Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/zy6JMMIZp4iT7e139le0NYBhce8.roa
File:                     zy6JMMIZp4iT7e139le0NYBhce8.roa (raw, json)
Hash identifier:          7ppyWguuo1KWIsZnXyQq/hp4jdvBZxKn909Zkp3QprY=
Subject key identifier:   CF:2E:89:30:C2:19:A7:88:93:ED:ED:77:F6:57:B4:35:80:61:71:EF
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       0197E3FAEEB4E24B7EBA09977EADE0847ABA
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/zy6JMMIZp4iT7e139le0NYBhce8.roa
Signing time:             Mon 07 Jul 2025 08:22:42 +0000
ROA not before:           Mon 07 Jul 2025 08:22:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62442
IP address blocks:        185.221.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e3:fa:ee:b4:e2:4b:7e:ba:09:97:7e:ad:e0:84:7a:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Jul  7 08:22:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf2e8930c219a78893eded77f657b435806171ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:35:b6:71:7e:74:0d:aa:fc:c8:bd:fc:3a:ad:
                    9e:f2:53:28:f3:6d:e8:b9:98:25:aa:ca:89:e0:ff:
                    6f:de:01:da:cd:73:f0:08:8e:21:14:1e:ff:a4:6f:
                    4a:09:2f:1a:ef:a9:cd:54:c0:d7:24:98:cf:86:06:
                    45:d2:24:39:c7:96:9b:cd:22:8e:b4:2b:66:08:cd:
                    1d:58:51:29:7d:2c:6a:21:0e:8e:c0:c8:6b:41:ad:
                    fc:e7:2b:89:eb:b9:34:65:42:30:6b:a4:4f:b7:68:
                    1d:3a:12:9a:29:f3:c6:e3:14:87:47:25:b8:ca:b5:
                    3e:fb:36:e3:9a:c0:6f:8d:9e:f3:4d:72:ba:47:21:
                    04:b4:c8:af:4e:b4:09:43:17:97:7b:41:0b:e5:03:
                    b9:91:f0:2d:4d:9e:ee:18:4f:02:ac:db:07:02:7a:
                    0f:66:e5:2d:b9:64:cf:66:15:07:21:0e:de:a8:33:
                    f4:4f:4d:d9:06:a7:fd:88:b3:61:31:72:b9:d4:00:
                    96:92:9c:4a:0f:a2:96:44:11:1f:70:4c:bc:1f:ce:
                    33:11:b9:c6:ea:ba:13:09:92:14:fb:1d:36:8e:5c:
                    35:e5:72:b9:19:3a:1c:8b:8a:72:9e:1e:e0:24:db:
                    19:6e:d5:ce:ed:6a:d9:b9:17:0e:d9:1a:ad:ff:4b:
                    01:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:2E:89:30:C2:19:A7:88:93:ED:ED:77:F6:57:B4:35:80:61:71:EF
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/zy6JMMIZp4iT7e139le0NYBhce8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:66:fe:d5:c1:30:4f:47:e1:7b:98:07:ee:48:ff:eb:b2:ad:
         13:0a:8d:53:96:02:32:e3:f0:88:56:1f:a1:62:57:24:3e:8d:
         af:b0:0b:13:e1:37:09:d1:17:54:33:21:f7:b3:6e:d9:3e:3c:
         f5:80:43:e3:be:65:c1:d6:e0:4e:89:5f:36:df:c4:e6:1c:5d:
         f1:3a:69:3c:a4:5b:db:64:f8:5c:93:85:3b:b9:52:2d:be:71:
         30:c7:cd:b7:ca:a0:dd:c2:31:04:bd:db:e2:78:73:af:55:e6:
         53:dd:1b:50:1b:38:2f:ab:ae:e5:1f:03:73:e9:13:34:32:1f:
         e3:5e:83:49:b3:74:28:b1:20:80:78:41:5e:94:24:75:68:81:
         d6:ff:ec:72:5a:50:22:86:64:17:e1:d1:e5:0f:7c:61:25:f2:
         96:7e:a5:4c:b6:f7:ca:7d:82:c4:7d:3b:d8:0e:3b:95:1c:34:
         07:43:82:0c:7b:7a:23:c2:5f:68:3c:21:58:93:27:93:14:f1:
         75:ef:b1:59:da:8b:1c:29:cd:24:47:c0:18:30:49:62:42:63:
         db:57:50:0f:67:cc:c6:70:a4:8c:d5:48:4a:54:93:60:8c:12:
         af:95:7d:cd:06:19:95:4f:f6:c4:86:f1:94:96:12:89:ed:3b:
         75:71:6c:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfj+u604kt+ugmXfq3ghHq6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjUwNzA3MDgyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjJlODkzMGMyMTlhNzg4OTNlZGVkNzdmNjU3YjQzNTgwNjE3MWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jW2cX50Dar8yL38Oq2e8lMo823o
uZglqsqJ4P9v3gHazXPwCI4hFB7/pG9KCS8a76nNVMDXJJjPhgZF0iQ5x5abzSKO
tCtmCM0dWFEpfSxqIQ6OwMhrQa385yuJ67k0ZUIwa6RPt2gdOhKaKfPG4xSHRyW4
yrU++zbjmsBvjZ7zTXK6RyEEtMivTrQJQxeXe0EL5QO5kfAtTZ7uGE8CrNsHAnoP
ZuUtuWTPZhUHIQ7eqDP0T03ZBqf9iLNhMXK51ACWkpxKD6KWRBEfcEy8H84zEbnG
6roTCZIU+x02jlw15XK5GToci4pynh7gJNsZbtXO7WrZuRcO2Rqt/0sBewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8uiTDCGaeIk+3td/ZXtDWAYXHvMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvenk2Sk1NSVpwNGlUN2UxMzlsZTBOWUJoY2U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3vMA0G
CSqGSIb3DQEBCwUAA4IBAQCnZv7VwTBPR+F7mAfuSP/rsq0TCo1TlgIy4/CIVh+h
YlckPo2vsAsT4TcJ0RdUMyH3s27ZPjz1gEPjvmXB1uBOiV8238TmHF3xOmk8pFvb
ZPhck4U7uVItvnEwx823yqDdwjEEvdvieHOvVeZT3RtQGzgvq67lHwNz6RM0Mh/j
XoNJs3QosSCAeEFelCR1aIHW/+xyWlAihmQX4dHlD3xhJfKWfqVMtvfKfYLEfTvY
DjuVHDQHQ4IMe3ojwl9oPCFYkyeTFPF177FZ2oscKc0kR8AYMEliQmPbV1APZ8zG
cKSM1UhKVJNgjBKvlX3NBhmVT/bEhvGUlhKJ7Tt1cWyA
-----END CERTIFICATE-----