Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/6sCOzHkQ-muwDrkw5pOHoUfXNBk.roa
File:                     6sCOzHkQ-muwDrkw5pOHoUfXNBk.roa (raw, json)
Hash identifier:          7FwYeaXkfgVbCXFiUge2n1VEhJxyS2ClQiqjC+nu4kY=
Subject key identifier:   EA:C0:8E:CC:79:10:FA:6B:B0:0E:B9:30:E6:93:87:A1:47:D7:34:19
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019962E1F86F6990E209025576F511F00A37
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/6sCOzHkQ-muwDrkw5pOHoUfXNBk.roa
Signing time:             Fri 19 Sep 2025 16:50:00 +0000
ROA not before:           Fri 19 Sep 2025 16:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     141968
IP address blocks:        109.111.52.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:62:e1:f8:6f:69:90:e2:09:02:55:76:f5:11:f0:0a:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Sep 19 16:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eac08ecc7910fa6bb00eb930e69387a147d73419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:dc:21:40:80:7d:5d:dd:a5:ee:e6:cb:33:ae:
                    5a:51:6e:95:f4:45:9e:17:59:51:c7:9e:7d:84:3f:
                    6a:c1:a9:ba:b2:68:50:fc:94:f3:78:6b:57:72:d3:
                    62:83:c6:d0:4a:03:ca:75:0b:82:dd:f7:ba:71:e2:
                    15:0c:0a:18:ee:01:9b:6c:95:f8:a2:8e:0b:11:c0:
                    85:d4:a3:9a:4a:89:f6:67:ed:bc:e9:bc:0f:f5:41:
                    12:93:d5:93:8a:d9:61:a0:bc:47:5b:37:fe:8b:74:
                    c5:a2:82:43:39:e5:96:e8:21:70:86:fe:5b:f7:ec:
                    8f:3b:07:8a:ab:c8:1e:f6:3c:a1:bb:df:b0:6b:e0:
                    b6:ef:d5:20:49:f5:38:3f:98:df:9d:29:f9:95:4a:
                    3a:0e:2d:70:01:d9:71:34:4f:d4:44:36:12:79:00:
                    bb:c0:2e:42:41:c1:1c:52:0f:31:a2:cb:81:19:48:
                    be:91:f0:97:60:99:f3:99:56:f7:ce:22:73:eb:7e:
                    29:1e:42:09:95:70:ee:b9:c1:4f:4f:75:75:74:19:
                    e0:10:87:fb:44:0e:10:8b:d3:09:56:47:ae:bf:39:
                    f6:8b:d4:f5:b0:30:12:10:9a:8d:ea:a8:ff:c2:df:
                    73:73:7c:1f:e9:ef:04:b9:c8:96:2f:8f:8a:8e:c6:
                    92:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C0:8E:CC:79:10:FA:6B:B0:0E:B9:30:E6:93:87:A1:47:D7:34:19
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/6sCOzHkQ-muwDrkw5pOHoUfXNBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:90:ec:75:82:f7:ac:72:e9:ed:fe:7a:6c:8e:ca:d6:d3:d6:
         32:d4:b5:a9:e3:20:9d:02:32:8c:59:2a:20:66:56:1a:0d:b1:
         8e:76:85:35:09:33:e2:b2:51:c2:fb:9c:b2:99:7d:63:ab:a4:
         5b:73:45:2e:9b:2d:0a:7f:fc:c8:81:d3:f0:e5:1d:fa:bb:32:
         c8:cc:7e:b3:16:55:45:82:f8:91:48:dd:40:31:8a:62:de:f2:
         04:41:b2:6d:64:51:ee:93:a2:24:1e:e7:fc:41:00:2a:4a:a5:
         fb:de:60:36:97:8b:b0:91:09:2e:5a:25:fa:7b:66:1a:6b:b6:
         ac:be:9d:93:66:84:c3:be:90:b5:a4:39:9e:99:b3:c0:82:39:
         08:08:52:a7:fd:31:6b:25:5d:ef:5b:62:17:2b:4e:13:3f:ef:
         3d:e7:43:f7:0c:dc:94:07:6d:40:66:99:84:31:68:1e:6e:c9:
         d5:23:d5:10:3c:97:c5:06:08:93:4a:ce:f2:11:c7:ac:5a:0a:
         db:03:85:e7:71:a1:c3:7c:f6:15:77:ab:2b:14:c2:e6:49:52:
         b9:11:f0:fd:56:2a:21:fa:23:9c:ee:d3:fe:76:df:ad:8f:83:
         c8:01:ac:29:dd:70:81:fc:ed:a6:fa:4f:ee:94:90:96:9f:43:
         42:c3:3d:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZli4fhvaZDiCQJVdvUR8Ao3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwOTE5MTY1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWMwOGVjYzc5MTBmYTZiYjAwZWI5MzBlNjkzODdhMTQ3ZDczNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49whQIB9Xd2l7ubLM65aUW6V9EWe
F1lRx559hD9qwam6smhQ/JTzeGtXctNig8bQSgPKdQuC3fe6ceIVDAoY7gGbbJX4
oo4LEcCF1KOaSon2Z+286bwP9UESk9WTitlhoLxHWzf+i3TFooJDOeWW6CFwhv5b
9+yPOweKq8ge9jyhu9+wa+C279UgSfU4P5jfnSn5lUo6Di1wAdlxNE/URDYSeQC7
wC5CQcEcUg8xosuBGUi+kfCXYJnzmVb3ziJz634pHkIJlXDuucFPT3V1dBngEIf7
RA4Qi9MJVkeuvzn2i9T1sDASEJqN6qj/wt9zc3wf6e8EuciWL4+KjsaS/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrAjsx5EPprsA65MOaTh6FH1zQZMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvNnNDT3pIa1EtbXV3RHJrdzVwT0hvVWZYTkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbW80MA0G
CSqGSIb3DQEBCwUAA4IBAQClkOx1gvescunt/npsjsrW09Yy1LWp4yCdAjKMWSog
ZlYaDbGOdoU1CTPislHC+5yymX1jq6Rbc0Uumy0Kf/zIgdPw5R36uzLIzH6zFlVF
gviRSN1AMYpi3vIEQbJtZFHuk6IkHuf8QQAqSqX73mA2l4uwkQkuWiX6e2Yaa7as
vp2TZoTDvpC1pDmembPAgjkICFKn/TFrJV3vW2IXK04TP+8950P3DNyUB21AZpmE
MWgebsnVI9UQPJfFBgiTSs7yEcesWgrbA4XncaHDfPYVd6srFMLmSVK5EfD9Vioh
+iOc7tP+dt+tj4PIAawp3XCB/O2m+k/ulJCWn0NCwz0q
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:41 2025 by rpki-client