Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/5bf30d-69eb-41a4-a90d-21b9f12d22f3/1/1s99Tw3afz1xnVyZeR8lNzEPEk8.roa
File:                     1s99Tw3afz1xnVyZeR8lNzEPEk8.roa (raw, json)
Hash identifier:          b6Tn8In4pLbU3Aif4BcpGyzCXnOKH3eVjkyvFPcCx0s=
Subject key identifier:   D6:CF:7D:4F:0D:DA:7F:3D:71:9D:5C:99:79:1F:25:37:31:0F:12:4F
Certificate issuer:       /CN=6694f5b0fab5fed2df9535e2a9c029f187d55404
Certificate serial:       019589CD33FA160D9ACC725FE6D1CD9B10CA
Authority key identifier: 66:94:F5:B0:FA:B5:FE:D2:DF:95:35:E2:A9:C0:29:F1:87:D5:54:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZpT1sPq1_tLflTXiqcAp8YfVVAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/5bf30d-69eb-41a4-a90d-21b9f12d22f3/1/1s99Tw3afz1xnVyZeR8lNzEPEk8.roa
Signing time:             Wed 12 Mar 2025 10:01:21 +0000
ROA not before:           Wed 12 Mar 2025 10:01:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60609
IP address blocks:        185.251.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/5bf30d-69eb-41a4-a90d-21b9f12d22f3/1/ZpT1sPq1_tLflTXiqcAp8YfVVAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/5bf30d-69eb-41a4-a90d-21b9f12d22f3/1/ZpT1sPq1_tLflTXiqcAp8YfVVAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZpT1sPq1_tLflTXiqcAp8YfVVAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:89:cd:33:fa:16:0d:9a:cc:72:5f:e6:d1:cd:9b:10:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6694f5b0fab5fed2df9535e2a9c029f187d55404
        Validity
            Not Before: Mar 12 10:01:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6cf7d4f0dda7f3d719d5c99791f2537310f124f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:97:bd:f4:1a:80:72:74:58:14:6d:58:f4:d2:
                    20:6b:00:bb:12:e6:a6:69:15:ee:62:ff:15:4b:73:
                    0c:6d:6c:38:a1:70:21:36:5d:0d:63:c4:17:30:a3:
                    31:73:65:ec:60:9d:b3:e8:09:13:16:3b:a8:bc:86:
                    6b:94:39:fe:8b:b7:29:d8:57:6a:eb:72:25:8e:35:
                    f2:8e:1c:fc:21:8b:b5:ad:c3:0c:d9:1b:4a:70:94:
                    37:0c:91:b2:31:99:20:b0:40:c0:31:d0:bf:fb:33:
                    f2:de:f7:6a:d4:b2:53:f6:40:3b:7e:e8:73:f1:78:
                    a8:66:5a:cf:35:cc:37:df:9d:2c:7a:db:0e:97:ee:
                    0c:b2:3f:26:49:4a:cc:87:36:09:a2:3e:de:97:8c:
                    39:a5:11:83:b4:d8:1d:5d:73:37:dd:42:2e:b6:0c:
                    7a:58:3b:26:bb:db:1e:28:ec:07:b6:59:bc:66:a2:
                    38:5e:5b:41:0c:1f:67:3d:40:bd:cc:57:a0:51:9c:
                    72:1b:b1:ab:9a:99:d7:67:98:be:23:67:55:2b:3f:
                    8f:b4:52:33:bd:96:19:7e:2c:18:e1:20:df:90:40:
                    68:12:58:c0:95:ff:a9:3c:40:ad:8b:e5:7d:ac:a0:
                    53:ff:38:fe:e9:32:40:6c:a9:eb:04:f8:73:b2:33:
                    e5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:CF:7D:4F:0D:DA:7F:3D:71:9D:5C:99:79:1F:25:37:31:0F:12:4F
            X509v3 Authority Key Identifier:
