Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/6fsyJPAZd5qYuNGrOkZiBfeJqaE.roa
File:                     6fsyJPAZd5qYuNGrOkZiBfeJqaE.roa (raw, json)
Hash identifier:          q2la4A00V2KxdSz7XP7fQCqTWBu1aAswNPO0TtoYo1c=
Subject key identifier:   E9:FB:32:24:F0:19:77:9A:98:B8:D1:AB:3A:46:62:05:F7:89:A9:A1
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0199153080439ECD8FEFCABA3C8D6D152006
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/6fsyJPAZd5qYuNGrOkZiBfeJqaE.roa
Signing time:             Thu 04 Sep 2025 14:45:24 +0000
ROA not before:           Thu 04 Sep 2025 14:45:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51722
IP address blocks:        194.62.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:30:80:43:9e:cd:8f:ef:ca:ba:3c:8d:6d:15:20:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Sep  4 14:45:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9fb3224f019779a98b8d1ab3a466205f789a9a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0e:ff:e8:be:0c:64:67:0b:18:c0:ba:26:b0:
                    aa:24:6c:bb:bb:97:c4:a4:54:17:8a:63:8b:f5:27:
                    c4:50:64:84:4c:8e:08:44:77:fe:6f:55:8f:b8:f4:
                    72:2c:fc:a9:f3:40:13:be:43:24:74:c4:13:2d:5c:
                    c8:a6:7c:8b:dd:f2:a4:d5:4a:fa:91:db:34:e6:2b:
                    18:67:2a:e8:a8:12:2d:ed:9d:98:60:ff:9a:5a:cd:
                    45:b1:ed:de:c8:d0:86:ab:8b:5f:ce:2c:d2:a5:71:
                    1e:ac:c7:d2:41:99:44:20:d2:78:8d:10:02:95:1a:
                    6a:56:6a:bd:a3:c1:0d:ba:d2:5f:5a:bf:6c:1f:a9:
                    9d:0d:43:db:dc:b9:d6:b5:06:18:88:69:67:b9:24:
                    41:cf:9a:82:23:61:9f:42:9e:56:b0:1e:c2:68:57:
                    a5:20:71:be:97:5d:1c:9a:a0:13:1c:f3:90:78:f3:
                    9c:43:83:d1:38:04:ef:9b:47:cc:03:ee:3c:55:cb:
                    11:5c:1f:cd:c4:82:70:a9:34:42:21:ca:7b:95:8c:
                    40:d9:3f:e1:56:96:6d:93:7b:4b:73:6c:0b:39:6a:
                    47:8b:c3:a9:0b:70:18:bb:da:68:ed:43:50:7b:79:
                    ae:ab:b8:34:29:ac:07:2e:9d:14:26:e7:64:bd:3b:
                    f6:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FB:32:24:F0:19:77:9A:98:B8:D1:AB:3A:46:62:05:F7:89:A9:A1
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/6fsyJPAZd5qYuNGrOkZiBfeJqaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:1a:55:65:02:95:77:17:f8:c5:4b:9f:2b:4d:fa:67:0b:9d:
         34:cd:e8:46:4e:8d:8e:46:ff:81:bd:c3:5b:82:55:a9:98:a3:
         1e:f3:ab:d9:ed:90:52:4f:95:45:b5:0d:cb:7a:3c:7f:1e:d4:
         ca:a2:2e:cc:a2:fb:5f:67:05:10:28:60:2f:24:a1:2a:3f:39:
         34:17:29:36:c6:79:c4:b8:b9:e3:b5:5e:1b:20:eb:b1:85:dd:
         99:0f:89:d5:1e:2c:aa:4e:66:d8:3c:a1:0f:17:0e:98:7f:0a:
         56:8a:57:eb:c0:88:03:55:de:eb:8d:07:a4:4e:a0:a8:7d:8b:
         f2:91:af:86:da:16:10:64:30:00:78:a4:d8:32:fa:ed:2f:cd:
         5f:cf:97:83:ef:4d:2e:82:62:dd:1a:35:3f:e1:23:1b:5e:3f:
         d0:91:a1:07:e1:13:e4:12:ae:3e:92:72:92:67:98:33:c3:9f:
         bd:b1:e0:46:4a:ff:c0:17:2c:00:8c:2b:04:9a:24:40:ae:32:
         ea:37:35:6b:44:06:03:48:3e:42:ff:98:e5:15:03:13:f4:a5:
         aa:1d:f7:e1:b0:c7:dd:33:b4:c1:a2:9e:bc:b7:e1:0d:a8:d8:
         89:08:46:e5:8c:df:fb:dd:88:fd:7d:7a:3c:12:90:94:b7:94:
         2f:34:31:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkVMIBDns2P78q6PI1tFSAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwOTA0MTQ0NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWZiMzIyNGYwMTk3NzlhOThiOGQxYWIzYTQ2NjIwNWY3ODlhOWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArg7/6L4MZGcLGMC6JrCqJGy7u5fE
pFQXimOL9SfEUGSETI4IRHf+b1WPuPRyLPyp80ATvkMkdMQTLVzIpnyL3fKk1Ur6
kds05isYZyroqBIt7Z2YYP+aWs1Fse3eyNCGq4tfzizSpXEerMfSQZlEINJ4jRAC
lRpqVmq9o8ENutJfWr9sH6mdDUPb3LnWtQYYiGlnuSRBz5qCI2GfQp5WsB7CaFel
IHG+l10cmqATHPOQePOcQ4PROATvm0fMA+48VcsRXB/NxIJwqTRCIcp7lYxA2T/h
VpZtk3tLc2wLOWpHi8OpC3AYu9po7UNQe3muq7g0KawHLp0UJudkvTv2iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOn7MiTwGXeamLjRqzpGYgX3iamhMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvNmZzeUpQQVpkNXFZdU5Hck9rWmlCZmVKcWFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj42MA0G
CSqGSIb3DQEBCwUAA4IBAQAOGlVlApV3F/jFS58rTfpnC500zehGTo2ORv+BvcNb
glWpmKMe86vZ7ZBST5VFtQ3Lejx/HtTKoi7MovtfZwUQKGAvJKEqPzk0Fyk2xnnE
uLnjtV4bIOuxhd2ZD4nVHiyqTmbYPKEPFw6YfwpWilfrwIgDVd7rjQekTqCofYvy
ka+G2hYQZDAAeKTYMvrtL81fz5eD700ugmLdGjU/4SMbXj/QkaEH4RPkEq4+knKS
Z5gzw5+9seBGSv/AFywAjCsEmiRArjLqNzVrRAYDSD5C/5jlFQMT9KWqHffhsMfd
M7TBop68t+ENqNiJCEbljN/73Yj9fXo8EpCUt5QvNDHD
-----END CERTIFICATE-----