Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/6emN9M3cB7sr80vwNZiWMUBG3Cg.roa
File:                     6emN9M3cB7sr80vwNZiWMUBG3Cg.roa (raw, json)
Hash identifier:          1gZWDVB1gAfzV3pMYNk/KRCLYXN4jo/9DG2+cdxXfeU=
Subject key identifier:   E9:E9:8D:F4:CD:DC:07:BB:2B:F3:4B:F0:35:98:96:31:40:46:DC:28
Certificate issuer:       /CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
Certificate serial:       01977F8F766B0180566D2CA2B853D62396CC
Authority key identifier: CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/6emN9M3cB7sr80vwNZiWMUBG3Cg.roa
Signing time:             Tue 17 Jun 2025 20:23:17 +0000
ROA not before:           Tue 17 Jun 2025 20:23:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196618
IP address blocks:        194.104.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7f:8f:76:6b:01:80:56:6d:2c:a2:b8:53:d6:23:96:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
        Validity
            Not Before: Jun 17 20:23:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9e98df4cddc07bb2bf34bf0359896314046dc28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:aa:bb:f3:6f:1d:28:d0:95:ac:2c:87:29:e5:
                    ef:da:f4:86:a8:10:36:6a:19:58:e1:4d:78:3b:ce:
                    16:16:c9:dc:9c:15:75:25:e5:c1:22:04:9d:4f:a1:
                    4c:e2:f8:d4:2c:b4:5f:ed:d4:43:d6:2a:64:cd:2c:
                    d3:54:f8:a9:52:8e:ff:cf:c1:ed:bb:13:db:f4:f9:
                    39:aa:9e:9e:22:f5:db:a9:2b:ef:00:4f:94:e9:07:
                    65:91:b1:7b:d5:43:94:03:40:85:71:ac:92:11:a3:
                    e8:bb:52:d7:32:27:82:20:d1:a5:4f:51:b3:df:3b:
                    d9:43:06:18:63:e5:d0:bd:d3:d6:17:27:14:86:17:
                    8f:8f:b5:39:c5:bd:ea:8e:7e:01:b3:67:f4:66:c8:
                    ba:b3:29:3a:37:eb:f5:c5:04:f3:b0:0a:03:3a:c6:
                    11:ce:3e:5c:70:fb:48:8e:2c:b0:b1:f5:6c:43:fb:
                    05:3a:c1:25:39:26:32:b2:2b:5f:05:0e:39:05:aa:
                    4e:68:ac:b8:7c:79:38:63:7f:28:95:96:30:29:8a:
                    c6:b6:86:dd:2a:bf:5c:29:bd:46:cd:9f:25:0a:9d:
                    15:98:8a:33:f9:c3:d8:e4:b3:ca:e0:6b:75:51:fe:
                    9c:bb:71:7c:c7:c9:b6:c2:b9:f1:09:b5:5c:4e:cd:
                    e7:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E9:8D:F4:CD:DC:07:BB:2B:F3:4B:F0:35:98:96:31:40:46:DC:28
            X509v3 Authority Key Identifier:
                keyid:CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/6emN9M3cB7sr80vwNZiWMUBG3Cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:78:e9:c3:99:6a:71:ab:19:90:50:55:a8:7c:69:34:41:be:
         94:2a:8c:4e:48:6e:9f:f8:b4:8f:7f:2d:db:91:b7:10:0e:71:
         69:ac:92:d2:5c:dc:e4:01:41:4a:4b:4f:07:16:15:63:b6:15:
         89:6e:9e:88:7d:ee:27:28:4a:f4:f0:10:52:78:fb:c1:ed:f8:
         30:57:77:c9:ee:3a:60:4a:63:ac:7b:6c:31:8e:be:31:d3:b2:
         8f:5e:c4:dd:3b:bc:27:5b:9c:53:7e:52:46:95:a5:a5:15:15:
         a3:43:a2:57:c2:e9:ab:f0:62:cb:c6:4d:91:da:75:c2:5e:a9:
         e1:39:a6:c8:61:7d:90:59:20:84:5f:53:80:d9:f1:6c:ae:3b:
         8f:57:ea:7a:07:ad:53:7e:dc:42:eb:7f:39:57:54:94:f0:f3:
         42:4f:62:65:9c:ad:51:15:6f:f9:6e:df:34:00:16:cc:53:b8:
         3c:f5:0e:f3:49:44:d7:f6:4b:34:fe:5e:ae:94:7e:6d:b4:13:
         f3:db:c4:d9:9b:10:12:03:74:dd:d0:5f:0c:74:64:70:14:10:
         2f:38:63:16:3c:a3:3b:e4:b6:67:7c:63:cb:58:42:4a:bc:34:
         4d:32:0e:ac:ba:98:05:3a:7c:c7:6f:22:08:ca:6a:2f:da:59:
         6b:ea:57:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd/j3ZrAYBWbSyiuFPWI5bMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOWY2ZmJmZTAwYTA4NTkyYjdiYjBlZGZkYzIwMDJiZmM3
MmI1NzgwHhcNMjUwNjE3MjAyMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWU5OGRmNGNkZGMwN2JiMmJmMzRiZjAzNTk4OTYzMTQwNDZkYzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6q7828dKNCVrCyHKeXv2vSGqBA2
ahlY4U14O84WFsncnBV1JeXBIgSdT6FM4vjULLRf7dRD1ipkzSzTVPipUo7/z8Ht
uxPb9Pk5qp6eIvXbqSvvAE+U6QdlkbF71UOUA0CFcaySEaPou1LXMieCINGlT1Gz
3zvZQwYYY+XQvdPWFycUhhePj7U5xb3qjn4Bs2f0Zsi6syk6N+v1xQTzsAoDOsYR
zj5ccPtIjiywsfVsQ/sFOsElOSYysitfBQ45BapOaKy4fHk4Y38olZYwKYrGtobd
Kr9cKb1GzZ8lCp0VmIoz+cPY5LPK4Gt1Uf6cu3F8x8m2wrnxCbVcTs3ngwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnpjfTN3Ae7K/NL8DWYljFARtwoMB8GA1UdIwQY
MBaAFM+fb7/gCghZK3uw7f3CACv8crV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUt
MzQyYTllZTczZDg1LzEvNmVtTjlNM2NCN3NyODB2d05aaVdNVUJHM0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUtMzQyYTllZTczZDg1
LzEvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiBMA0G
CSqGSIb3DQEBCwUAA4IBAQAteOnDmWpxqxmQUFWofGk0Qb6UKoxOSG6f+LSPfy3b
kbcQDnFprJLSXNzkAUFKS08HFhVjthWJbp6Ife4nKEr08BBSePvB7fgwV3fJ7jpg
SmOse2wxjr4x07KPXsTdO7wnW5xTflJGlaWlFRWjQ6JXwumr8GLLxk2R2nXCXqnh
OabIYX2QWSCEX1OA2fFsrjuPV+p6B61TftxC6385V1SU8PNCT2JlnK1RFW/5bt80
ABbMU7g89Q7zSUTX9ks0/l6ulH5ttBPz28TZmxASA3Td0F8MdGRwFBAvOGMWPKM7
5LZnfGPLWEJKvDRNMg6supgFOnzHbyIIymov2llr6lfL
-----END CERTIFICATE-----