Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Q6hzAiXUc8ANJ4tVJ1mvX9s6yqo.roa
File:                     Q6hzAiXUc8ANJ4tVJ1mvX9s6yqo.roa (raw, json)
Hash identifier:          BxQaBSOdwka6aZy2gIUZw4XToq8KU+liGoXntgeNAfA=
Subject key identifier:   43:A8:73:02:25:D4:73:C0:0D:27:8B:55:27:59:AF:5F:DB:3A:CA:AA
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0197872169AB6605AEC0B671A4C36E74BCCE
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Q6hzAiXUc8ANJ4tVJ1mvX9s6yqo.roa
Signing time:             Thu 19 Jun 2025 07:40:03 +0000
ROA not before:           Thu 19 Jun 2025 07:40:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     262287
IP address blocks:        213.201.214.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:87:21:69:ab:66:05:ae:c0:b6:71:a4:c3:6e:74:bc:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 19 07:40:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43a8730225d473c00d278b552759af5fdb3acaaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:15:2d:79:05:a6:27:09:f9:c4:a6:f5:0b:d1:
                    4f:de:14:c2:0a:c3:7f:0d:d7:85:99:64:bc:0d:f3:
                    28:3e:32:39:da:a5:6d:b4:a2:4f:17:b1:be:71:1c:
                    37:39:9d:83:9b:8b:d0:25:28:1b:25:e9:fa:a8:e9:
                    b8:c1:a3:7f:b9:2f:27:94:8a:a7:09:03:e4:65:e9:
                    99:f0:3b:5b:8f:9f:54:8b:97:60:28:47:4b:25:5f:
                    03:e7:e2:2c:52:13:59:83:40:52:90:94:18:fc:31:
                    bf:54:0f:73:dd:83:48:b4:f4:7f:25:31:ce:41:60:
                    88:ed:3e:67:4b:ae:62:3e:4f:72:e3:fd:f5:7d:77:
                    a8:e2:10:b6:ac:fa:71:ed:82:8f:5b:46:43:bc:56:
                    7f:56:c7:a4:bf:28:31:94:18:7c:39:83:7e:89:0b:
                    ca:8d:3e:1d:11:4d:e6:a9:75:f4:9b:79:ba:27:d1:
                    c8:56:e7:9c:84:50:74:b7:47:0d:ab:e6:05:84:bd:
                    ba:4c:e7:97:ca:f4:25:a5:13:47:df:5b:e1:cc:c3:
                    3c:52:d6:05:e6:ca:07:56:08:40:40:18:59:44:52:
                    af:b5:79:2d:99:6c:64:c1:a2:b1:53:67:3f:20:f6:
                    bf:8a:85:59:75:05:c6:01:e1:85:02:bc:02:fb:99:
                    91:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A8:73:02:25:D4:73:C0:0D:27:8B:55:27:59:AF:5F:DB:3A:CA:AA
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Q6hzAiXUc8ANJ4tVJ1mvX9s6yqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.201.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:b0:3d:0f:5e:8b:fc:8b:70:f0:ad:31:be:48:27:36:04:e3:
         1d:ea:cb:e5:7a:56:0d:e8:c6:e9:06:cb:01:a2:0c:46:58:a5:
         40:ad:67:bd:ca:2d:8e:a3:7f:60:bd:a1:24:79:4f:7c:15:15:
         ef:b6:3b:fc:58:4b:d4:16:9d:7d:5d:0f:77:72:80:55:80:7d:
         55:78:a1:1f:d3:1d:f9:3c:22:ce:f1:45:29:62:05:15:46:57:
         37:52:04:83:8b:df:6c:95:b2:bd:36:8e:a0:e8:67:12:76:42:
         68:e3:65:28:2e:d1:8d:78:45:2c:bd:4c:7c:dc:e2:13:68:8b:
         5b:5b:2c:f7:fd:66:cb:6c:be:fd:b0:db:82:a8:3b:6c:ea:05:
         1e:c7:0c:36:ea:a4:09:69:a9:5f:f2:29:a8:c4:56:9c:e6:f8:
         5e:68:80:1d:f0:dd:01:b5:9d:f9:67:f1:6d:74:91:22:67:79:
         07:dd:d5:3f:f1:c4:5f:77:c5:fa:8d:79:5f:bf:e5:e5:39:be:
         1a:13:6a:e1:d4:79:1d:bb:29:75:63:d7:85:ca:66:9a:ae:73:
         09:8f:29:fd:65:44:9a:f1:77:0b:ab:15:99:bc:be:d4:29:5f:
         25:42:6f:90:f1:ae:9c:8a:ea:d6:3a:ed:98:96:06:19:10:fc:
         8a:b4:64:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeHIWmrZgWuwLZxpMNudLzOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNjE5MDc0MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2E4NzMwMjI1ZDQ3M2MwMGQyNzhiNTUyNzU5YWY1ZmRiM2FjYWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RUteQWmJwn5xKb1C9FP3hTCCsN/
DdeFmWS8DfMoPjI52qVttKJPF7G+cRw3OZ2Dm4vQJSgbJen6qOm4waN/uS8nlIqn
CQPkZemZ8Dtbj59Ui5dgKEdLJV8D5+IsUhNZg0BSkJQY/DG/VA9z3YNItPR/JTHO
QWCI7T5nS65iPk9y4/31fXeo4hC2rPpx7YKPW0ZDvFZ/VsekvygxlBh8OYN+iQvK
jT4dEU3mqXX0m3m6J9HIVuechFB0t0cNq+YFhL26TOeXyvQlpRNH31vhzMM8UtYF
5soHVghAQBhZRFKvtXktmWxkwaKxU2c/IPa/ioVZdQXGAeGFArwC+5mRVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOocwIl1HPADSeLVSdZr1/bOsqqMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvUTZoekFpWFVjOEFOSjR0VkoxbXZYOXM2eXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1cnWMA0G
CSqGSIb3DQEBCwUAA4IBAQBPsD0PXov8i3DwrTG+SCc2BOMd6svlelYN6MbpBssB
ogxGWKVArWe9yi2Oo39gvaEkeU98FRXvtjv8WEvUFp19XQ93coBVgH1VeKEf0x35
PCLO8UUpYgUVRlc3UgSDi99slbK9No6g6GcSdkJo42UoLtGNeEUsvUx83OITaItb
Wyz3/WbLbL79sNuCqDts6gUexww26qQJaalf8imoxFac5vheaIAd8N0BtZ35Z/Ft
dJEiZ3kH3dU/8cRfd8X6jXlfv+XlOb4aE2rh1Hkduyl1Y9eFymaarnMJjyn9ZUSa
8XcLqxWZvL7UKV8lQm+Q8a6ciurWOu2YlgYZEPyKtGS8
-----END CERTIFICATE-----