Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ckVi0uobZtZ0S-bqPrW820TtDtg.roa
File:                     ckVi0uobZtZ0S-bqPrW820TtDtg.roa (raw, json)
Hash identifier:          WC9umKgbc5ERrFYMdX/ockBJPS4VY7AAVQCocZ04F/s=
Subject key identifier:   72:45:62:D2:EA:1B:66:D6:74:4B:E6:EA:3E:B5:BC:DB:44:ED:0E:D8
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0197A145CD665085F486EB4A47BFAA07B44F
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ckVi0uobZtZ0S-bqPrW820TtDtg.roa
Signing time:             Tue 24 Jun 2025 09:29:55 +0000
ROA not before:           Tue 24 Jun 2025 09:29:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134286
IP address blocks:        104.249.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:45:cd:66:50:85:f4:86:eb:4a:47:bf:aa:07:b4:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jun 24 09:29:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=724562d2ea1b66d6744be6ea3eb5bcdb44ed0ed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c6:5d:68:c5:c2:04:94:3c:81:07:49:ea:ba:
                    3e:d6:62:0a:1d:8d:f5:b7:c7:13:46:16:2f:ab:4e:
                    24:2c:dd:36:e7:70:5c:10:5e:65:98:26:aa:48:2c:
                    ed:c9:86:05:62:41:64:ec:0f:6b:45:30:4c:01:43:
                    3c:55:53:54:01:36:ec:fd:4f:85:09:10:6c:e0:11:
                    d1:0c:34:bb:08:39:4a:4f:71:ee:96:65:1b:ab:f9:
                    57:8b:1d:0e:c9:44:aa:e1:3a:75:04:ad:20:8b:92:
                    26:ae:aa:cc:40:1f:4d:d4:52:e8:41:d2:eb:96:f1:
                    af:24:b6:d4:8e:79:68:b1:ce:20:cf:cd:be:9f:3f:
                    7e:e1:da:b8:d5:88:73:40:2b:92:1c:55:51:2c:2b:
                    5c:b0:c4:e1:b8:06:19:49:b4:59:9e:39:be:41:0c:
                    b8:26:04:be:20:af:12:c4:19:93:4e:64:ad:22:ee:
                    57:19:db:f4:9c:8d:98:e0:3f:96:f7:76:d2:a0:af:
                    1c:10:5c:43:a0:9a:7c:45:e7:73:b0:2b:8d:42:95:
                    2c:08:c1:ca:5a:a2:09:df:3b:e5:5f:8b:ce:6d:1a:
                    8c:ca:a0:2f:28:d2:a2:d3:7e:28:8c:e9:b7:5a:fd:
                    9f:5f:13:d8:e0:09:39:80:ec:ad:37:fb:56:ba:80:
                    32:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:45:62:D2:EA:1B:66:D6:74:4B:E6:EA:3E:B5:BC:DB:44:ED:0E:D8
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ckVi0uobZtZ0S-bqPrW820TtDtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.249.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:c9:e4:17:0d:6a:2b:1b:54:be:ab:d1:a4:4c:7d:86:e5:b2:
         15:3d:2c:95:8e:fe:2e:0c:bd:06:c8:ad:fd:6d:d3:e0:c6:e1:
         5a:1e:76:32:78:9f:96:63:19:ad:4e:2f:b5:2b:fd:f8:ea:ea:
         01:78:c7:ce:90:37:87:59:5a:e6:12:0d:13:02:8f:79:40:5e:
         72:5a:33:c0:2c:04:82:8a:63:52:05:e6:22:04:f2:b6:f9:ca:
         0c:5c:95:d6:71:5f:bd:54:af:1f:8f:19:9f:f8:0e:43:68:d5:
         c2:72:c9:6b:8c:ef:8e:e9:ad:7c:05:5e:aa:32:16:a5:88:88:
         c8:68:60:6a:41:94:96:a5:4f:42:8d:84:eb:07:32:f4:c3:41:
         cf:e1:a8:46:b2:0b:62:ca:98:af:72:bc:71:82:34:68:cd:a0:
         76:5f:64:aa:94:99:7c:c0:0e:18:d4:4e:c5:81:1d:05:69:95:
         1a:27:89:cc:32:96:e8:fe:4f:05:db:0b:55:48:74:15:16:df:
         86:1d:b4:5e:25:f3:f5:bd:b5:a3:a0:dc:0e:81:61:a2:56:ef:
         9b:63:db:6d:70:d5:cc:cc:9f:7a:64:c0:ec:3b:d6:5f:82:6f:
         93:cf:ad:c9:70:fa:39:93:b1:2e:ad:07:26:63:ff:bb:70:ee:
         58:bb:74:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZehRc1mUIX0hutKR7+qB7RPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwNjI0MDkyOTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjQ1NjJkMmVhMWI2NmQ2NzQ0YmU2ZWEzZWI1YmNkYjQ0ZWQwZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcZdaMXCBJQ8gQdJ6ro+1mIKHY31
t8cTRhYvq04kLN0253BcEF5lmCaqSCztyYYFYkFk7A9rRTBMAUM8VVNUATbs/U+F
CRBs4BHRDDS7CDlKT3HulmUbq/lXix0OyUSq4Tp1BK0gi5ImrqrMQB9N1FLoQdLr
lvGvJLbUjnlosc4gz82+nz9+4dq41YhzQCuSHFVRLCtcsMThuAYZSbRZnjm+QQy4
JgS+IK8SxBmTTmStIu5XGdv0nI2Y4D+W93bSoK8cEFxDoJp8RedzsCuNQpUsCMHK
WqIJ3zvlX4vObRqMyqAvKNKi034ojOm3Wv2fXxPY4Ak5gOytN/tWuoAyEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJFYtLqG2bWdEvm6j61vNtE7Q7YMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvY2tWaTB1b2JadFowUy1icVByVzgyMFR0RHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaPkQMA0G
CSqGSIb3DQEBCwUAA4IBAQBIyeQXDWorG1S+q9GkTH2G5bIVPSyVjv4uDL0GyK39
bdPgxuFaHnYyeJ+WYxmtTi+1K/346uoBeMfOkDeHWVrmEg0TAo95QF5yWjPALASC
imNSBeYiBPK2+coMXJXWcV+9VK8fjxmf+A5DaNXCcslrjO+O6a18BV6qMhaliIjI
aGBqQZSWpU9CjYTrBzL0w0HP4ahGsgtiypivcrxxgjRozaB2X2SqlJl8wA4Y1E7F
gR0FaZUaJ4nMMpbo/k8F2wtVSHQVFt+GHbReJfP1vbWjoNwOgWGiVu+bY9ttcNXM
zJ96ZMDsO9Zfgm+Tz63JcPo5k7EurQcmY/+7cO5Yu3So
-----END CERTIFICATE-----