Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/6toIatVBXWDoEiJHNA478OfRaxY.roa
File:                     6toIatVBXWDoEiJHNA478OfRaxY.roa (raw, json)
Hash identifier:          KemdTNR+zu82APueFn4bitb14WhQEHVGiCboljEoidc=
Subject key identifier:   EA:DA:08:6A:D5:41:5D:60:E8:12:22:47:34:0E:3B:F0:E7:D1:6B:16
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B36DE44FDE4B6CEFD47B4740FB8A4A
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/6toIatVBXWDoEiJHNA478OfRaxY.roa
Signing time:             Mon 14 Jul 2025 16:10:10 +0000
ROA not before:           Mon 14 Jul 2025 16:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199425
IP address blocks:        85.209.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b3:6d:e4:4f:de:4b:6c:ef:d4:7b:47:40:fb:8a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eada086ad5415d60e8122247340e3bf0e7d16b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fc:45:20:da:02:15:7e:de:9f:8e:77:c8:a4:
                    28:ca:18:6a:92:2c:c1:94:3a:5a:fc:36:d8:5f:9c:
                    02:22:30:ec:14:ed:95:92:d4:2a:19:1a:ee:7b:33:
                    88:6f:69:a4:d9:ca:88:59:d8:16:54:9c:4b:04:db:
                    c1:89:14:fa:da:db:96:e1:06:bf:9d:8e:ce:bb:e2:
                    33:04:49:1f:42:b5:fd:b9:dd:2f:5c:43:ea:17:b9:
                    3e:dc:9c:f0:07:22:65:99:3a:ff:d6:e8:77:0d:27:
                    dc:12:12:26:ce:02:15:4a:b5:f4:80:2b:99:ca:32:
                    f9:f4:f1:c7:61:a2:5e:2a:7b:d0:d6:63:97:89:15:
                    27:06:e9:f5:5e:23:23:15:f4:02:65:1f:5f:82:78:
                    5d:7f:55:5c:0e:17:1a:7b:ac:a0:04:3e:3d:26:0b:
                    fc:09:a6:db:f7:eb:e2:ff:38:a9:60:5b:d9:a8:5f:
                    8b:e7:f1:b8:dd:75:21:24:87:30:ca:78:c1:b3:6f:
                    17:69:35:59:8a:74:84:02:69:94:d1:d3:1a:58:35:
                    92:5d:b5:56:75:62:77:b0:df:ee:46:cc:19:bc:74:
                    ee:57:6c:74:f7:c5:6b:6b:64:e6:f8:1a:00:2a:d3:
                    e9:dc:ed:96:25:ac:ee:81:46:8e:7f:9b:0c:a7:03:
                    a4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:DA:08:6A:D5:41:5D:60:E8:12:22:47:34:0E:3B:F0:E7:D1:6B:16
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/6toIatVBXWDoEiJHNA478OfRaxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:f6:57:40:50:93:00:12:54:51:b5:fa:6a:28:24:d8:b9:79:
         69:f4:78:b4:9d:eb:bd:89:d7:e7:35:2e:d7:33:3f:35:29:ce:
         b5:ba:67:8b:d2:98:87:35:df:b5:50:7e:e6:47:98:ea:14:13:
         c4:ef:97:47:14:c2:54:16:c0:a6:46:69:b6:f0:d3:59:45:fc:
         73:cc:95:e3:3a:3a:21:e3:f8:55:54:ad:96:00:b2:5f:e5:3f:
         f9:18:63:55:81:77:bc:6e:08:ef:65:13:3a:26:d8:34:8b:21:
         e2:cb:a6:75:c9:3c:ed:a1:61:4a:7e:91:99:71:49:94:b2:9d:
         a3:07:6a:1d:c2:24:fe:75:35:2b:bd:77:a2:60:e8:7b:fd:1e:
         c3:d5:a8:a0:d0:a3:3c:f2:37:24:70:1a:96:19:70:17:ab:de:
         fe:35:17:79:11:79:79:0d:c4:fe:fe:ba:76:91:28:2a:bd:38:
         2b:42:bd:57:0e:ba:06:8a:69:0f:f3:98:28:9e:31:ed:0f:c7:
         bb:a9:25:cb:7e:8f:9d:d3:6b:91:02:fd:db:f0:1b:ff:cf:82:
         52:80:bd:0a:6f:fb:63:6c:d7:d6:c5:30:64:db:91:fc:56:11:
         a0:09:81:27:6d:0b:a6:eb:75:12:e6:fd:bf:00:be:0d:55:0a:
         67:53:30:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJs23kT95LbO/Ue0dA+4pKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWRhMDg2YWQ1NDE1ZDYwZTgxMjIyNDczNDBlM2JmMGU3ZDE2YjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPxFINoCFX7en453yKQoyhhqkizB
lDpa/DbYX5wCIjDsFO2VktQqGRruezOIb2mk2cqIWdgWVJxLBNvBiRT62tuW4Qa/
nY7Ou+IzBEkfQrX9ud0vXEPqF7k+3JzwByJlmTr/1uh3DSfcEhImzgIVSrX0gCuZ
yjL59PHHYaJeKnvQ1mOXiRUnBun1XiMjFfQCZR9fgnhdf1VcDhcae6ygBD49Jgv8
Cabb9+vi/zipYFvZqF+L5/G43XUhJIcwynjBs28XaTVZinSEAmmU0dMaWDWSXbVW
dWJ3sN/uRswZvHTuV2x098Vra2Tm+BoAKtPp3O2WJazugUaOf5sMpwOkUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOraCGrVQV1g6BIiRzQOO/Dn0WsWMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvNnRvSWF0VkJYV0RvRWlKSE5BNDc4T2ZSYXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdEDMA0G
CSqGSIb3DQEBCwUAA4IBAQBL9ldAUJMAElRRtfpqKCTYuXlp9Hi0neu9idfnNS7X
Mz81Kc61umeL0piHNd+1UH7mR5jqFBPE75dHFMJUFsCmRmm28NNZRfxzzJXjOjoh
4/hVVK2WALJf5T/5GGNVgXe8bgjvZRM6Jtg0iyHiy6Z1yTztoWFKfpGZcUmUsp2j
B2odwiT+dTUrvXeiYOh7/R7D1aig0KM88jckcBqWGXAXq97+NRd5EXl5DcT+/rp2
kSgqvTgrQr1XDroGimkP85gonjHtD8e7qSXLfo+d02uRAv3b8Bv/z4JSgL0Kb/tj
bNfWxTBk25H8VhGgCYEnbQum63US5v2/AL4NVQpnUzDe
-----END CERTIFICATE-----