Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/6ewytKjvJqK_qTWVJGDKC-WDb_0.roa
File:                     6ewytKjvJqK_qTWVJGDKC-WDb_0.roa (raw, json)
Hash identifier:          xDVhpF80TzYnxk+7n32yuzr5Adtxo52Of2zEj50w2u8=
Subject key identifier:   E9:EC:32:B4:A8:EF:26:A2:BF:A9:35:95:24:60:CA:0B:E5:83:6F:FD
Certificate issuer:       /CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
Certificate serial:       0197B121F8C5044D61C02070663D5B051D34
Authority key identifier: E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/6ewytKjvJqK_qTWVJGDKC-WDb_0.roa
Signing time:             Fri 27 Jun 2025 11:24:42 +0000
ROA not before:           Fri 27 Jun 2025 11:24:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1811
IP address blocks:        185.69.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b1:21:f8:c5:04:4d:61:c0:20:70:66:3d:5b:05:1d:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
        Validity
            Not Before: Jun 27 11:24:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9ec32b4a8ef26a2bfa935952460ca0be5836ffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a4:62:59:ea:7b:df:f1:b3:04:ab:0a:dc:cf:
                    95:c6:9a:0e:b5:91:40:f0:88:40:da:73:89:d0:44:
                    bd:cc:8e:56:e7:d0:d8:fe:4f:db:95:30:75:71:ac:
                    8f:58:03:01:f7:df:93:9a:19:c2:9e:b3:68:30:00:
                    43:66:94:49:65:c2:81:b8:94:fd:7a:29:77:99:30:
                    f5:5a:74:e9:37:70:29:6e:ba:83:ff:d6:0b:db:75:
                    cc:6a:ed:33:ed:0b:90:dd:6c:74:ec:f3:e1:cc:54:
                    b1:13:f4:b3:e2:95:6f:2a:c7:7c:98:ea:62:28:f6:
                    9d:1e:12:86:c2:a7:20:bb:1e:40:a2:34:c8:67:0b:
                    24:98:2b:ec:50:da:b7:5b:7e:89:ac:91:b6:fd:92:
                    10:7e:be:cd:0f:8c:f8:e7:8a:2f:0e:76:fd:53:26:
                    18:45:68:26:7f:e0:8e:29:f4:dd:37:65:3c:a9:f3:
                    b9:93:33:dd:9d:9c:77:4d:e8:db:73:f3:27:39:d1:
                    b3:dc:9f:56:a7:17:a0:59:c2:24:e1:ff:f6:e6:6e:
                    9d:1c:8d:e5:a5:b2:95:ac:1e:32:81:fa:76:07:2f:
                    02:a7:06:06:70:70:73:63:d2:b0:33:f6:cb:57:6b:
                    8f:5e:a2:39:f1:55:aa:f8:af:01:6e:46:aa:af:ef:
                    d2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:EC:32:B4:A8:EF:26:A2:BF:A9:35:95:24:60:CA:0B:E5:83:6F:FD
            X509v3 Authority Key Identifier:
                keyid:E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/6ewytKjvJqK_qTWVJGDKC-WDb_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:b5:ce:c6:d0:41:b8:86:e3:d2:f5:f3:c0:c3:20:7a:e6:67:
         9b:3e:07:94:3a:7f:4a:0f:82:4b:bc:47:2f:5f:5c:08:18:f5:
         1f:61:54:eb:21:fb:fe:6a:f9:a4:bb:f9:92:8b:24:32:a8:e0:
         c7:fd:e4:4f:71:60:90:e5:e2:db:fb:3f:00:55:92:d1:22:de:
         7c:51:ae:bc:6b:62:d9:66:af:da:f8:95:91:e6:1f:56:7d:a1:
         2e:24:61:da:21:1f:ca:c2:9d:b5:e0:5c:bb:c0:01:e0:e9:ad:
         b1:8f:7d:02:b8:41:bf:2f:e1:fd:a2:28:e6:55:34:63:b4:8a:
         87:6e:45:a3:75:2c:df:9f:28:8f:ab:9b:0b:9d:48:30:f7:ce:
         d5:bb:25:d1:53:52:87:a4:bc:f7:b4:2d:6f:de:4a:de:13:2b:
         c7:48:83:e7:de:83:1d:bd:38:14:b6:e5:ed:62:16:aa:bf:21:
         14:09:18:7c:8d:4d:ea:c8:f0:e3:41:52:29:04:6f:8e:f7:24:
         c9:ca:27:b0:51:ce:9a:4c:e4:f6:9f:ed:43:66:f2:e1:b7:06:
         74:79:6d:99:a5:ef:c2:1e:9b:a4:46:aa:aa:8f:17:dd:bf:b5:
         97:d1:1a:16:9a:59:d8:1c:16:d0:6f:f1:f1:29:4b:f3:1b:b4:
         f8:12:d7:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZexIfjFBE1hwCBwZj1bBR00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWJkN2RkMWY4YWM4YjQxOTJiYTc4YTU5MjM0OGI1ZGQw
YTFhNjYwHhcNMjUwNjI3MTEyNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWVjMzJiNGE4ZWYyNmEyYmZhOTM1OTUyNDYwY2EwYmU1ODM2ZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6RiWep73/GzBKsK3M+VxpoOtZFA
8IhA2nOJ0ES9zI5W59DY/k/blTB1cayPWAMB99+TmhnCnrNoMABDZpRJZcKBuJT9
eil3mTD1WnTpN3ApbrqD/9YL23XMau0z7QuQ3Wx07PPhzFSxE/Sz4pVvKsd8mOpi
KPadHhKGwqcgux5AojTIZwskmCvsUNq3W36JrJG2/ZIQfr7ND4z454ovDnb9UyYY
RWgmf+COKfTdN2U8qfO5kzPdnZx3Tejbc/MnOdGz3J9WpxegWcIk4f/25m6dHI3l
pbKVrB4ygfp2By8CpwYGcHBzY9KwM/bLV2uPXqI58VWq+K8Bbkaqr+/StQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnsMrSo7yaiv6k1lSRgygvlg2/9MB8GA1UdIwQY
MBaAFOYb190fisi0GSunilkjSLXdChpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2Njct
ZGU5YjJmOGY3ZTI5LzEvNmV3eXRLanZKcUtfcVRXVkpHREtDLVdEYl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2NjctZGU5YjJmOGY3ZTI5
LzEvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUV4MA0G
CSqGSIb3DQEBCwUAA4IBAQBbtc7G0EG4huPS9fPAwyB65mebPgeUOn9KD4JLvEcv
X1wIGPUfYVTrIfv+avmku/mSiyQyqODH/eRPcWCQ5eLb+z8AVZLRIt58Ua68a2LZ
Zq/a+JWR5h9WfaEuJGHaIR/Kwp214Fy7wAHg6a2xj30CuEG/L+H9oijmVTRjtIqH
bkWjdSzfnyiPq5sLnUgw987VuyXRU1KHpLz3tC1v3kreEyvHSIPn3oMdvTgUtuXt
YhaqvyEUCRh8jU3qyPDjQVIpBG+O9yTJyiewUc6aTOT2n+1DZvLhtwZ0eW2Zpe/C
HpukRqqqjxfdv7WX0RoWmlnYHBbQb/HxKUvzG7T4EteM
-----END CERTIFICATE-----