Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/AA6XDvY7JNXkHNDXXarpSA0Beug.roa
File:                     AA6XDvY7JNXkHNDXXarpSA0Beug.roa (raw, json)
Hash identifier:          +dVM3FUxzO2LFArxYok+bl1KAy45KVy/phLMCCQAmq8=
Subject key identifier:   00:0E:97:0E:F6:3B:24:D5:E4:1C:D0:D7:5D:AA:E9:48:0D:01:7A:E8
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0197EC61E8BD21E7BBB61DFA84AD78FF205A
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/AA6XDvY7JNXkHNDXXarpSA0Beug.roa
Signing time:             Tue 08 Jul 2025 23:32:08 +0000
ROA not before:           Tue 08 Jul 2025 23:32:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214834
IP address blocks:        5.175.238.0/24 maxlen: 24
                          89.144.15.0/24 maxlen: 24
                          2a02:2fc0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 20:26:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ec:61:e8:bd:21:e7:bb:b6:1d:fa:84:ad:78:ff:20:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul  8 23:32:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=000e970ef63b24d5e41cd0d75daae9480d017ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ef:7c:f8:e6:3d:0e:ab:34:e8:a7:1a:64:d5:
                    f8:f1:83:e8:be:0c:82:9e:c0:f9:b3:00:8c:ce:5e:
                    50:83:4a:53:fd:1a:3c:98:d0:26:f0:62:02:e2:28:
                    8d:14:75:d1:ba:92:2e:33:b6:72:62:9f:7e:9d:6c:
                    76:9c:af:49:40:a9:cd:62:42:42:b9:b8:53:7f:8f:
                    38:9f:08:90:52:44:79:6b:ba:17:29:9b:a4:fe:61:
                    85:bb:cc:c7:7f:49:10:6a:ca:a9:a1:77:e5:1c:3c:
                    0f:ee:a4:b0:d0:a0:97:30:af:32:e3:8e:d4:ad:f9:
                    a6:50:9a:44:60:3a:f2:6f:97:a9:bf:2e:03:8c:ee:
                    53:c5:d6:12:88:c4:9e:73:c6:87:8d:56:f4:fc:07:
                    f4:99:b3:3d:13:80:6e:80:f0:f9:40:bd:da:fe:ea:
                    80:8e:23:18:cd:d1:53:9f:02:2c:72:c8:93:23:38:
                    e9:91:ba:83:96:bc:d5:9c:d8:f8:43:6f:5d:0b:e0:
                    dd:ae:58:40:b1:a2:f0:b7:77:6b:cb:4a:5d:9e:51:
                    4b:b8:96:33:81:83:63:8e:c3:f4:d5:87:ed:2d:2c:
                    99:5f:49:b2:78:c3:12:6d:90:97:e5:59:6a:aa:ca:
                    83:a5:d9:a5:ff:ac:c9:42:92:ac:08:6f:26:dd:a1:
                    54:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:0E:97:0E:F6:3B:24:D5:E4:1C:D0:D7:5D:AA:E9:48:0D:01:7A:E8
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/AA6XDvY7JNXkHNDXXarpSA0Beug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.238.0/24
                  89.144.15.0/24
                IPv6:
                  2a02:2fc0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:12:a6:38:a8:95:a1:1e:89:f4:35:41:2f:27:bc:aa:51:b8:
         34:07:18:74:35:df:70:8a:56:7c:68:2d:6d:64:5c:96:9e:fd:
         22:6a:bd:c7:17:e9:47:4e:9c:58:71:e1:d3:87:19:a8:c5:0f:
         46:a3:24:97:94:28:2f:91:96:98:6a:75:eb:5e:94:29:6f:28:
         41:8f:64:46:f4:98:98:e3:2a:d1:bb:a9:c7:d0:38:24:5d:a6:
         ae:63:b9:4a:30:92:7b:35:4a:92:58:13:5c:a2:74:70:cf:31:
         ca:c6:bc:52:f2:a1:5b:22:61:36:73:bb:79:c4:43:95:c0:bc:
         04:d1:16:8b:fc:0d:23:2a:2c:c2:ce:c8:90:a5:c8:c9:80:31:
         95:9e:ca:ca:97:dd:b6:1c:80:51:45:da:d7:57:5a:a5:c1:5a:
         6e:86:e7:80:d3:15:fa:4a:67:4a:ac:60:2c:ab:7c:be:96:c5:
         05:02:87:3a:81:b5:99:62:6e:b1:de:23:4c:1c:ba:df:42:22:
         2f:8d:bc:8c:90:21:bb:c3:30:38:eb:e9:37:5c:e1:c9:7a:47:
         f8:50:f3:5c:8a:bc:dc:d5:65:c2:a1:9f:94:bc:88:9a:82:46:
         b4:ee:54:68:d8:d8:5a:f2:d3:6b:49:c6:3f:9d:e7:1c:b5:d0:
         9f:a4:a0:af
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZfsYei9Iee7th36hK14/yBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzA4MjMzMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDBlOTcwZWY2M2IyNGQ1ZTQxY2QwZDc1ZGFhZTk0ODBkMDE3YWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvO98+OY9Dqs06KcaZNX48YPovgyC
nsD5swCMzl5Qg0pT/Ro8mNAm8GIC4iiNFHXRupIuM7ZyYp9+nWx2nK9JQKnNYkJC
ubhTf484nwiQUkR5a7oXKZuk/mGFu8zHf0kQasqpoXflHDwP7qSw0KCXMK8y447U
rfmmUJpEYDryb5epvy4DjO5TxdYSiMSec8aHjVb0/Af0mbM9E4BugPD5QL3a/uqA
jiMYzdFTnwIscsiTIzjpkbqDlrzVnNj4Q29dC+DdrlhAsaLwt3dry0pdnlFLuJYz
gYNjjsP01YftLSyZX0myeMMSbZCX5VlqqsqDpdml/6zJQpKsCG8m3aFUKQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAAOlw72OyTV5BzQ112q6UgNAXroMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvQUE2WER2WTdKTlhrSE5EWFhhcnBTQTBCZXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQABa/uAwQA
WZAPMA8EAgACMAkDBwAqAi/AAAEwDQYJKoZIhvcNAQELBQADggEBAIwSpjiolaEe
ifQ1QS8nvKpRuDQHGHQ133CKVnxoLW1kXJae/SJqvccX6UdOnFhx4dOHGajFD0aj
JJeUKC+RlphqdetelClvKEGPZEb0mJjjKtG7qcfQOCRdpq5juUowkns1SpJYE1yi
dHDPMcrGvFLyoVsiYTZzu3nEQ5XAvATRFov8DSMqLMLOyJClyMmAMZWeysqX3bYc
gFFF2tdXWqXBWm6G54DTFfpKZ0qsYCyrfL6WxQUChzqBtZlibrHeI0wcut9CIi+N
vIyQIbvDMDjr6Tdc4cl6R/hQ81yKvNzVZcKhn5S8iJqCRrTuVGjY2Fry02tJxj+d
5xy10J+koK8=
-----END CERTIFICATE-----