Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/6KM2SS07XKB0EkNGkLLkWOu7pWo.roa
File:                     6KM2SS07XKB0EkNGkLLkWOu7pWo.roa (raw, json)
Hash identifier:          Zn3IlZjwpe0f9iL0mejWAewFzAvN1zbKRrqoZP6L2wY=
Subject key identifier:   E8:A3:36:49:2D:3B:5C:A0:74:12:43:46:90:B2:E4:58:EB:BB:A5:6A
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0196C377312022894B4EF02CC6B239CEBFF5
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/6KM2SS07XKB0EkNGkLLkWOu7pWo.roa
Signing time:             Mon 12 May 2025 07:48:10 +0000
ROA not before:           Mon 12 May 2025 07:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214143
IP address blocks:        195.216.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 07:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:77:31:20:22:89:4b:4e:f0:2c:c6:b2:39:ce:bf:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: May 12 07:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8a336492d3b5ca07412434690b2e458ebbba56a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ee:a2:b5:29:a5:07:3a:51:8d:b0:8e:10:b7:
                    49:00:ef:6d:bb:77:dc:2e:20:1a:dc:ee:a5:30:bb:
                    a3:41:30:b7:12:fc:65:89:19:c6:ff:17:7f:0d:f2:
                    be:e5:d0:0c:e6:d8:33:a5:f1:bb:ea:1e:f9:de:f0:
                    dc:ec:dc:0d:16:12:0e:3a:50:c0:e4:dd:50:f0:7f:
                    30:c8:62:15:aa:71:aa:f8:48:41:f7:b2:f7:92:32:
                    65:8e:91:91:ea:2d:95:e6:65:76:c5:07:a9:95:51:
                    65:b0:84:b2:7b:57:08:c5:e6:8c:94:d9:18:bd:ea:
                    e7:19:01:c9:97:dd:d2:0c:37:aa:54:7e:1e:e0:51:
                    cb:3e:3e:3f:33:45:dc:15:7b:9d:8b:a7:ef:e5:84:
                    ac:32:d9:a9:5e:fa:08:c5:17:ff:e2:d1:d1:92:fe:
                    71:e1:77:c8:24:b0:57:bf:3e:a2:52:8f:50:9c:9f:
                    a8:70:8f:89:eb:86:1c:a8:85:f7:c7:10:ab:df:c0:
                    b6:2c:19:2b:42:a1:83:21:91:84:a8:71:ed:ca:7b:
                    54:5a:e3:31:7c:35:50:8d:a4:39:d5:f6:62:b0:b5:
                    4e:4d:d4:d5:0a:28:3a:0a:b4:4a:dd:90:96:07:ed:
                    43:ce:37:8f:02:3d:cb:c0:84:f6:48:a6:bf:10:4b:
                    df:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A3:36:49:2D:3B:5C:A0:74:12:43:46:90:B2:E4:58:EB:BB:A5:6A
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/6KM2SS07XKB0EkNGkLLkWOu7pWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:21:e7:33:4b:a7:e3:1c:1c:96:60:90:ba:11:07:f8:4d:e7:
         18:25:10:ad:5d:b2:1a:30:42:e2:bd:a5:74:72:a8:f0:21:e5:
         af:55:09:bd:a7:44:26:2b:71:51:25:1a:e7:44:89:bc:a0:83:
         d6:59:d0:40:57:89:0d:0d:51:53:ec:d5:a5:c6:f6:01:90:24:
         f4:4c:03:22:a6:e5:8b:77:8d:27:45:e1:7f:f7:65:58:cf:12:
         ea:65:bb:87:95:95:be:f1:aa:00:46:08:bd:e7:5f:fe:8f:88:
         76:51:9d:84:71:fa:d9:38:5e:8e:f3:34:62:2b:a6:fb:41:8f:
         16:fc:e1:8a:9f:a3:80:86:b9:97:27:b2:93:d6:88:2b:d9:06:
         26:ba:96:8d:41:3b:82:6a:2e:6d:0a:6b:99:00:a3:b8:0d:d7:
         90:fd:5b:5b:b9:1a:ec:45:d2:9e:5b:18:79:50:a6:8a:52:de:
         49:1b:c9:98:74:09:a6:30:ab:da:d1:f5:1b:43:40:a8:0c:6c:
         bb:91:90:38:4a:37:51:0d:bc:f0:5f:23:5f:c8:9b:97:fd:d1:
         48:83:2e:cf:73:7a:1a:e8:cb:a3:96:05:fa:a1:11:8f:4b:fa:
         1a:12:92:ac:23:66:07:eb:d7:d6:57:d2:0a:ca:ed:4b:60:d4:
         0b:3c:69:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbDdzEgIolLTvAsxrI5zr/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwNTEyMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGEzMzY0OTJkM2I1Y2EwNzQxMjQzNDY5MGIyZTQ1OGViYmJhNTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2e6itSmlBzpRjbCOELdJAO9tu3fc
LiAa3O6lMLujQTC3EvxliRnG/xd/DfK+5dAM5tgzpfG76h753vDc7NwNFhIOOlDA
5N1Q8H8wyGIVqnGq+EhB97L3kjJljpGR6i2V5mV2xQeplVFlsISye1cIxeaMlNkY
vernGQHJl93SDDeqVH4e4FHLPj4/M0XcFXudi6fv5YSsMtmpXvoIxRf/4tHRkv5x
4XfIJLBXvz6iUo9QnJ+ocI+J64YcqIX3xxCr38C2LBkrQqGDIZGEqHHtyntUWuMx
fDVQjaQ51fZisLVOTdTVCig6CrRK3ZCWB+1DzjePAj3LwIT2SKa/EEvffwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOijNkktO1ygdBJDRpCy5Fjru6VqMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvNktNMlNTMDdYS0IwRWtOR2tMTGtXT3U3cFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9i8MA0G
CSqGSIb3DQEBCwUAA4IBAQCWIeczS6fjHByWYJC6EQf4TecYJRCtXbIaMELivaV0
cqjwIeWvVQm9p0QmK3FRJRrnRIm8oIPWWdBAV4kNDVFT7NWlxvYBkCT0TAMipuWL
d40nReF/92VYzxLqZbuHlZW+8aoARgi951/+j4h2UZ2EcfrZOF6O8zRiK6b7QY8W
/OGKn6OAhrmXJ7KT1ogr2QYmupaNQTuCai5tCmuZAKO4DdeQ/VtbuRrsRdKeWxh5
UKaKUt5JG8mYdAmmMKva0fUbQ0CoDGy7kZA4SjdRDbzwXyNfyJuX/dFIgy7Pc3oa
6MujlgX6oRGPS/oaEpKsI2YH69fWV9IKyu1LYNQLPGnF
-----END CERTIFICATE-----