Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/6ygnhBUtwPQwZvSXcNdi14r70G8.roa
File:                     6ygnhBUtwPQwZvSXcNdi14r70G8.roa (raw, json)
Hash identifier:          GkX4vYSYMB0jxRhwwYLdEtE/7rtPvxVB7Y43y4t2nDM=
Subject key identifier:   EB:28:27:84:15:2D:C0:F4:30:66:F4:97:70:D7:62:D7:8A:FB:D0:6F
Certificate issuer:       /CN=5ec1769d3ff042124698e31c472b63bbf1bbb5ad
Certificate serial:       0196E890DEA2C9C52FCC6C2D0700CC9A5C8B
Authority key identifier: 5E:C1:76:9D:3F:F0:42:12:46:98:E3:1C:47:2B:63:BB:F1:BB:B5:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/6ygnhBUtwPQwZvSXcNdi14r70G8.roa
Signing time:             Mon 19 May 2025 12:42:10 +0000
ROA not before:           Mon 19 May 2025 12:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        185.84.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 09:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e8:90:de:a2:c9:c5:2f:cc:6c:2d:07:00:cc:9a:5c:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ec1769d3ff042124698e31c472b63bbf1bbb5ad
        Validity
            Not Before: May 19 12:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb282784152dc0f43066f49770d762d78afbd06f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a6:a5:c6:9b:bd:80:91:a0:05:9b:f8:7e:52:
                    10:88:07:06:e5:ff:fe:34:db:c6:78:71:25:c6:77:
                    9c:41:6a:75:d4:ca:f3:c4:f2:af:fc:90:ad:95:bd:
                    c2:7e:d6:08:e7:6d:4c:36:aa:db:79:89:a6:09:35:
                    a2:1e:77:5b:44:52:fc:50:7c:0d:ae:db:f8:9e:37:
                    a1:55:5d:3b:3b:ec:86:7f:3a:f8:c6:08:eb:f2:6d:
                    38:0a:3e:e4:7e:15:35:b1:de:25:a2:f1:49:23:a1:
                    b7:fd:78:fa:9c:83:7a:ce:b9:10:74:03:2d:8f:f7:
                    78:f3:92:51:37:f9:2f:71:b1:fd:89:b0:1d:70:80:
                    ad:5e:88:18:47:95:85:81:bc:49:b1:c5:1a:34:ba:
                    71:93:09:47:eb:74:d3:f5:7b:5b:2c:c0:3f:7c:9e:
                    39:89:86:21:5f:6c:f3:53:76:03:4b:32:a4:25:57:
                    3f:0c:f4:6a:62:41:29:96:70:06:77:9b:4c:1a:65:
                    e1:76:86:a4:da:f9:1c:ac:2e:76:81:6e:37:1c:48:
                    5d:89:da:88:ec:2c:73:54:7d:b6:2d:1f:91:87:3a:
                    8e:92:fe:c8:04:54:e5:de:03:0f:82:9b:f2:68:c6:
                    ac:69:2e:3e:20:e3:42:c0:d4:5f:3a:25:ad:68:35:
                    74:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:28:27:84:15:2D:C0:F4:30:66:F4:97:70:D7:62:D7:8A:FB:D0:6F
            X509v3 Authority Key Identifier:
