Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/6DpWZbBL9E7B4j1aF-rxc-G8DWI.roa
File:                     6DpWZbBL9E7B4j1aF-rxc-G8DWI.roa (raw, json)
Hash identifier:          SV3cobOGrBeYAeMDxv8oIoNqGXu5Q+QcGtKFI/sHBB4=
Subject key identifier:   E8:3A:56:65:B0:4B:F4:4E:C1:E2:3D:5A:17:EA:F1:73:E1:BC:0D:62
Certificate issuer:       /CN=a72472c3f004b0b71f118e872b9838a4e0c721c7
Certificate serial:       0196C9D6A8E302058E9A65730342B66BB974
Authority key identifier: A7:24:72:C3:F0:04:B0:B7:1F:11:8E:87:2B:98:38:A4:E0:C7:21:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pyRyw_AEsLcfEY6HK5g4pODHIcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/6DpWZbBL9E7B4j1aF-rxc-G8DWI.roa
Signing time:             Tue 13 May 2025 13:30:10 +0000
ROA not before:           Tue 13 May 2025 13:30:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211093
IP address blocks:        158.120.254.0/24 maxlen: 24
                          2001:678:d48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/pyRyw_AEsLcfEY6HK5g4pODHIcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/pyRyw_AEsLcfEY6HK5g4pODHIcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pyRyw_AEsLcfEY6HK5g4pODHIcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:d6:a8:e3:02:05:8e:9a:65:73:03:42:b6:6b:b9:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a72472c3f004b0b71f118e872b9838a4e0c721c7
        Validity
            Not Before: May 13 13:30:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e83a5665b04bf44ec1e23d5a17eaf173e1bc0d62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:da:5f:a6:c1:37:8a:17:ca:a9:2a:79:2d:22:
                    4f:66:0a:ae:78:16:85:40:4e:66:ff:6f:68:66:0c:
                    78:c6:f6:03:f1:56:ec:da:e2:0e:82:71:b3:e4:45:
                    6c:f0:61:e2:0b:a7:e6:3b:cd:9a:7b:21:9b:0e:46:
                    97:73:ba:9b:05:35:f3:ef:6f:dc:a1:65:32:a7:4d:
                    4e:3d:98:c3:10:6a:a2:9a:c5:36:6f:e1:f2:aa:0b:
                    ff:06:da:b7:b2:22:3f:fd:7b:3d:b0:14:41:37:01:
                    e0:14:72:5f:2d:5c:90:4c:8e:99:d5:35:d0:fb:4a:
                    c0:1c:10:82:71:ed:1c:a6:07:dc:54:85:9f:67:5a:
                    c4:4a:bc:c9:a4:2c:26:48:1f:a5:26:b1:92:2d:51:
                    81:22:50:7e:d0:c2:dc:8d:71:b7:94:bb:2e:54:92:
                    88:43:ed:93:f8:04:43:13:39:86:dd:c0:c1:7a:f3:
                    f1:09:ee:c6:e5:c3:10:8b:59:0c:6e:a7:df:b4:0b:
                    f6:6a:6c:4e:e4:78:74:64:a4:44:05:20:4c:f6:44:
                    e1:b5:c6:2c:ae:9f:17:d1:b0:f6:a4:cf:b5:15:1a:
                    c3:e6:ac:60:05:20:6c:f3:e1:61:e9:23:6f:a5:a8:
                    28:aa:19:a4:b7:2a:73:af:de:95:05:0b:61:85:99:
                    ec:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:3A:56:65:B0:4B:F4:4E:C1:E2:3D:5A:17:EA:F1:73:E1:BC:0D:62
            X509v3 Authority Key Identifier:
