Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/l6j2aX0QSLWVCzZDpMtGz8W4wjo.roa
File:                     l6j2aX0QSLWVCzZDpMtGz8W4wjo.roa (raw, json)
Hash identifier:          AigJG7f6f5V64toLqhPhGUD+Okr3C21xM3JcJXAk2jE=
Subject key identifier:   97:A8:F6:69:7D:10:48:B5:95:0B:36:43:A4:CB:46:CF:C5:B8:C2:3A
Certificate issuer:       /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial:       0198847F87EE2D15CC6CDEE77D5C51186EF2
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/l6j2aX0QSLWVCzZDpMtGz8W4wjo.roa
Signing time:             Thu 07 Aug 2025 12:26:47 +0000
ROA not before:           Thu 07 Aug 2025 12:26:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        217.173.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:84:7f:87:ee:2d:15:cc:6c:de:e7:7d:5c:51:18:6e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
        Validity
            Not Before: Aug  7 12:26:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97a8f6697d1048b5950b3643a4cb46cfc5b8c23a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4d:6c:9e:b5:0b:4d:9e:f9:ac:e6:f0:de:e5:
                    24:a2:bf:c2:98:ea:97:7c:7e:d0:ba:a0:eb:19:27:
                    e5:c2:81:76:98:e3:43:dd:a3:74:89:f8:fa:18:7e:
                    fc:25:78:06:56:0d:26:f2:0c:29:43:28:2c:d4:60:
                    70:9e:6c:75:4f:25:ab:55:85:bc:43:44:91:04:48:
                    0a:a3:f4:b9:79:6f:02:71:c2:d8:4c:79:73:ef:03:
                    bb:bf:6e:c2:80:8a:00:38:d8:7a:22:97:bf:07:05:
                    c0:7e:cd:9e:e4:6a:d7:c5:4c:66:26:88:22:a2:02:
                    fd:95:6d:2d:8f:80:09:a1:f3:b3:86:83:43:9e:b3:
                    9f:f3:dc:a0:c5:70:ce:11:25:b4:d4:db:ec:e5:b4:
                    38:3f:01:bb:c1:b8:90:65:76:ae:2a:3a:15:52:af:
                    68:d2:14:5a:6e:2a:2a:29:66:30:2d:46:e2:3c:01:
                    4b:77:43:fb:aa:c5:5b:00:f4:97:71:30:d6:24:8c:
                    f1:f7:63:30:a3:23:62:c7:2a:c4:7d:f3:82:a0:50:
                    22:97:7b:9a:d9:9f:da:e6:59:f2:6d:d8:f5:48:e6:
                    21:14:1f:1c:3c:6f:d8:1c:f0:0d:46:fc:76:2d:8f:
                    f8:e1:e3:37:68:62:a9:f2:44:ad:ed:58:cb:19:b7:
                    ec:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:A8:F6:69:7D:10:48:B5:95:0B:36:43:A4:CB:46:CF:C5:B8:C2:3A
            X509v3 Authority Key Identifier:
                keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/l6j2aX0QSLWVCzZDpMtGz8W4wjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.173.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c1:fd:e5:c7:7d:51:fa:ea:3b:93:0b:07:a4:52:eb:da:e4:02:
         e2:7f:51:38:17:ce:d3:e7:7e:1b:b2:01:ab:40:dc:c5:18:42:
         61:b5:1f:6e:a2:80:e9:fc:29:7e:92:23:19:08:86:87:1a:5c:
         1a:3c:f9:99:a8:42:26:af:67:60:53:01:cb:c1:21:49:d2:1f:
         19:93:95:88:a7:26:59:bd:b9:a9:50:1c:18:5b:c0:9c:1b:54:
         78:77:2e:38:63:66:54:ab:77:63:08:fc:93:6e:3d:eb:6c:91:
         fb:0f:9e:8c:f5:d7:d1:f3:df:04:4e:75:7d:19:47:58:b9:40:
         0f:2f:2b:a2:b3:18:32:95:8d:01:b8:b8:15:0f:e1:28:d1:f6:
         ab:eb:7e:3e:af:95:4c:66:8e:9a:6e:fb:48:f5:a9:c4:ae:d4:
         77:46:98:dc:aa:9e:ad:16:a8:48:1a:a8:9c:93:11:86:e3:90:
         5f:6d:ee:b8:26:51:a3:71:14:dd:15:5a:9f:32:41:cd:b9:96:
         ae:10:f7:5b:8e:56:4f:2b:a7:c2:5e:0e:f0:2e:6c:8c:7c:28:
         e7:bd:59:ea:8a:70:3e:64:f2:c8:47:0d:21:a7:07:31:78:6f:
         a2:9c:ca:67:1f:91:92:36:8a:d3:89:59:59:b9:39:34:7c:19:
         b1:32:ec:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiEf4fuLRXMbN7nfVxRGG7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjUwODA3MTIyNjQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2E4ZjY2OTdkMTA0OGI1OTUwYjM2NDNhNGNiNDZjZmM1YjhjMjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvU1snrULTZ75rObw3uUkor/CmOqX
fH7QuqDrGSflwoF2mOND3aN0ifj6GH78JXgGVg0m8gwpQygs1GBwnmx1TyWrVYW8
Q0SRBEgKo/S5eW8CccLYTHlz7wO7v27CgIoAONh6Ipe/BwXAfs2e5GrXxUxmJogi
ogL9lW0tj4AJofOzhoNDnrOf89ygxXDOESW01Nvs5bQ4PwG7wbiQZXauKjoVUq9o
0hRabioqKWYwLUbiPAFLd0P7qsVbAPSXcTDWJIzx92MwoyNixyrEffOCoFAil3ua
2Z/a5lnybdj1SOYhFB8cPG/YHPANRvx2LY/44eM3aGKp8kSt7VjLGbfsDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJeo9ml9EEi1lQs2Q6TLRs/FuMI6MB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEvbDZqMmFYMFFTTFdWQ3paRHBNdEd6OFc0d2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2a2SMA0G
CSqGSIb3DQEBCwUAA4IBAQDB/eXHfVH66juTCwekUuva5ALif1E4F87T534bsgGr
QNzFGEJhtR9uooDp/Cl+kiMZCIaHGlwaPPmZqEImr2dgUwHLwSFJ0h8Zk5WIpyZZ
vbmpUBwYW8CcG1R4dy44Y2ZUq3djCPyTbj3rbJH7D56M9dfR898ETnV9GUdYuUAP
LyuisxgylY0BuLgVD+Eo0far634+r5VMZo6abvtI9anErtR3Rpjcqp6tFqhIGqic
kxGG45Bfbe64JlGjcRTdFVqfMkHNuZauEPdbjlZPK6fCXg7wLmyMfCjnvVnqinA+
ZPLIRw0hpwcxeG+inMpnH5GSNorTiVlZuTk0fBmxMuxr
-----END CERTIFICATE-----