Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/6zk8_DRg4lEqXSy6GVgRU_POm9U.roa
File:                     6zk8_DRg4lEqXSy6GVgRU_POm9U.roa (raw, json)
Hash identifier:          MbsHeRe8DVCGekkP3Lc9NDzV9O6h7rI6bVqPaszFcnw=
Subject key identifier:   EB:39:3C:FC:34:60:E2:51:2A:5D:2C:BA:19:58:11:53:F3:CE:9B:D5
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0195B4EFCF6484964BE1EFDC8171D3342977
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/6zk8_DRg4lEqXSy6GVgRU_POm9U.roa
Signing time:             Thu 20 Mar 2025 19:02:49 +0000
ROA not before:           Thu 20 Mar 2025 19:02:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210135
IP address blocks:        45.135.166.0/24 maxlen: 24
                          92.63.188.0/24 maxlen: 24
                          193.32.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b4:ef:cf:64:84:96:4b:e1:ef:dc:81:71:d3:34:29:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Mar 20 19:02:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb393cfc3460e2512a5d2cba19581153f3ce9bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f7:94:9a:1a:49:a7:fa:c4:7f:92:3a:4b:08:
                    77:1c:2d:99:3d:77:84:58:3f:4c:57:20:e8:48:bc:
                    f8:fc:7f:10:5d:b7:e1:2a:ed:a2:db:f7:cb:24:dc:
                    06:cb:20:df:13:7b:24:36:2e:f2:8e:a8:4c:5f:09:
                    4f:44:9c:4e:28:32:68:c9:1b:3c:ca:85:bd:3d:d2:
                    d3:47:4f:38:3d:da:bc:71:3f:58:87:89:fe:a6:1b:
                    52:bc:6c:76:f2:a0:b1:de:7f:15:26:5f:cc:68:cf:
                    d8:15:82:83:06:5c:f9:7a:41:75:b6:5c:46:5f:3f:
                    15:9a:55:e6:97:b8:2f:58:96:4a:c9:15:fe:4e:32:
                    0d:8f:6b:70:e2:d5:99:df:00:82:fe:49:25:df:08:
                    00:01:66:7a:68:76:c3:95:1b:5a:32:9c:a5:b7:74:
                    07:6a:bb:28:d1:fd:1e:2e:cc:59:a8:54:81:20:0a:
                    62:0a:a9:e9:72:bf:82:ec:91:7c:3b:64:6c:29:8a:
                    b3:16:e4:9a:14:19:c2:75:76:b7:39:77:07:df:ef:
                    f4:57:19:9a:e4:24:93:f3:a7:30:d6:a6:9d:b8:f6:
                    a0:56:a0:21:36:e2:cf:0a:6a:54:69:38:d5:04:61:
                    39:22:8b:67:87:94:94:e7:c4:e8:20:a3:a6:c7:1a:
                    e0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:39:3C:FC:34:60:E2:51:2A:5D:2C:BA:19:58:11:53:F3:CE:9B:D5
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/6zk8_DRg4lEqXSy6GVgRU_POm9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.166.0/24
                  92.63.188.0/24
                  193.32.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:69:70:1d:80:15:47:34:33:95:d9:82:11:4e:ce:3f:22:1e:
         78:9c:0a:d6:ff:54:9a:82:3f:79:0c:64:5f:c9:2f:f6:b8:33:
         6e:a8:75:5f:2a:a0:06:6c:4e:08:c9:9f:cc:b0:1e:de:80:ac:
         93:4b:9b:86:9c:af:6f:68:09:de:a5:80:4e:cf:db:bc:81:45:
         06:53:c4:4b:93:92:34:7f:a8:0d:25:01:c0:ef:9f:88:8e:15:
         65:2c:fa:10:62:36:9f:88:a8:14:83:e2:dc:90:59:2b:ea:14:
         06:98:9b:79:1f:0b:4b:eb:56:05:d6:1a:4b:53:23:49:b2:c5:
         66:88:fe:6a:3c:0c:6b:a5:58:1d:34:35:89:93:c4:07:c1:d5:
         c0:64:d5:48:97:3e:42:d7:41:99:25:f5:6f:77:41:4a:03:3f:
         8a:5f:e5:d5:f2:d3:1a:2d:2e:26:f7:b0:90:ca:ed:02:f9:f4:
         a6:c3:f8:d9:7f:64:bb:7c:49:38:3d:14:a0:17:99:1c:4d:5d:
         6d:32:34:e9:98:65:bc:1d:61:a9:3c:da:0b:fb:19:8a:91:04:
         ed:37:b7:c1:34:d9:b1:5a:d7:37:ec:e3:1c:07:c3:35:2c:53:
         d6:c2:30:0f:c4:a8:bf:90:38:1a:ea:1c:eb:b6:16:c1:63:79:
         54:c8:7c:37
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZW0789khJZL4e/cgXHTNCl3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMzIwMTkwMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjM5M2NmYzM0NjBlMjUxMmE1ZDJjYmExOTU4MTE1M2YzY2U5YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2feUmhpJp/rEf5I6Swh3HC2ZPXeE
WD9MVyDoSLz4/H8QXbfhKu2i2/fLJNwGyyDfE3skNi7yjqhMXwlPRJxOKDJoyRs8
yoW9PdLTR084Pdq8cT9Yh4n+phtSvGx28qCx3n8VJl/MaM/YFYKDBlz5ekF1tlxG
Xz8VmlXml7gvWJZKyRX+TjINj2tw4tWZ3wCC/kkl3wgAAWZ6aHbDlRtaMpylt3QH
arso0f0eLsxZqFSBIApiCqnpcr+C7JF8O2RsKYqzFuSaFBnCdXa3OXcH3+/0Vxma
5CST86cw1qaduPagVqAhNuLPCmpUaTjVBGE5Iotnh5SU58ToIKOmxxrghQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOs5PPw0YOJRKl0suhlYEVPzzpvVMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvNnprOF9EUmc0bEVxWFN5NkdWZ1JVX1BPbTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYemAwQA
XD+8AwQAwSC9MA0GCSqGSIb3DQEBCwUAA4IBAQBUaXAdgBVHNDOV2YIRTs4/Ih54
nArW/1Sagj95DGRfyS/2uDNuqHVfKqAGbE4IyZ/MsB7egKyTS5uGnK9vaAnepYBO
z9u8gUUGU8RLk5I0f6gNJQHA75+IjhVlLPoQYjafiKgUg+LckFkr6hQGmJt5HwtL
61YF1hpLUyNJssVmiP5qPAxrpVgdNDWJk8QHwdXAZNVIlz5C10GZJfVvd0FKAz+K
X+XV8tMaLS4m97CQyu0C+fSmw/jZf2S7fEk4PRSgF5kcTV1tMjTpmGW8HWGpPNoL
+xmKkQTtN7fBNNmxWtc37OMcB8M1LFPWwjAPxKi/kDga6hzrthbBY3lUyHw3
-----END CERTIFICATE-----