Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/6RhijCrUMAA0YAy47aRUGPLJLHM.roa
File:                     6RhijCrUMAA0YAy47aRUGPLJLHM.roa (raw, json)
Hash identifier:          Z5Yb4CruflEJZfLyiMoJmVrUjlVGKIiNUelbHAtWKSA=
Subject key identifier:   E9:18:62:8C:2A:D4:30:00:34:60:0C:B8:ED:A4:54:18:F2:C9:2C:73
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F8C63901348CD0A6569CF27B7BA2E
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/6RhijCrUMAA0YAy47aRUGPLJLHM.roa
Signing time:             Thu 02 Jan 2025 05:49:12 +0000
ROA not before:           Thu 02 Jan 2025 05:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47204
IP address blocks:        81.25.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8c:63:90:13:48:cd:0a:65:69:cf:27:b7:ba:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e918628c2ad4300034600cb8eda45418f2c92c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:34:fa:98:80:66:ff:8a:43:f9:cc:32:04:0c:
                    8f:67:63:23:00:dd:42:ca:27:26:e1:52:ed:7d:bc:
                    fb:09:13:63:e8:f5:a0:c9:c2:ce:62:30:e1:98:fb:
                    12:c5:ac:a0:b7:b8:07:af:4a:b2:05:6f:fa:bd:b2:
                    49:71:00:f1:33:28:23:8c:1d:61:56:4f:50:a7:f8:
                    fe:f7:16:1b:27:05:2d:dc:98:ac:0a:df:67:f0:85:
                    15:a0:05:ac:4f:ca:ac:22:db:2b:63:f0:37:5d:b4:
                    87:1c:56:3d:61:f2:0e:6f:77:c9:7f:83:af:51:62:
                    0b:57:c2:04:0f:11:c2:98:81:e1:11:7e:dd:20:95:
                    e4:64:b0:26:10:ab:cb:6a:28:1e:4d:41:64:70:88:
                    70:73:c7:d5:ad:06:97:21:81:78:bc:d6:a5:84:81:
                    b5:66:55:71:49:68:f5:38:5d:bc:74:4d:58:9e:49:
                    84:19:e1:b7:4f:3f:da:d6:93:1e:8a:e6:ad:c2:4c:
                    65:89:d5:8f:94:78:8d:af:9e:a7:e4:1d:2e:00:35:
                    c9:16:21:bd:98:a3:30:93:1d:38:41:83:64:a0:68:
                    ba:21:76:ae:39:79:86:ba:48:97:64:1b:d1:9f:cf:
                    35:6a:4e:34:0d:d4:4a:d6:24:55:2e:c5:f6:ad:aa:
                    ce:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:18:62:8C:2A:D4:30:00:34:60:0C:B8:ED:A4:54:18:F2:C9:2C:73
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/6RhijCrUMAA0YAy47aRUGPLJLHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.25.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:6e:86:aa:a2:32:11:6f:b4:ef:6a:6e:d9:e3:17:94:7c:7c:
         5b:3d:73:7b:2d:63:9c:2b:b3:1e:95:d1:b0:f5:08:cf:01:d0:
         b4:d0:21:f9:0d:d3:6b:0c:2f:2b:f1:7b:a1:83:92:8c:cd:38:
         71:c6:38:d5:e5:7e:5d:2a:44:a9:51:2e:67:1e:1e:49:9f:b7:
         f5:6a:98:85:38:3a:e4:a6:8a:ac:47:7f:ac:68:f0:70:ba:db:
         fb:ca:95:b4:08:86:75:67:ad:ac:4e:9e:03:70:a2:fa:24:9d:
         8f:71:f0:fe:2d:23:95:b5:c6:51:38:30:5b:1b:27:8f:06:39:
         9c:45:cb:72:ed:89:bb:fd:27:ad:78:0b:99:16:9a:f3:b6:13:
         e1:1b:e0:0a:3d:08:4b:9c:b9:4b:93:05:c6:5b:f7:bc:fa:72:
         17:0d:79:82:73:60:5f:97:85:e2:02:7e:06:f0:f6:d9:ea:51:
         d8:8c:17:4e:69:7b:6c:f6:87:73:a1:81:d7:8c:1c:c7:2f:e8:
         9f:10:d5:7a:0c:84:00:29:c7:94:e1:a0:de:90:2d:0e:b7:44:
         75:d2:c6:b4:29:64:0c:10:e4:75:f4:a5:6a:80:a5:68:73:2d:
         75:2e:ba:d1:69:8a:66:7c:a4:43:37:79:6c:8a:88:f0:f9:19:
         16:91:1a:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4xjkBNIzQplac8nt7ouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTE4NjI4YzJhZDQzMDAwMzQ2MDBjYjhlZGE0NTQxOGYyYzkyYzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjT6mIBm/4pD+cwyBAyPZ2MjAN1C
yicm4VLtfbz7CRNj6PWgycLOYjDhmPsSxaygt7gHr0qyBW/6vbJJcQDxMygjjB1h
Vk9Qp/j+9xYbJwUt3JisCt9n8IUVoAWsT8qsItsrY/A3XbSHHFY9YfIOb3fJf4Ov
UWILV8IEDxHCmIHhEX7dIJXkZLAmEKvLaigeTUFkcIhwc8fVrQaXIYF4vNalhIG1
ZlVxSWj1OF28dE1YnkmEGeG3Tz/a1pMeiuatwkxlidWPlHiNr56n5B0uADXJFiG9
mKMwkx04QYNkoGi6IXauOXmGukiXZBvRn881ak40DdRK1iRVLsX2rarOAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkYYowq1DAANGAMuO2kVBjyySxzMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvNlJoaWpDclVNQUEwWUF5NDdhUlVHUExKTEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURlHMA0G
CSqGSIb3DQEBCwUAA4IBAQCgboaqojIRb7Tvam7Z4xeUfHxbPXN7LWOcK7MeldGw
9QjPAdC00CH5DdNrDC8r8Xuhg5KMzThxxjjV5X5dKkSpUS5nHh5Jn7f1apiFODrk
poqsR3+saPBwutv7ypW0CIZ1Z62sTp4DcKL6JJ2PcfD+LSOVtcZRODBbGyePBjmc
Rcty7Ym7/SeteAuZFprzthPhG+AKPQhLnLlLkwXGW/e8+nIXDXmCc2Bfl4XiAn4G
8PbZ6lHYjBdOaXts9odzoYHXjBzHL+ifENV6DIQAKceU4aDekC0Ot0R10sa0KWQM
EOR19KVqgKVocy11LrrRaYpmfKRDN3lsiojw+RkWkRqE
-----END CERTIFICATE-----