Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/6IkZBXCDBvkQhAIQNXeH3yNoNaA.roa
File:                     6IkZBXCDBvkQhAIQNXeH3yNoNaA.roa (raw, json)
Hash identifier:          b7E3k6Q4wxRUHUIiqGXMu+Ely1EO4vPNG95lX/ddMhs=
Subject key identifier:   E8:89:19:05:70:83:06:F9:10:84:02:10:35:77:87:DF:23:68:35:A0
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0198A8C33DDF898E35A17E870A1F3CB84C1B
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/6IkZBXCDBvkQhAIQNXeH3yNoNaA.roa
Signing time:             Thu 14 Aug 2025 13:27:04 +0000
ROA not before:           Thu 14 Aug 2025 13:27:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43180
IP address blocks:        135.196.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:c3:3d:df:89:8e:35:a1:7e:87:0a:1f:3c:b8:4c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Aug 14 13:27:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8891905708306f910840210357787df236835a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2a:2d:6d:30:2b:89:ed:3d:95:3e:4f:6c:84:
                    d2:9f:83:cd:36:df:34:36:2b:c5:3c:38:e9:74:32:
                    4f:42:79:be:b6:0b:b1:05:95:a3:2d:1f:c7:78:99:
                    e6:10:b0:38:55:ab:55:fb:8a:86:ed:68:da:0c:b5:
                    85:50:ce:7b:00:10:d9:a5:f8:e3:5e:11:f7:b3:ff:
                    9a:e3:04:25:69:98:b5:98:b5:f6:48:25:51:f1:8b:
                    43:8d:76:34:7f:a4:88:39:4c:4f:56:41:bc:2a:8e:
                    44:b0:27:99:5d:6b:4e:9b:e4:bb:48:6b:20:0c:43:
                    74:ee:8b:f6:10:17:83:c6:a6:7a:94:82:c5:78:17:
                    87:0d:37:34:c4:dc:f1:fc:20:44:9e:6e:e3:0b:5e:
                    b6:d3:1f:b4:e7:a6:f3:22:98:2c:20:e6:ce:98:e2:
                    02:18:61:15:5f:15:14:f6:e0:90:4a:9f:ee:40:f1:
                    f3:e8:c6:dc:e6:31:52:b1:15:81:fb:01:87:ee:3f:
                    6a:de:95:d7:d1:30:b6:32:a9:d3:44:2d:64:30:5e:
                    49:78:f9:d8:91:29:ef:f2:13:6e:53:a2:d1:c2:90:
                    40:18:59:a0:0a:88:ba:6d:2b:ab:3c:c7:47:f6:8c:
                    a1:56:74:0d:50:2e:0a:de:7b:c1:7e:9b:25:0f:c6:
                    0e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:89:19:05:70:83:06:F9:10:84:02:10:35:77:87:DF:23:68:35:A0
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/6IkZBXCDBvkQhAIQNXeH3yNoNaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  135.196.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:ee:e5:99:cf:94:1a:12:6a:3a:02:f9:2c:fd:37:51:cc:16:
         3c:84:d3:48:6c:59:b8:65:f0:b8:62:b0:1e:f7:4e:19:76:ad:
         65:c2:da:f5:b1:bf:17:f9:37:2f:1d:c0:ec:de:46:3c:f6:fe:
         cc:c5:97:5f:fc:00:1b:e7:12:4a:25:bb:04:33:78:58:64:7f:
         4a:6d:70:16:a3:ec:fa:1e:83:68:d7:3e:6c:69:3e:aa:f1:7b:
         69:70:23:95:0d:36:9d:cc:5b:46:0b:6c:4f:b8:f1:bc:04:7e:
         75:e6:10:aa:63:4e:33:d8:3b:0a:48:ab:33:b6:84:6b:87:a7:
         22:d8:63:08:8e:5d:db:a8:05:ef:db:4f:33:ef:98:34:4e:cf:
         3e:33:50:6c:0f:99:8a:8f:e3:38:84:ca:5f:79:94:40:68:7b:
         b4:41:4c:68:93:2e:a1:20:64:8f:51:92:87:84:98:ab:6d:cb:
         c4:cf:44:cb:9f:54:7e:39:b4:11:15:ca:5e:d4:a0:0b:8c:42:
         c7:aa:8f:c9:29:83:d2:53:07:fd:83:1b:cf:f2:eb:98:a7:a2:
         42:f1:e3:90:b9:c7:10:72:f2:c8:ca:3a:ff:fd:47:98:96:73:
         08:f5:75:ff:a7:db:8c:e8:8b:24:26:5f:08:46:3d:b8:d0:bb:
         19:17:bc:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiowz3fiY41oX6HCh88uEwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwODE0MTMyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODg5MTkwNTcwODMwNmY5MTA4NDAyMTAzNTc3ODdkZjIzNjgzNWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiotbTArie09lT5PbITSn4PNNt80
NivFPDjpdDJPQnm+tguxBZWjLR/HeJnmELA4VatV+4qG7WjaDLWFUM57ABDZpfjj
XhH3s/+a4wQlaZi1mLX2SCVR8YtDjXY0f6SIOUxPVkG8Ko5EsCeZXWtOm+S7SGsg
DEN07ov2EBeDxqZ6lILFeBeHDTc0xNzx/CBEnm7jC1620x+056bzIpgsIObOmOIC
GGEVXxUU9uCQSp/uQPHz6Mbc5jFSsRWB+wGH7j9q3pXX0TC2MqnTRC1kMF5JePnY
kSnv8hNuU6LRwpBAGFmgCoi6bSurPMdH9oyhVnQNUC4K3nvBfpslD8YOSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiJGQVwgwb5EIQCEDV3h98jaDWgMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvNklrWkJYQ0RCdmtRaEFJUU5YZUgzeU5vTmFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAh8SrMA0G
CSqGSIb3DQEBCwUAA4IBAQA07uWZz5QaEmo6Avks/TdRzBY8hNNIbFm4ZfC4YrAe
904Zdq1lwtr1sb8X+TcvHcDs3kY89v7MxZdf/AAb5xJKJbsEM3hYZH9KbXAWo+z6
HoNo1z5saT6q8XtpcCOVDTadzFtGC2xPuPG8BH515hCqY04z2DsKSKsztoRrh6ci
2GMIjl3bqAXv208z75g0Ts8+M1BsD5mKj+M4hMpfeZRAaHu0QUxoky6hIGSPUZKH
hJirbcvEz0TLn1R+ObQRFcpe1KALjELHqo/JKYPSUwf9gxvP8uuYp6JC8eOQuccQ
cvLIyjr//UeYlnMI9XX/p9uM6IskJl8IRj240LsZF7yT
-----END CERTIFICATE-----