                keyid:66:94:F5:B0:FA:B5:FE:D2:DF:95:35:E2:A9:C0:29:F1:87:D5:54:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZpT1sPq1_tLflTXiqcAp8YfVVAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5bf30d-69eb-41a4-a90d-21b9f12d22f3/1/1s99Tw3afz1xnVyZeR8lNzEPEk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5bf30d-69eb-41a4-a90d-21b9f12d22f3/1/ZpT1sPq1_tLflTXiqcAp8YfVVAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:4d:97:d8:c7:a2:87:8f:c5:bf:ab:00:85:cb:b0:60:50:bc:
         97:ec:48:96:80:ea:ed:83:7b:55:42:3b:6b:a5:b3:00:ea:20:
         48:6f:b0:c3:6c:96:a9:4d:81:d3:24:7d:33:49:e8:0b:8d:ff:
         5f:1b:94:ee:e4:9f:b3:1a:03:1d:07:55:99:1c:c3:ab:27:bd:
         2a:e8:7a:8e:a3:1e:96:3b:7a:ea:dc:12:42:12:96:ad:9d:a7:
         9c:80:ae:e7:f2:62:08:09:c1:35:bf:24:b7:e2:49:34:1b:6e:
         7d:e3:bd:ef:3d:ea:d5:79:1b:84:62:96:5b:b2:f1:f3:1a:22:
         51:3c:f3:c0:30:e1:2d:79:13:e8:00:51:47:ad:bf:52:48:53:
         ef:12:a1:a4:dc:ff:d3:d4:39:8f:fd:03:19:04:05:1e:be:c7:
         9d:9d:d6:fa:e0:45:da:e2:bc:7f:62:2b:5f:ab:2b:76:00:50:
         17:b8:99:f3:32:23:d4:61:f5:32:71:42:1a:a5:e7:87:0e:43:
         7b:79:c6:82:e3:82:cd:f2:bf:61:96:01:a3:ad:d8:31:26:ab:
         f0:c5:20:68:95:5e:a5:56:b2:48:fd:3b:da:9c:e7:a2:5a:59:
         a0:dc:b0:fa:d9:39:e6:bb:76:f7:81:61:53:08:50:ea:ea:3e:
         65:cc:50:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWJzTP6Fg2azHJf5tHNmxDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTRmNWIwZmFiNWZlZDJkZjk1MzVlMmE5YzAyOWYxODdk
NTU0MDQwHhcNMjUwMzEyMTAwMTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmNmN2Q0ZjBkZGE3ZjNkNzE5ZDVjOTk3OTFmMjUzNzMxMGYxMjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5e99BqAcnRYFG1Y9NIgawC7Euam
aRXuYv8VS3MMbWw4oXAhNl0NY8QXMKMxc2XsYJ2z6AkTFjuovIZrlDn+i7cp2Fdq
63IljjXyjhz8IYu1rcMM2RtKcJQ3DJGyMZkgsEDAMdC/+zPy3vdq1LJT9kA7fuhz
8XioZlrPNcw3350setsOl+4Msj8mSUrMhzYJoj7el4w5pRGDtNgdXXM33UIutgx6
WDsmu9seKOwHtlm8ZqI4XltBDB9nPUC9zFegUZxyG7GrmpnXZ5i+I2dVKz+PtFIz
vZYZfiwY4SDfkEBoEljAlf+pPECti+V9rKBT/zj+6TJAbKnrBPhzsjPlfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbPfU8N2n89cZ1cmXkfJTcxDxJPMB8GA1UdIwQY
MBaAFGaU9bD6tf7S35U14qnAKfGH1VQEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBUMXNQcTFfdExmbFRYaXFjQXA4WWZWVkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi81YmYzMGQtNjllYi00MWE0LWE5MGQt
MjFiOWYxMmQyMmYzLzEvMXM5OVR3M2FmejF4blZ5WmVSOGxOekVQRWs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi81YmYzMGQtNjllYi00MWE0LWE5MGQtMjFiOWYxMmQyMmYz
LzEvWnBUMXNQcTFfdExmbFRYaXFjQXA4WWZWVkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufvMMA0G
CSqGSIb3DQEBCwUAA4IBAQAmTZfYx6KHj8W/qwCFy7BgULyX7EiWgOrtg3tVQjtr
pbMA6iBIb7DDbJapTYHTJH0zSegLjf9fG5Tu5J+zGgMdB1WZHMOrJ70q6HqOox6W
O3rq3BJCEpatnaecgK7n8mIICcE1vyS34kk0G259473vPerVeRuEYpZbsvHzGiJR
PPPAMOEteRPoAFFHrb9SSFPvEqGk3P/T1DmP/QMZBAUevsedndb64EXa4rx/Yitf
qyt2AFAXuJnzMiPUYfUycUIapeeHDkN7ecaC44LN8r9hlgGjrdgxJqvwxSBolV6l
VrJI/TvanOeiWlmg3LD62Tnmu3b3gWFTCFDq6j5lzFAB
-----END CERTIFICATE-----