Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/fo6AzO5DMZbEdyeTgxz228bW1-E.roa
File:                     fo6AzO5DMZbEdyeTgxz228bW1-E.roa (raw, json)
Hash identifier:          al64jxtISPerL/dv+x+BvAqZkIG0XvlrHsMW1HD1s0w=
Subject key identifier:   7E:8E:80:CC:EE:43:31:96:C4:77:27:93:83:1C:F6:DB:C6:D6:D7:E1
Certificate issuer:       /CN=f3461651e5be24509772975ba98c70ec6ee3cd7b
Certificate serial:       019788D0A00BB4C180828322714C5D3AFAEF
Authority key identifier: F3:46:16:51:E5:BE:24:50:97:72:97:5B:A9:8C:70:EC:6E:E3:CD:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80YWUeW-JFCXcpdbqYxw7G7jzXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/fo6AzO5DMZbEdyeTgxz228bW1-E.roa
Signing time:             Thu 19 Jun 2025 15:31:03 +0000
ROA not before:           Thu 19 Jun 2025 15:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206002
IP address blocks:        185.140.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/80YWUeW-JFCXcpdbqYxw7G7jzXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/80YWUeW-JFCXcpdbqYxw7G7jzXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80YWUeW-JFCXcpdbqYxw7G7jzXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:d0:a0:0b:b4:c1:80:82:83:22:71:4c:5d:3a:fa:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3461651e5be24509772975ba98c70ec6ee3cd7b
        Validity
            Not Before: Jun 19 15:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e8e80ccee433196c4772793831cf6dbc6d6d7e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:06:9f:91:5e:0a:de:96:07:db:51:38:b2:a4:
                    d5:52:e6:28:c7:db:52:43:f2:10:35:8e:98:90:29:
                    84:c0:b3:ea:10:5b:17:d3:1b:3a:f8:1e:aa:95:7a:
                    8e:5e:04:2b:c0:b5:3f:91:f9:5c:7f:a5:81:d3:54:
                    7c:d7:15:26:db:6b:29:71:8c:0d:05:95:ed:a0:1c:
                    f9:70:51:19:af:f5:f6:4d:39:db:cd:d2:bf:e4:b4:
                    0f:da:8d:5a:da:bd:2b:4c:b8:9c:3d:58:a9:ee:0c:
                    43:d3:96:82:94:46:5d:78:12:b4:9d:c0:83:5e:27:
                    47:32:df:59:8e:97:13:f2:fc:25:f2:44:52:2a:95:
                    71:72:66:99:a0:f1:a4:69:5e:f8:ec:33:30:0a:b0:
                    2a:21:56:5e:ef:5f:7b:12:58:c9:9d:af:f8:62:21:
                    ac:dd:57:c0:6e:0b:91:fa:72:9e:3e:d4:a6:4b:d8:
                    58:dd:86:d7:5a:03:ec:a9:8b:8b:f7:c6:56:9e:7d:
                    78:76:5d:4e:d5:95:47:d0:af:4e:21:36:e6:ab:c4:
                    e7:4c:f7:15:4c:72:78:57:51:c3:1a:71:5a:9f:e5:
                    72:96:d9:a3:8c:09:8d:e5:9e:ed:a8:0f:c6:72:bb:
                    48:27:5b:fb:37:c4:8e:76:95:8f:02:ba:6b:74:64:
                    d1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:8E:80:CC:EE:43:31:96:C4:77:27:93:83:1C:F6:DB:C6:D6:D7:E1
            X509v3 Authority Key Identifier:
