Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/6EY_VCJpg8TJEyV90mnhu97g-NE.roa
File:                     6EY_VCJpg8TJEyV90mnhu97g-NE.roa (raw, json)
Hash identifier:          x5jwufeU6KO3TQwWZ79Pk418O4crpsgwEI7vweQ9IdQ=
Subject key identifier:   E8:46:3F:54:22:69:83:C4:C9:13:25:7D:D2:69:E1:BB:DE:E0:F8:D1
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019975D69EE3B597060540F24AC2280366C3
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/6EY_VCJpg8TJEyV90mnhu97g-NE.roa
Signing time:             Tue 23 Sep 2025 09:10:23 +0000
ROA not before:           Tue 23 Sep 2025 09:10:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61254
IP address blocks:        195.216.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Oct 2025 07:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:75:d6:9e:e3:b5:97:06:05:40:f2:4a:c2:28:03:66:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Sep 23 09:10:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8463f54226983c4c913257dd269e1bbdee0f8d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b9:ed:6a:da:bd:43:e2:1d:6d:74:33:97:3f:
                    ca:f3:d4:ce:fc:31:ab:4c:b6:9b:2b:71:c4:57:a8:
                    6f:3d:25:14:75:18:10:0b:0d:33:13:4f:5b:a3:03:
                    61:3a:4a:dd:4e:36:5d:d5:56:96:86:f3:aa:c3:74:
                    a3:d6:0a:ac:7c:d2:ba:74:31:14:4b:38:00:0f:98:
                    62:7d:c3:e5:b5:12:77:d1:b1:a9:73:9d:3a:61:14:
                    81:62:fe:66:6f:85:86:00:e3:09:f2:6c:1b:e6:a8:
                    b7:8f:33:92:06:4d:87:c0:74:8e:74:e1:b5:4a:d8:
                    b7:ef:dd:b8:e2:21:54:89:f2:6f:bd:52:95:a5:d1:
                    98:d8:91:12:89:9d:9b:01:f7:9e:fc:22:0a:09:f3:
                    a1:67:9f:7f:e5:87:6c:0f:d7:50:d8:ac:b8:34:2c:
                    0a:a4:e4:a3:14:5f:5a:e5:20:9e:f3:9d:f0:a1:67:
                    8a:1c:d9:c1:88:1f:1b:95:fc:38:fc:d7:af:08:fe:
                    4c:9b:8f:df:95:4a:a0:33:12:7f:2e:c2:5f:68:f9:
                    8e:c9:a6:3b:2b:0f:34:03:f1:85:a7:4a:89:ea:4e:
                    75:1f:0c:22:86:3c:de:1f:16:d2:4b:7e:ac:42:dd:
                    8a:35:f7:d8:3a:5a:bf:ae:bb:6b:09:e7:83:80:38:
                    de:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:46:3F:54:22:69:83:C4:C9:13:25:7D:D2:69:E1:BB:DE:E0:F8:D1
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/6EY_VCJpg8TJEyV90mnhu97g-NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:01:86:f3:ad:0e:1e:21:40:3d:ce:8d:49:37:8e:83:12:8c:
         bd:0c:73:28:54:88:f0:7d:31:55:7a:ca:c2:18:2b:a6:bc:d5:
         9b:49:ad:51:05:af:91:70:59:40:35:62:f8:36:07:6d:af:bf:
         e5:c8:e2:a9:d9:59:94:a3:15:e9:39:86:62:d3:ad:f7:ac:22:
         99:ef:94:29:78:a0:ba:9d:a5:08:2f:7a:6c:c2:3f:ac:f9:c9:
         d5:05:ef:10:b6:0d:86:83:bc:a4:90:3e:f9:d1:01:aa:4b:f8:
         0b:6d:6d:52:be:79:33:08:60:0a:15:9c:34:a8:3c:df:65:f1:
         4b:63:3b:84:b0:be:4f:0b:45:02:ae:64:00:d6:73:52:96:a7:
         26:c8:06:70:a9:3c:fb:c8:60:95:70:1c:e1:f1:54:0a:cc:bf:
         72:21:b8:c8:f4:b5:90:be:3f:94:f8:0a:bd:11:b8:af:d9:c2:
         1b:fc:79:2c:5f:81:af:f6:e3:80:6c:a9:7b:8c:7c:cb:91:17:
         2f:68:23:a4:e0:41:d4:fd:b4:e2:4d:b3:6a:ef:88:fc:37:d5:
         66:4e:8f:b0:eb:f5:91:54:bd:23:79:75:4f:a7:36:f6:18:48:
         ef:ac:95:8b:db:98:94:45:ed:85:ea:db:d5:03:7c:07:d7:4c:
         f0:99:e2:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl11p7jtZcGBUDySsIoA2bDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwOTIzMDkxMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQ2M2Y1NDIyNjk4M2M0YzkxMzI1N2RkMjY5ZTFiYmRlZTBmOGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLntatq9Q+IdbXQzlz/K89TO/DGr
TLabK3HEV6hvPSUUdRgQCw0zE09bowNhOkrdTjZd1VaWhvOqw3Sj1gqsfNK6dDEU
SzgAD5hifcPltRJ30bGpc506YRSBYv5mb4WGAOMJ8mwb5qi3jzOSBk2HwHSOdOG1
Sti379244iFUifJvvVKVpdGY2JESiZ2bAfee/CIKCfOhZ59/5YdsD9dQ2Ky4NCwK
pOSjFF9a5SCe853woWeKHNnBiB8blfw4/NevCP5Mm4/flUqgMxJ/LsJfaPmOyaY7
Kw80A/GFp0qJ6k51HwwihjzeHxbSS36sQt2KNffYOlq/rrtrCeeDgDjeNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhGP1QiaYPEyRMlfdJp4bve4PjRMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvNkVZX1ZDSnBnOFRKRXlWOTBtbmh1OTdnLU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9iqMA0G
CSqGSIb3DQEBCwUAA4IBAQAmAYbzrQ4eIUA9zo1JN46DEoy9DHMoVIjwfTFVesrC
GCumvNWbSa1RBa+RcFlANWL4Ngdtr7/lyOKp2VmUoxXpOYZi0633rCKZ75QpeKC6
naUIL3pswj+s+cnVBe8Qtg2Gg7ykkD750QGqS/gLbW1SvnkzCGAKFZw0qDzfZfFL
YzuEsL5PC0UCrmQA1nNSlqcmyAZwqTz7yGCVcBzh8VQKzL9yIbjI9LWQvj+U+Aq9
Ebiv2cIb/HksX4Gv9uOAbKl7jHzLkRcvaCOk4EHU/bTiTbNq74j8N9VmTo+w6/WR
VL0jeXVPpzb2GEjvrJWL25iURe2F6tvVA3wH10zwmeKH
-----END CERTIFICATE-----