Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/xsm6AqBlPi2ahzecbIFob-O0sWE.roa
File:                     xsm6AqBlPi2ahzecbIFob-O0sWE.roa (raw, json)
Hash identifier:          Xwgavr+1STzsDiIswdjaWGZ3SmlX/UIqXf9ofc1SI4A=
Subject key identifier:   C6:C9:BA:02:A0:65:3E:2D:9A:87:37:9C:6C:81:68:6F:E3:B4:B1:61
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019807BAF20B6C2C84ECBA828AFB0A9984EA
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/xsm6AqBlPi2ahzecbIFob-O0sWE.roa
Signing time:             Mon 14 Jul 2025 06:59:08 +0000
ROA not before:           Mon 14 Jul 2025 06:59:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213702
IP address blocks:        45.67.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:07:ba:f2:0b:6c:2c:84:ec:ba:82:8a:fb:0a:99:84:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jul 14 06:59:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6c9ba02a0653e2d9a87379c6c81686fe3b4b161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:84:ed:aa:33:9c:96:a8:11:64:e6:e2:6d:28:
                    1a:b9:e5:1b:b3:96:d2:f8:2c:ce:e3:d9:82:58:26:
                    35:cb:67:81:d0:59:fe:35:c9:f3:33:76:a0:9a:8c:
                    6e:dc:7b:a1:7b:1a:19:00:88:93:f1:c9:27:14:e4:
                    8e:b4:c0:8e:e8:dc:bd:92:29:60:6c:d7:88:11:8a:
                    f4:36:cc:4f:87:c2:34:76:33:f3:bc:4a:52:8e:d1:
                    6b:2c:9d:e4:cc:d7:b5:eb:43:d4:98:f3:6a:8c:53:
                    95:a9:ed:b8:aa:a4:db:d6:a2:ac:c1:52:7e:38:a0:
                    07:3a:53:e4:19:0c:41:75:70:02:82:14:7c:b2:41:
                    e8:85:02:7d:8a:6c:f9:ef:70:a5:14:81:cd:15:b7:
                    c5:b3:83:5b:c0:c3:b9:70:b5:6a:f2:c9:c9:d1:19:
                    92:a9:e2:93:73:dd:ed:df:f9:8b:a9:01:a2:62:33:
                    d0:80:23:b9:4b:b0:a6:c2:4d:ab:d7:a0:4e:81:6b:
                    04:67:63:0c:83:07:55:67:bd:bb:7a:a4:5d:c0:4d:
                    f5:65:2c:86:1b:f2:cd:b2:df:46:ce:01:ab:87:57:
                    5d:65:b6:92:c3:7f:3a:58:78:6a:1d:56:3a:c7:ea:
                    e7:b2:c2:11:33:93:9e:59:38:5e:ec:26:8b:ef:d5:
                    26:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:C9:BA:02:A0:65:3E:2D:9A:87:37:9C:6C:81:68:6F:E3:B4:B1:61
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/xsm6AqBlPi2ahzecbIFob-O0sWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:c2:d5:58:94:aa:f4:41:4b:f1:3a:a7:20:7b:e0:d9:51:4d:
         8b:f4:99:39:22:4f:c2:c4:53:8d:cf:0c:9c:45:2c:69:38:27:
         7c:de:af:c0:ef:28:cb:06:9a:1b:48:8a:19:43:e9:ce:f5:6e:
         bc:49:78:49:71:3b:e9:35:e7:0c:8e:95:00:4a:31:98:5c:15:
         cb:96:d5:cd:b5:85:b8:23:80:e4:4d:01:d6:03:e2:26:71:c3:
         27:2f:aa:e3:50:cb:6e:06:e6:2d:a7:32:19:e7:75:39:73:56:
         9d:d9:68:60:98:56:de:97:3f:c7:86:1e:b1:36:b7:c4:90:87:
         ea:83:4c:b9:a0:ae:5c:52:9f:69:25:ff:78:d8:8d:62:2f:42:
         be:4c:f2:a5:e0:bd:2e:6d:9a:47:3b:ce:ed:d5:0f:7b:b8:cb:
         ae:65:66:c7:45:2b:c6:a5:e3:f1:51:04:1b:b3:f1:ff:f1:3e:
         66:ab:80:a4:87:23:4c:04:6c:1e:b8:23:f0:d2:1a:a0:56:1b:
         5d:5d:18:1b:ca:d4:d9:01:6f:4f:b0:54:3a:96:b0:64:74:2b:
         f3:f0:7f:e7:d0:64:ed:44:01:0f:3e:45:0e:6e:53:5f:51:b1:
         7c:a2:4e:ee:01:9a:60:d9:b7:77:07:34:b2:6c:cb:b3:cb:28:
         75:50:55:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgHuvILbCyE7LqCivsKmYTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNzE0MDY1OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmM5YmEwMmEwNjUzZTJkOWE4NzM3OWM2YzgxNjg2ZmUzYjRiMTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYTtqjOclqgRZObibSgaueUbs5bS
+CzO49mCWCY1y2eB0Fn+NcnzM3agmoxu3HuhexoZAIiT8cknFOSOtMCO6Ny9kilg
bNeIEYr0NsxPh8I0djPzvEpSjtFrLJ3kzNe160PUmPNqjFOVqe24qqTb1qKswVJ+
OKAHOlPkGQxBdXACghR8skHohQJ9imz573ClFIHNFbfFs4NbwMO5cLVq8snJ0RmS
qeKTc93t3/mLqQGiYjPQgCO5S7Cmwk2r16BOgWsEZ2MMgwdVZ727eqRdwE31ZSyG
G/LNst9GzgGrh1ddZbaSw386WHhqHVY6x+rnssIRM5OeWThe7CaL79UmywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbJugKgZT4tmoc3nGyBaG/jtLFhMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEveHNtNkFxQmxQaTJhaHplY2JJRm9iLU8wc1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUPKMA0G
CSqGSIb3DQEBCwUAA4IBAQAawtVYlKr0QUvxOqcge+DZUU2L9Jk5Ik/CxFONzwyc
RSxpOCd83q/A7yjLBpobSIoZQ+nO9W68SXhJcTvpNecMjpUASjGYXBXLltXNtYW4
I4DkTQHWA+ImccMnL6rjUMtuBuYtpzIZ53U5c1ad2WhgmFbelz/Hhh6xNrfEkIfq
g0y5oK5cUp9pJf942I1iL0K+TPKl4L0ubZpHO87t1Q97uMuuZWbHRSvGpePxUQQb
s/H/8T5mq4CkhyNMBGweuCPw0hqgVhtdXRgbytTZAW9PsFQ6lrBkdCvz8H/n0GTt
RAEPPkUOblNfUbF8ok7uAZpg2bd3BzSybMuzyyh1UFUh
-----END CERTIFICATE-----