Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/ayjaap4ka_lQWrGxWLl32b5Fi3A.roa
File:                     ayjaap4ka_lQWrGxWLl32b5Fi3A.roa (raw, json)
Hash identifier:          i4p4u+LsRwVKKJIqZTRL9Zq1bS8WjRYzlYA9QdMm8K8=
Subject key identifier:   6B:28:DA:6A:9E:24:6B:F9:50:5A:B1:B1:58:B9:77:D9:BE:45:8B:70
Certificate issuer:       /CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
Certificate serial:       0197B1210E861941E30A054963A5A7A35812
Authority key identifier: E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/ayjaap4ka_lQWrGxWLl32b5Fi3A.roa
Signing time:             Fri 27 Jun 2025 11:23:43 +0000
ROA not before:           Fri 27 Jun 2025 11:23:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56443
IP address blocks:        185.127.176.0/22 maxlen: 22
                          185.199.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b1:21:0e:86:19:41:e3:0a:05:49:63:a5:a7:a3:58:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
        Validity
            Not Before: Jun 27 11:23:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b28da6a9e246bf9505ab1b158b977d9be458b70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d5:0b:86:ee:3c:01:67:75:c4:d4:55:b6:09:
                    a7:ae:27:28:fc:db:73:0e:45:c3:93:fe:9e:2c:7a:
                    a1:d5:02:6b:25:a0:54:63:4a:9f:29:89:60:e3:4d:
                    14:3a:cb:5b:be:b4:de:4c:23:61:72:32:f2:5f:8e:
                    37:13:28:40:bc:76:f8:9e:56:a3:84:eb:ca:ce:b0:
                    85:c5:01:65:a7:6a:86:2f:7d:d6:01:ef:d4:dc:29:
                    f1:fb:93:47:95:04:8b:b4:08:ea:8e:f7:92:89:5e:
                    af:39:8b:01:ca:1e:ae:df:08:73:73:32:c1:bd:77:
                    20:1a:8c:1d:d8:a6:47:8a:f9:70:82:7b:3b:40:9a:
                    df:bf:ad:5c:ca:8e:c4:31:51:d6:f7:fe:9b:f8:c9:
                    c1:49:6c:fc:0f:a0:19:89:c8:35:66:3a:0a:96:a5:
                    5f:e1:5a:b8:75:91:5e:3c:d3:0a:9b:85:74:de:28:
                    e4:6d:2c:2a:b3:fb:80:8c:04:b7:ed:55:c9:f4:1a:
                    f7:eb:60:36:73:c1:fd:6e:45:91:bb:11:b0:40:bc:
                    33:7c:f7:5c:d1:f8:ee:fe:3b:94:a1:23:bf:fe:f9:
                    1f:b2:67:e5:47:e5:56:f6:f5:f9:c8:63:ad:42:db:
                    09:d0:20:61:8d:a1:17:e6:03:f6:f9:c7:91:f4:4c:
                    11:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:28:DA:6A:9E:24:6B:F9:50:5A:B1:B1:58:B9:77:D9:BE:45:8B:70
            X509v3 Authority Key Identifier:
                keyid:E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/ayjaap4ka_lQWrGxWLl32b5Fi3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.176.0/22
                  185.199.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c5:b4:14:94:51:05:75:83:33:c5:92:20:3a:df:3f:61:27:6b:
         9f:e4:07:0e:82:c3:df:12:7a:ff:fa:63:6f:1e:c2:2c:75:0a:
         66:c2:4d:91:eb:0a:53:5f:a9:20:f8:21:9f:2b:cd:d2:04:1f:
         a2:ff:3c:d3:b1:3b:91:52:cf:ec:d4:3b:6f:30:c6:70:f3:ca:
         7b:3a:6c:fc:40:c9:08:0b:22:ea:eb:e3:bb:d2:02:98:30:97:
         91:fd:b9:13:6a:60:cd:78:0c:b2:d7:47:5d:24:40:e4:15:29:
         6a:b9:f3:ba:01:b5:d4:f2:da:4f:0f:04:f8:f5:6c:d9:b6:dc:
         27:ca:e9:80:79:b3:bf:b8:08:aa:6b:fb:99:a0:18:a7:1a:c2:
         b4:71:bb:09:f0:96:bf:32:e1:ad:6e:d5:5f:09:7e:7d:2c:68:
         a4:16:7a:cb:97:1c:e4:12:e6:bb:1f:72:12:20:03:c7:ee:4c:
         dc:b8:0a:df:c7:1f:14:d6:cd:f9:3f:3a:27:ec:7f:64:16:8a:
         55:80:f9:a6:36:c3:b8:c1:88:4a:0f:6a:e4:ee:8a:b6:c5:1e:
         5d:d9:92:35:ff:b6:b8:83:7e:40:ec:5f:e0:04:4e:cc:6a:b4:
         ed:7a:3c:5f:53:9b:3d:f0:19:c1:3b:1a:be:a7:ae:d0:3a:e5:
         36:66:4d:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZexIQ6GGUHjCgVJY6Wno1gSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWJkN2RkMWY4YWM4YjQxOTJiYTc4YTU5MjM0OGI1ZGQw
YTFhNjYwHhcNMjUwNjI3MTEyMzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjI4ZGE2YTllMjQ2YmY5NTA1YWIxYjE1OGI5NzdkOWJlNDU4YjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNULhu48AWd1xNRVtgmnrico/Ntz
DkXDk/6eLHqh1QJrJaBUY0qfKYlg400UOstbvrTeTCNhcjLyX443EyhAvHb4nlaj
hOvKzrCFxQFlp2qGL33WAe/U3Cnx+5NHlQSLtAjqjveSiV6vOYsByh6u3whzczLB
vXcgGowd2KZHivlwgns7QJrfv61cyo7EMVHW9/6b+MnBSWz8D6AZicg1ZjoKlqVf
4Vq4dZFePNMKm4V03ijkbSwqs/uAjAS37VXJ9Br362A2c8H9bkWRuxGwQLwzfPdc
0fju/juUoSO//vkfsmflR+VW9vX5yGOtQtsJ0CBhjaEX5gP2+ceR9EwR6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGso2mqeJGv5UFqxsVi5d9m+RYtwMB8GA1UdIwQY
MBaAFOYb190fisi0GSunilkjSLXdChpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2Njct
ZGU5YjJmOGY3ZTI5LzEvYXlqYWFwNGthX2xRV3JHeFdMbDMyYjVGaTNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2NjctZGU5YjJmOGY3ZTI5
LzEvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuX+wAwQC
ucfEMA0GCSqGSIb3DQEBCwUAA4IBAQDFtBSUUQV1gzPFkiA63z9hJ2uf5AcOgsPf
Enr/+mNvHsIsdQpmwk2R6wpTX6kg+CGfK83SBB+i/zzTsTuRUs/s1DtvMMZw88p7
Omz8QMkICyLq6+O70gKYMJeR/bkTamDNeAyy10ddJEDkFSlqufO6AbXU8tpPDwT4
9WzZttwnyumAebO/uAiqa/uZoBinGsK0cbsJ8Ja/MuGtbtVfCX59LGikFnrLlxzk
Eua7H3ISIAPH7kzcuArfxx8U1s35Pzon7H9kFopVgPmmNsO4wYhKD2rk7oq2xR5d
2ZI1/7a4g35A7F/gBE7MarTtejxfU5s98BnBOxq+p67QOuU2Zk3m
-----END CERTIFICATE-----