                keyid:5E:C1:76:9D:3F:F0:42:12:46:98:E3:1C:47:2B:63:BB:F1:BB:B5:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/6ygnhBUtwPQwZvSXcNdi14r70G8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:b0:12:10:d0:31:c7:ff:72:c7:14:14:ab:21:a6:53:7f:64:
         a1:5e:f8:4f:c4:8f:12:fa:03:bb:8f:51:25:3d:f1:8a:49:74:
         14:95:85:69:3d:ba:af:47:d1:a6:4b:ce:61:2c:92:33:49:06:
         61:fd:3d:be:7c:57:2f:09:1c:61:ac:09:e6:74:37:db:1e:b0:
         f3:72:b9:60:fe:e9:89:58:81:bc:70:50:a3:36:a4:4d:6b:92:
         4c:98:25:ba:e1:07:5c:88:98:e4:3b:f0:ac:45:e9:fe:b1:08:
         ab:81:a2:5a:cf:e8:7b:68:96:93:8f:39:f4:7c:1d:3c:d0:8d:
         0d:54:3f:da:6f:ab:16:0f:27:ca:02:45:43:69:63:57:cc:09:
         5a:51:fc:69:7a:3f:74:11:5b:cb:ab:79:b8:83:08:1d:0b:59:
         75:eb:21:85:3a:a5:79:54:e0:21:db:1d:91:8a:1d:84:8a:5b:
         f5:6e:6e:4b:6d:b1:fe:d6:c5:8e:32:65:4a:f7:69:b9:45:a2:
         85:9f:21:e4:c7:3d:4b:d5:d7:98:9e:8e:48:89:87:a6:eb:83:
         12:e7:7f:af:38:e5:4e:fc:10:c8:9b:e1:14:22:6e:74:a0:ab:
         a4:5c:e7:d8:58:a0:87:aa:f6:29:1a:c5:29:01:0a:99:c7:2c:
         ca:d2:e6:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbokN6iycUvzGwtBwDMmlyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYzE3NjlkM2ZmMDQyMTI0Njk4ZTMxYzQ3MmI2M2JiZjFi
YmI1YWQwHhcNMjUwNTE5MTI0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjI4Mjc4NDE1MmRjMGY0MzA2NmY0OTc3MGQ3NjJkNzhhZmJkMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqalxpu9gJGgBZv4flIQiAcG5f/+
NNvGeHElxnecQWp11MrzxPKv/JCtlb3CftYI521MNqrbeYmmCTWiHndbRFL8UHwN
rtv4njehVV07O+yGfzr4xgjr8m04Cj7kfhU1sd4lovFJI6G3/Xj6nIN6zrkQdAMt
j/d485JRN/kvcbH9ibAdcICtXogYR5WFgbxJscUaNLpxkwlH63TT9XtbLMA/fJ45
iYYhX2zzU3YDSzKkJVc/DPRqYkEplnAGd5tMGmXhdoak2vkcrC52gW43HEhdidqI
7CxzVH22LR+RhzqOkv7IBFTl3gMPgpvyaMasaS4+IONCwNRfOiWtaDV0swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsoJ4QVLcD0MGb0l3DXYteK+9BvMB8GA1UdIwQY
MBaAFF7Bdp0/8EISRpjjHEcrY7vxu7WtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHNGMm5UX3dRaEpHbU9NY1J5dGp1X0c3dGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yOWZiMDQtZTA3Yi00ZTMwLWI4ZjUt
NTQyMDRkZGQyY2E2LzEvNnlnbmhCVXR3UFF3WnZTWGNOZGkxNHI3MEc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yOWZiMDQtZTA3Yi00ZTMwLWI4ZjUtNTQyMDRkZGQyY2E2
LzEvWHNGMm5UX3dRaEpHbU9NY1J5dGp1X0c3dGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVSfMA0G
CSqGSIb3DQEBCwUAA4IBAQADsBIQ0DHH/3LHFBSrIaZTf2ShXvhPxI8S+gO7j1El
PfGKSXQUlYVpPbqvR9GmS85hLJIzSQZh/T2+fFcvCRxhrAnmdDfbHrDzcrlg/umJ
WIG8cFCjNqRNa5JMmCW64QdciJjkO/CsRen+sQirgaJaz+h7aJaTjzn0fB080I0N
VD/ab6sWDyfKAkVDaWNXzAlaUfxpej90EVvLq3m4gwgdC1l16yGFOqV5VOAh2x2R
ih2Eilv1bm5LbbH+1sWOMmVK92m5RaKFnyHkxz1L1deYno5IiYem64MS53+vOOVO
/BDIm+EUIm50oKukXOfYWKCHqvYpGsUpAQqZxyzK0uZg
-----END CERTIFICATE-----