                keyid:A7:24:72:C3:F0:04:B0:B7:1F:11:8E:87:2B:98:38:A4:E0:C7:21:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pyRyw_AEsLcfEY6HK5g4pODHIcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/6DpWZbBL9E7B4j1aF-rxc-G8DWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/pyRyw_AEsLcfEY6HK5g4pODHIcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.120.254.0/24
                IPv6:
                  2001:678:d48::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:86:cf:fb:bb:91:60:6e:cc:ed:ae:34:fa:d9:c9:88:5f:66:
         20:b3:1e:a3:40:0e:83:41:95:6a:02:ec:c5:0e:f1:c2:bd:00:
         8c:45:c8:ee:15:f2:1b:75:f1:8a:c5:a6:d0:44:6b:2c:78:c7:
         41:2a:9a:39:4e:75:1d:40:ab:74:91:96:7a:38:6b:c6:b2:f1:
         4f:ec:3e:40:fd:90:58:d4:6d:01:6e:dc:13:33:fb:be:02:5c:
         70:08:8a:36:50:8f:d9:07:52:58:23:37:6d:7e:06:5e:b9:de:
         e4:b8:63:c6:d2:fb:e7:3d:ba:88:34:57:50:8b:5c:c6:4c:10:
         4a:93:8a:f6:b8:81:ff:e0:4d:97:6f:db:a0:70:48:19:eb:ae:
         95:ca:e2:e2:89:33:8a:18:43:d4:3a:e2:c9:ef:b6:6d:ec:90:
         dd:da:e9:70:44:af:f3:e1:54:f2:1a:88:ca:12:d4:47:92:34:
         cf:5e:3e:04:d0:ae:02:5a:7e:c8:f0:ae:cf:f7:32:e0:ee:32:
         cb:0f:6b:84:9d:5a:7a:89:28:c0:79:14:bf:82:fa:ef:9e:04:
         41:49:7c:81:86:28:c3:26:c5:9d:e5:aa:a9:10:51:5d:4c:3f:
         fc:de:b2:a8:8f:72:a1:d7:7b:2e:3a:62:46:b2:d4:ec:4c:f5:
         f4:1f:cf:2c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZbJ1qjjAgWOmmVzA0K2a7l0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MjQ3MmMzZjAwNGIwYjcxZjExOGU4NzJiOTgzOGE0ZTBj
NzIxYzcwHhcNMjUwNTEzMTMzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODNhNTY2NWIwNGJmNDRlYzFlMjNkNWExN2VhZjE3M2UxYmMwZDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttpfpsE3ihfKqSp5LSJPZgqueBaF
QE5m/29oZgx4xvYD8Vbs2uIOgnGz5EVs8GHiC6fmO82aeyGbDkaXc7qbBTXz72/c
oWUyp01OPZjDEGqimsU2b+Hyqgv/Btq3siI//Xs9sBRBNwHgFHJfLVyQTI6Z1TXQ
+0rAHBCCce0cpgfcVIWfZ1rESrzJpCwmSB+lJrGSLVGBIlB+0MLcjXG3lLsuVJKI
Q+2T+ARDEzmG3cDBevPxCe7G5cMQi1kMbqfftAv2amxO5Hh0ZKREBSBM9kThtcYs
rp8X0bD2pM+1FRrD5qxgBSBs8+Fh6SNvpagoqhmktypzr96VBQthhZnsBQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOg6VmWwS/ROweI9Whfq8XPhvA1iMB8GA1UdIwQY
MBaAFKckcsPwBLC3HxGOhyuYOKTgxyHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHlSeXdfQUVzTGNmRVk2SEs1ZzRwT0RISWNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS85OThhMWQtMzA5NS00NjQzLTg3M2Qt
ZDhjOTUwY2FjYWI1LzEvNkRwV1piQkw5RTdCNGoxYUYtcnhjLUc4RFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS85OThhMWQtMzA5NS00NjQzLTg3M2QtZDhjOTUwY2FjYWI1
LzEvcHlSeXdfQUVzTGNmRVk2SEs1ZzRwT0RISWNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAnnj+MA8E
AgACMAkDBwAgAQZ4DUgwDQYJKoZIhvcNAQELBQADggEBABmGz/u7kWBuzO2uNPrZ
yYhfZiCzHqNADoNBlWoC7MUO8cK9AIxFyO4V8ht18YrFptBEayx4x0EqmjlOdR1A
q3SRlno4a8ay8U/sPkD9kFjUbQFu3BMz+74CXHAIijZQj9kHUlgjN21+Bl653uS4
Y8bS++c9uog0V1CLXMZMEEqTiva4gf/gTZdv26BwSBnrrpXK4uKJM4oYQ9Q64snv
tm3skN3a6XBEr/PhVPIaiMoS1EeSNM9ePgTQrgJafsjwrs/3MuDuMssPa4SdWnqJ
KMB5FL+C+u+eBEFJfIGGKMMmxZ3lqqkQUV1MP/zesqiPcqHXey46Ykay1OxM9fQf
zyw=
-----END CERTIFICATE-----