Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/9B7naTDbTfBC3f0Su46QWyrhOAU.roa
File:                     9B7naTDbTfBC3f0Su46QWyrhOAU.roa (raw, json)
Hash identifier:          EuLTR97eLUOnyJBm+T95P0s0ZZVOErLTXd4saTTHgqg=
Subject key identifier:   F4:1E:E7:69:30:DB:4D:F0:42:DD:FD:12:BB:8E:90:5B:2A:E1:38:05
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019882DFC5CA2854DF4B434BAE808ED77FF5
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/9B7naTDbTfBC3f0Su46QWyrhOAU.roa
Signing time:             Thu 07 Aug 2025 04:52:39 +0000
ROA not before:           Thu 07 Aug 2025 04:52:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        185.219.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:82:df:c5:ca:28:54:df:4b:43:4b:ae:80:8e:d7:7f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Aug  7 04:52:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f41ee76930db4df042ddfd12bb8e905b2ae13805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e4:1f:f6:77:1e:2c:97:fe:3f:96:3a:7e:2a:
                    7f:bd:1c:ee:4f:26:98:cd:85:40:df:87:f0:47:cc:
                    61:98:6e:fa:be:3d:0e:2f:e1:23:46:5d:a9:84:0e:
                    3f:d1:5b:cc:5a:34:b4:87:c2:54:5d:90:b4:de:21:
                    b9:70:17:45:30:f2:b2:69:1c:8f:5c:fd:ac:a3:7c:
                    14:bb:f3:f6:21:f9:66:c1:58:65:d1:b9:3a:5f:02:
                    2c:95:e4:0c:d2:8a:dc:b8:bb:32:c2:e3:a2:eb:6a:
                    7c:f0:fc:31:f7:14:83:46:92:3d:ff:3f:26:54:8c:
                    a1:90:65:ab:35:22:4c:06:c1:88:b6:b5:1c:cb:97:
                    32:34:37:e1:ec:61:dc:79:fc:18:89:0c:ef:f3:50:
                    b3:70:92:dc:cd:0c:4d:73:99:a8:86:af:78:0f:88:
                    d1:53:57:99:65:1f:7f:6f:ae:b6:fb:d2:be:8a:af:
                    a4:8a:fc:61:44:4e:0a:54:61:2b:7c:09:3c:dc:a9:
                    2d:94:76:98:63:07:c8:ac:e7:cf:64:7c:cc:59:c3:
                    63:a9:95:56:03:f4:c6:e0:61:1a:0b:4d:0e:28:62:
                    a0:04:90:64:64:19:7f:a0:b5:84:fe:b7:98:84:3e:
                    96:97:7f:3c:2d:a1:d0:cb:f3:bf:cc:07:04:30:c0:
                    42:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1E:E7:69:30:DB:4D:F0:42:DD:FD:12:BB:8E:90:5B:2A:E1:38:05
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/9B7naTDbTfBC3f0Su46QWyrhOAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:8c:37:ab:7b:17:86:0a:0d:3e:90:ef:b8:c3:33:06:c8:48:
         98:1f:57:f1:52:c4:87:f6:ba:f7:48:d2:60:91:a0:6c:66:05:
         e5:57:ed:e9:41:3b:1d:20:db:c3:e2:b7:61:01:bb:f1:b1:0e:
         73:fc:70:18:b5:c6:70:d9:db:58:aa:10:9f:ed:d5:32:36:19:
         da:05:c4:ba:e2:14:22:ec:7d:81:05:ae:50:c1:a9:ad:de:49:
         25:b5:01:30:6e:9a:29:26:b8:df:d7:77:6b:a8:29:57:a5:42:
         78:b9:47:45:39:e8:5d:7a:9d:48:61:32:4d:2b:25:86:bd:7f:
         f7:7d:e4:42:98:e7:14:0b:80:a2:34:52:68:c3:29:e5:62:d1:
         29:f5:6d:70:26:61:2a:f1:e2:d4:0a:95:77:34:3b:66:f7:49:
         66:30:0e:e8:c0:31:fb:64:7b:38:26:2b:d1:f0:76:36:f7:9c:
         22:c5:a8:21:04:88:40:ac:c5:5f:55:cc:74:4c:bc:64:ed:0f:
         64:dc:b8:68:9c:90:cb:90:09:9c:44:0b:74:c5:e7:16:71:8f:
         0f:66:28:01:ce:9b:8c:21:a2:4f:95:20:b5:a7:d2:53:80:6c:
         2d:d6:60:67:fc:4a:4a:a1:87:3e:ab:5b:4c:13:88:0e:05:46:
         17:5b:45:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiC38XKKFTfS0NLroCO13/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUwODA3MDQ1MjM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDFlZTc2OTMwZGI0ZGYwNDJkZGZkMTJiYjhlOTA1YjJhZTEzODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOQf9nceLJf+P5Y6fip/vRzuTyaY
zYVA34fwR8xhmG76vj0OL+EjRl2phA4/0VvMWjS0h8JUXZC03iG5cBdFMPKyaRyP
XP2so3wUu/P2IflmwVhl0bk6XwIsleQM0orcuLsywuOi62p88Pwx9xSDRpI9/z8m
VIyhkGWrNSJMBsGItrUcy5cyNDfh7GHcefwYiQzv81CzcJLczQxNc5mohq94D4jR
U1eZZR9/b662+9K+iq+kivxhRE4KVGErfAk83KktlHaYYwfIrOfPZHzMWcNjqZVW
A/TG4GEaC00OKGKgBJBkZBl/oLWE/reYhD6Wl388LaHQy/O/zAcEMMBCEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQe52kw203wQt39EruOkFsq4TgFMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvOUI3bmFURGJUZkJDM2YwU3U0NlFXeXJoT0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudu9MA0G
CSqGSIb3DQEBCwUAA4IBAQAGjDerexeGCg0+kO+4wzMGyEiYH1fxUsSH9rr3SNJg
kaBsZgXlV+3pQTsdINvD4rdhAbvxsQ5z/HAYtcZw2dtYqhCf7dUyNhnaBcS64hQi
7H2BBa5Qwamt3kkltQEwbpopJrjf13drqClXpUJ4uUdFOehdep1IYTJNKyWGvX/3
feRCmOcUC4CiNFJowynlYtEp9W1wJmEq8eLUCpV3NDtm90lmMA7owDH7ZHs4JivR
8HY295wixaghBIhArMVfVcx0TLxk7Q9k3LhonJDLkAmcRAt0xecWcY8PZigBzpuM
IaJPlSC1p9JTgGwt1mBn/EpKoYc+q1tME4gOBUYXW0Wd
-----END CERTIFICATE-----