Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/6FLYdA6Mos-V1E6R9J2XY5SUhH8.roa
File:                     6FLYdA6Mos-V1E6R9J2XY5SUhH8.roa (raw, json)
Hash identifier:          bPGVukhlHrblebE4vbIPL7YxSRD6yAwmswFrAc43Dqk=
Subject key identifier:   E8:52:D8:74:0E:8C:A2:CF:95:D4:4E:91:F4:9D:97:63:94:94:84:7F
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019813CA781853B97019A5760A59A3147F70
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/6FLYdA6Mos-V1E6R9J2XY5SUhH8.roa
Signing time:             Wed 16 Jul 2025 15:11:32 +0000
ROA not before:           Wed 16 Jul 2025 15:11:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201211
IP address blocks:        95.130.224.0/24 maxlen: 24
                          185.19.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 22:13:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:13:ca:78:18:53:b9:70:19:a5:76:0a:59:a3:14:7f:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jul 16 15:11:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e852d8740e8ca2cf95d44e91f49d97639494847f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:fe:70:c7:e7:b2:8d:a7:29:78:4c:a5:33:e5:
                    ec:0a:bf:26:21:78:a2:6d:60:36:ed:28:5c:16:85:
                    1d:20:ef:36:e7:15:f1:7d:50:a9:a0:2c:7f:ce:c1:
                    49:bd:83:1a:c0:a7:e5:b2:49:95:82:7a:b4:e8:1f:
                    7c:bc:f3:c2:78:ae:c8:43:ed:fd:ef:1c:11:4e:26:
                    6e:e2:81:1b:93:92:c2:4c:d8:9a:dc:a4:91:5f:4e:
                    7b:26:25:e5:09:ab:fc:2f:ad:8e:89:3e:7a:1f:2b:
                    97:6d:76:af:a3:4f:ae:cf:ec:2d:0e:37:e9:de:42:
                    05:5e:4e:81:ac:43:53:da:08:c4:ea:f7:4f:4e:45:
                    68:c8:66:25:bc:18:16:d6:c7:b1:70:a4:f5:8c:f7:
                    90:24:3c:47:19:bf:af:da:55:0d:21:68:92:8e:10:
                    d7:ba:7b:87:23:f2:53:81:6b:f7:e8:f0:62:e2:00:
                    4a:54:18:8d:5c:68:d6:0a:16:9c:4e:25:6b:f5:20:
                    a3:1d:7b:9f:91:e4:29:ca:8b:60:fd:43:70:05:f4:
                    2b:5a:a2:40:9d:06:bf:17:12:4d:39:a5:16:c3:a5:
                    f4:38:a3:de:62:3e:77:d6:4d:c7:5f:34:d1:bf:2b:
                    32:60:12:51:f2:4f:64:70:75:8d:bd:76:6c:d4:23:
                    00:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:52:D8:74:0E:8C:A2:CF:95:D4:4E:91:F4:9D:97:63:94:94:84:7F
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/6FLYdA6Mos-V1E6R9J2XY5SUhH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.224.0/24
                  185.19.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:6a:52:01:aa:a1:7c:77:1f:5a:78:c6:51:a9:2d:20:a1:a7:
         0b:4a:17:ee:1b:05:b9:35:80:f7:f1:74:e2:09:33:c7:02:d3:
         32:17:59:f2:a4:be:62:4a:4f:52:68:28:a3:25:3e:20:8a:55:
         2c:73:e7:f7:3a:39:ae:df:a5:77:4c:6a:65:3d:c0:7a:ab:4f:
         88:60:f1:f0:ff:06:f0:52:c0:27:4f:6a:7a:e1:06:52:a2:b8:
         88:63:f2:e2:e6:05:61:d9:7e:d8:fa:d9:b5:4b:c9:2a:ad:cc:
         ca:db:32:51:21:a9:80:f1:ee:94:06:cb:c3:ab:d5:11:5a:7b:
         07:df:f6:56:54:95:05:31:be:f1:f0:f6:c6:5d:cd:5a:ac:f9:
         20:95:26:74:98:33:71:6c:6c:65:5f:59:48:b1:d6:16:f8:c6:
         62:61:ac:25:e4:59:b4:81:cc:49:84:98:91:5a:40:c1:4c:b1:
         56:0c:b4:a7:65:2e:17:d6:08:a1:1d:65:46:41:76:af:54:17:
         f8:96:d5:f4:57:78:df:7e:ae:7f:f1:2a:2b:dd:be:f8:7e:71:
         60:3c:08:2e:3f:36:a0:12:82:1d:d1:3f:da:31:27:a1:47:87:
         24:ca:f6:6d:0a:8f:46:86:4c:cb:45:9d:7f:53:b2:5d:24:71:
         3a:5d:f7:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgTyngYU7lwGaV2ClmjFH9wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwNzE2MTUxMTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODUyZDg3NDBlOGNhMmNmOTVkNDRlOTFmNDlkOTc2Mzk0OTQ4NDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/5wx+eyjacpeEylM+XsCr8mIXii
bWA27ShcFoUdIO825xXxfVCpoCx/zsFJvYMawKflskmVgnq06B98vPPCeK7IQ+39
7xwRTiZu4oEbk5LCTNia3KSRX057JiXlCav8L62OiT56HyuXbXavo0+uz+wtDjfp
3kIFXk6BrENT2gjE6vdPTkVoyGYlvBgW1sexcKT1jPeQJDxHGb+v2lUNIWiSjhDX
unuHI/JTgWv36PBi4gBKVBiNXGjWChacTiVr9SCjHXufkeQpyotg/UNwBfQrWqJA
nQa/FxJNOaUWw6X0OKPeYj531k3HXzTRvysyYBJR8k9kcHWNvXZs1CMAXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOhS2HQOjKLPldROkfSdl2OUlIR/MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvNkZMWWRBNk1vcy1WMUU2UjlKMlhZNVNVaEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4LgAwQA
uRPKMA0GCSqGSIb3DQEBCwUAA4IBAQCLalIBqqF8dx9aeMZRqS0goacLShfuGwW5
NYD38XTiCTPHAtMyF1nypL5iSk9SaCijJT4gilUsc+f3Ojmu36V3TGplPcB6q0+I
YPHw/wbwUsAnT2p64QZSoriIY/Li5gVh2X7Y+tm1S8kqrczK2zJRIamA8e6UBsvD
q9URWnsH3/ZWVJUFMb7x8PbGXc1arPkglSZ0mDNxbGxlX1lIsdYW+MZiYawl5Fm0
gcxJhJiRWkDBTLFWDLSnZS4X1gihHWVGQXavVBf4ltX0V3jffq5/8Sor3b74fnFg
PAguPzagEoId0T/aMSehR4ckyvZtCo9GhkzLRZ1/U7JdJHE6Xfdn
-----END CERTIFICATE-----