:
         4e:c4:d1:f8:fa:6f:ac:1d:90:98:9a:c5:3e:43:36:44:e2:4a:
         9d:76:cd:95:1d:7d:f7:7d:5d:fc:23:c7:f7:9a:b5:6c:0e:83:
         28:8c:d5:a3:db:d8:60:ae:1e:d1:2c:25:ae:7c:4d:16:34:30:
         5a:cc:0e:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZemVCCzdjSRzL2l4hImzAGeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNjI1MDkwMzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTM5YzQ2NzdhODk4YjcxZWMyNjVmNjMzODE3NTBlNGYzYTMwMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+EuGLQ8WtqNKq4Ru/VzAD6C4eCM
+1U9+RwNhflk3Hk7BL2Ud8i94OC6ZlGaujsZOcaDktMZ2a+xgbP/tDNp5DNUgRdi
yOKr23NwvIXg/rXG7BFOGDn2EmESw5oomS/IOGM2PfPLvrOR3VAy6cQyAiou5GLB
9ZYYXF3wgdS4zCYcwm4bq/LSnX/pu96nFDVBkUuoZOlKo/dXNTbmr03oNVPTZrPX
wsxjeMlRntIh71qbJvsekK3NotzYN1I5Zc/3Zt8VPvLS9Jos4r5GnfH1A8eun6kk
FEm7ZSr7zeiaAJ+ekv8lUX+S5/Tkr3MGBVr7xJZGS1najklVS49aKtfzzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGk5xGd6iYtx7CZfYzgXUOTzowJiMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvYVRuRVozcUppM0hzSmw5ak9CZFE1UE9qQW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvnnMA0G
CSqGSIb3DQEBCwUAA4IBAQA2KSwVvfIB7Vtt3dxO11A2CWZPInN6ZwBw51JZW8wf
lAwAEgr0qxoMtjk+41EHhcz5s2/beWRNSwtTFTUkTHM8Nziq2PdpFXt8DJTWFCNk
EVsGqwLuN/o5XFmbzWUkSuMJSfvSxGPY6vkzCvQVPkYMzLGCGQhX3BEHNsCqHrHn
ZmwVd9uNKJP/RGnub1CGqomHrx86WERivI4Y+LoM7SNQ8DS+GVbsLJrGurAj41oF
Gd4xTxOg+2qulY1F8sgmJ7LpMMA2p8dOxNH4+m+sHZCYmsU+QzZE4kqdds2VHX33
fV38I8f3mrVsDoMojNWj29hgrh7RLCWufE0WNDBazA45
-----END CERTIFICATE-----