                keyid:F3:46:16:51:E5:BE:24:50:97:72:97:5B:A9:8C:70:EC:6E:E3:CD:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80YWUeW-JFCXcpdbqYxw7G7jzXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/fo6AzO5DMZbEdyeTgxz228bW1-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/80YWUeW-JFCXcpdbqYxw7G7jzXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:0a:c1:3b:a8:6f:b7:fa:a4:b9:09:a9:62:0b:84:c8:27:7e:
         be:4f:6f:89:b3:53:95:42:0e:a5:8c:8f:fe:7b:55:73:d4:f6:
         53:5a:d5:81:cd:b5:e3:25:6a:ae:7f:68:29:4d:30:fc:08:53:
         27:0f:d7:4f:f6:ef:f4:0c:34:bc:24:30:8a:71:a4:1b:a3:3e:
         fc:c6:75:2a:37:9b:e5:7f:54:6a:ad:10:26:a9:2e:6e:55:ce:
         37:d1:cc:44:7c:b9:0c:3c:1b:9b:60:28:0f:81:6b:5d:ad:82:
         4b:0e:89:99:bd:6a:f1:3c:7c:01:ab:af:16:a6:df:31:3c:61:
         ef:eb:50:7b:bd:91:09:7c:89:f5:64:bc:6a:86:e8:2c:3c:4d:
         ef:46:c9:fe:f9:ff:5b:c3:46:fc:97:5c:6a:15:e1:0b:71:bd:
         97:b5:8d:1d:a9:31:19:0a:c3:95:7f:57:09:d3:c0:6c:19:29:
         59:aa:9b:bc:2b:6e:20:2d:4a:bf:9f:7f:06:c0:4a:4d:f8:ea:
         82:9a:64:6f:e6:9a:a5:50:e0:ef:05:e7:25:61:12:70:e8:c4:
         e9:e0:9f:dd:fa:ed:87:b2:f4:95:64:3b:9a:c5:a1:8e:5d:f6:
         9a:95:3f:8b:a3:02:00:33:3c:20:43:b4:a6:65:c8:e3:9b:42:
         9a:5a:ca:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeI0KALtMGAgoMicUxdOvrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDYxNjUxZTViZTI0NTA5NzcyOTc1YmE5OGM3MGVjNmVl
M2NkN2IwHhcNMjUwNjE5MTUzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZThlODBjY2VlNDMzMTk2YzQ3NzI3OTM4MzFjZjZkYmM2ZDZkN2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAafkV4K3pYH21E4sqTVUuYox9tS
Q/IQNY6YkCmEwLPqEFsX0xs6+B6qlXqOXgQrwLU/kflcf6WB01R81xUm22spcYwN
BZXtoBz5cFEZr/X2TTnbzdK/5LQP2o1a2r0rTLicPVip7gxD05aClEZdeBK0ncCD
XidHMt9ZjpcT8vwl8kRSKpVxcmaZoPGkaV747DMwCrAqIVZe7197EljJna/4YiGs
3VfAbguR+nKePtSmS9hY3YbXWgPsqYuL98ZWnn14dl1O1ZVH0K9OITbmq8TnTPcV
THJ4V1HDGnFan+VyltmjjAmN5Z7tqA/GcrtIJ1v7N8SOdpWPArprdGTRVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6OgMzuQzGWxHcnk4Mc9tvG1tfhMB8GA1UdIwQY
MBaAFPNGFlHlviRQl3KXW6mMcOxu4817MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBZV1VlVy1KRkNYY3BkYnFZeHc3RzdqelhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9kZjIwNmItYmRiYi00ZmUwLTlmN2It
YzBhYzRlOWFmM2NiLzEvZm82QXpPNURNWmJFZHllVGd4ejIyOGJXMS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9kZjIwNmItYmRiYi00ZmUwLTlmN2ItYzBhYzRlOWFmM2Ni
LzEvODBZV1VlVy1KRkNYY3BkYnFZeHc3RzdqelhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYzdMA0G
CSqGSIb3DQEBCwUAA4IBAQA/CsE7qG+3+qS5CaliC4TIJ36+T2+Js1OVQg6ljI/+
e1Vz1PZTWtWBzbXjJWquf2gpTTD8CFMnD9dP9u/0DDS8JDCKcaQboz78xnUqN5vl
f1RqrRAmqS5uVc430cxEfLkMPBubYCgPgWtdrYJLDomZvWrxPHwBq68Wpt8xPGHv
61B7vZEJfIn1ZLxqhugsPE3vRsn++f9bw0b8l1xqFeELcb2XtY0dqTEZCsOVf1cJ
08BsGSlZqpu8K24gLUq/n38GwEpN+OqCmmRv5pqlUODvBeclYRJw6MTp4J/d+u2H
svSVZDuaxaGOXfaalT+LowIAMzwgQ7SmZcjjm0KaWsoz
-----END CERTIFICATE-----