Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/6f1sSkB9WX-VDyBfu2FjGF8_768.roa
File:                     6f1sSkB9WX-VDyBfu2FjGF8_768.roa (raw, json)
Hash identifier:          81FaTuTny3LusxPdZBC/CvEnuJ1t4vAJ75jZ7Dn4nWk=
Subject key identifier:   E9:FD:6C:4A:40:7D:59:7F:95:0F:20:5F:BB:61:63:18:5F:3F:EF:AF
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       0198185E3C4D158793763751D4DECFC0F099
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/6f1sSkB9WX-VDyBfu2FjGF8_768.roa
Signing time:             Thu 17 Jul 2025 12:31:25 +0000
ROA not before:           Thu 17 Jul 2025 12:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        45.152.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:18:5e:3c:4d:15:87:93:76:37:51:d4:de:cf:c0:f0:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jul 17 12:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9fd6c4a407d597f950f205fbb6163185f3fefaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5c:82:95:24:61:a2:67:23:67:77:86:51:3d:
                    29:f6:d9:6b:70:ed:ac:1d:4d:25:c6:49:b4:e8:74:
                    1b:ce:34:83:4d:d2:f3:3f:73:5b:58:5b:be:3d:03:
                    d8:5b:67:1a:63:39:66:90:b8:93:69:34:72:59:7a:
                    4b:9d:0a:71:9d:f8:de:c6:b8:35:cd:e7:c4:36:33:
                    48:d7:9c:e6:e7:00:78:3f:e2:69:d1:f1:da:52:2e:
                    cd:55:e3:df:3f:89:1b:ef:6d:76:61:06:03:c3:fa:
                    2b:55:a0:94:e8:8e:ce:cf:d4:62:4c:75:65:7d:c6:
                    ab:97:57:af:ff:7c:02:9c:fd:93:3b:26:27:24:85:
                    4d:7a:a0:f0:5d:e2:87:81:e1:9f:0f:67:21:ca:98:
                    55:95:4c:dc:d2:a6:d0:4d:86:e0:a7:bc:67:06:72:
                    64:b9:29:54:9a:e7:44:e8:6f:a1:a9:d3:24:6e:cb:
                    72:c9:ab:95:41:9d:54:a0:ad:ac:8f:a5:a9:76:3d:
                    8f:78:b8:92:61:2f:42:78:a5:9d:9a:94:bd:3d:3d:
                    30:b1:2f:ca:20:c0:ab:f7:03:23:92:30:fc:cc:5f:
                    44:89:75:61:50:7f:71:c6:ca:76:43:f3:f9:29:ef:
                    27:2f:18:06:f6:2b:0e:ba:9d:70:ab:94:b3:a9:0c:
                    11:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FD:6C:4A:40:7D:59:7F:95:0F:20:5F:BB:61:63:18:5F:3F:EF:AF
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/6f1sSkB9WX-VDyBfu2FjGF8_768.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:7d:9b:62:d7:9b:5f:09:ed:6b:ba:23:4f:34:e3:71:83:b3:
         50:cf:30:65:43:8f:e7:91:8c:d4:ef:22:03:00:08:3c:fc:db:
         1b:60:70:9b:7d:dc:be:4f:42:95:7f:0a:89:d0:c1:f9:98:06:
         56:47:db:62:5d:5a:d2:39:40:fd:f8:ab:8a:59:94:fa:c1:c3:
         39:03:58:23:a6:71:1b:c2:fc:03:dd:50:27:48:db:5c:a8:da:
         57:8d:f1:22:32:bd:6c:b9:68:40:4c:ec:9e:99:35:d7:4d:f3:
         a3:44:66:aa:0d:5f:cb:91:e6:09:1b:1f:25:20:20:d4:d2:b2:
         45:7f:09:97:5c:a5:67:b0:82:81:ff:1a:ba:95:d8:8b:ea:d1:
         5d:f8:99:2b:b7:c5:51:fb:d9:57:93:ac:57:36:3e:29:02:94:
         3a:2d:53:fa:22:d4:b4:fe:15:3d:a9:20:a1:7e:dd:00:45:39:
         8c:51:41:82:82:5d:ed:da:e1:10:cd:6d:98:60:bb:af:f6:83:
         d8:20:fd:61:54:0f:ad:be:a9:47:de:38:64:94:13:6a:d6:e6:
         54:45:db:97:17:7b:4e:7a:a2:7b:44:99:13:b1:2c:81:63:0b:
         0c:16:55:5c:35:8e:9d:e1:1b:a9:70:c7:7c:37:df:7b:7a:63:
         05:76:c3:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgYXjxNFYeTdjdR1N7PwPCZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwNzE3MTIzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWZkNmM0YTQwN2Q1OTdmOTUwZjIwNWZiYjYxNjMxODVmM2ZlZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlyClSRhomcjZ3eGUT0p9tlrcO2s
HU0lxkm06HQbzjSDTdLzP3NbWFu+PQPYW2caYzlmkLiTaTRyWXpLnQpxnfjexrg1
zefENjNI15zm5wB4P+Jp0fHaUi7NVePfP4kb7212YQYDw/orVaCU6I7Oz9RiTHVl
fcarl1ev/3wCnP2TOyYnJIVNeqDwXeKHgeGfD2chyphVlUzc0qbQTYbgp7xnBnJk
uSlUmudE6G+hqdMkbstyyauVQZ1UoK2sj6Wpdj2PeLiSYS9CeKWdmpS9PT0wsS/K
IMCr9wMjkjD8zF9EiXVhUH9xxsp2Q/P5Ke8nLxgG9isOup1wq5SzqQwRCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOn9bEpAfVl/lQ8gX7thYxhfP++vMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvNmYxc1NrQjlXWC1WRHlCZnUyRmpHRjhfNzY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZikMA0G
CSqGSIb3DQEBCwUAA4IBAQAhfZti15tfCe1ruiNPNONxg7NQzzBlQ4/nkYzU7yID
AAg8/NsbYHCbfdy+T0KVfwqJ0MH5mAZWR9tiXVrSOUD9+KuKWZT6wcM5A1gjpnEb
wvwD3VAnSNtcqNpXjfEiMr1suWhATOyemTXXTfOjRGaqDV/LkeYJGx8lICDU0rJF
fwmXXKVnsIKB/xq6ldiL6tFd+Jkrt8VR+9lXk6xXNj4pApQ6LVP6ItS0/hU9qSCh
ft0ARTmMUUGCgl3t2uEQzW2YYLuv9oPYIP1hVA+tvqlH3jhklBNq1uZURduXF3tO
eqJ7RJkTsSyBYwsMFlVcNY6d4RupcMd8N997emMFdsNw
-----END CERTIFICATE-----