Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/b6zYeEjl67JznhuFIRxDThbDp4A.roa
File:                     b6zYeEjl67JznhuFIRxDThbDp4A.roa (raw, json)
Hash identifier:          f6N56pEzvl/vOG44ZWp29ysqFV1nObk7G8WN7kevpqI=
Subject key identifier:   6F:AC:D8:78:48:E5:EB:B2:73:9E:1B:85:21:1C:43:4E:16:C3:A7:80
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0198F5C049992580A16312E1421AD3222928
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/b6zYeEjl67JznhuFIRxDThbDp4A.roa
Signing time:             Fri 29 Aug 2025 12:14:36 +0000
ROA not before:           Fri 29 Aug 2025 12:14:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33659
IP address blocks:        95.164.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f5:c0:49:99:25:80:a1:63:12:e1:42:1a:d3:22:29:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Aug 29 12:14:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6facd87848e5ebb2739e1b85211c434e16c3a780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b9:9f:09:55:15:1a:5b:1d:60:05:2c:51:3f:
                    8e:65:50:ff:f2:c5:9c:8e:5e:02:3f:32:56:5f:67:
                    e0:a2:33:6d:c9:11:3a:fc:8b:65:85:8e:9c:b8:fd:
                    f6:77:a2:09:a0:16:13:fd:37:2c:40:74:95:46:1c:
                    82:ee:e7:63:62:78:a7:bd:61:db:03:b5:eb:a1:ee:
                    d0:b4:29:47:ef:54:05:7e:a6:2f:d2:1b:24:c9:da:
                    ff:25:6c:d6:90:3e:8e:c3:5a:73:31:f1:b0:aa:7a:
                    0b:7d:e1:72:83:4e:06:1b:c8:4f:35:f5:5a:31:45:
                    ab:8d:73:6b:c3:ac:25:ac:cb:dc:58:58:89:a0:1f:
                    36:a4:37:62:b8:0b:6a:a3:2e:cf:c8:ea:5d:b0:49:
                    68:70:ce:77:30:51:f3:7d:15:45:14:30:9f:1c:a0:
                    6f:30:84:1b:4c:64:c8:01:96:a9:52:77:f2:c6:97:
                    d4:4c:f4:5f:4c:8a:87:c2:f9:81:1d:4f:9b:8b:a7:
                    a3:39:24:24:04:14:f7:42:ab:9e:09:77:12:64:cc:
                    df:a3:be:36:d9:98:44:ed:46:1c:85:39:81:47:a0:
                    e1:6f:fe:ed:e1:be:7d:b4:d9:91:69:5b:0f:18:ff:
                    c0:e0:fb:07:31:58:47:19:b7:4f:fd:a1:18:08:3a:
                    38:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:AC:D8:78:48:E5:EB:B2:73:9E:1B:85:21:1C:43:4E:16:C3:A7:80
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/b6zYeEjl67JznhuFIRxDThbDp4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:f4:55:9e:2b:21:4d:3e:82:e4:0d:43:08:9d:81:40:24:95:
         ef:39:31:b0:e2:ed:10:fd:84:cd:0c:b7:e8:25:09:90:82:6d:
         07:50:62:be:fa:4b:0e:7a:b8:cb:75:7e:84:0e:58:92:39:32:
         13:b0:ea:76:86:65:ee:2d:e7:43:8c:02:10:39:e6:b2:c2:e9:
         96:d6:79:fd:94:f9:3f:de:ec:d7:62:37:71:ec:22:37:fe:5b:
         66:a3:45:25:8f:f7:2d:14:60:8b:97:3a:a5:c5:14:41:a2:b5:
         a4:16:f3:33:2d:02:0b:0f:df:37:23:a3:c5:91:b8:03:cf:4d:
         43:29:b6:4c:c4:91:68:34:b3:94:a9:00:a1:07:60:07:90:6c:
         af:e4:7e:bc:0f:a2:8f:8e:28:89:c2:a1:3a:c1:7c:4c:00:d6:
         df:2c:de:33:4e:a7:68:81:45:1d:ff:4f:c9:aa:57:20:6b:86:
         0e:b9:d7:13:a4:19:38:92:49:60:a9:05:6d:e4:32:00:f0:aa:
         fe:9c:c7:0a:e4:41:9f:53:1b:fd:21:27:5d:37:da:c9:fe:35:
         cd:28:fe:71:0f:4d:1c:2e:88:f6:1b:8d:09:ff:6e:2c:82:68:
         5b:69:89:c9:c7:06:8a:e2:9f:a3:57:d2:ff:e5:d7:92:15:10:
         ad:b5:b2:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj1wEmZJYChYxLhQhrTIikoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwODI5MTIxNDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmFjZDg3ODQ4ZTVlYmIyNzM5ZTFiODUyMTFjNDM0ZTE2YzNhNzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7mfCVUVGlsdYAUsUT+OZVD/8sWc
jl4CPzJWX2fgojNtyRE6/ItlhY6cuP32d6IJoBYT/TcsQHSVRhyC7udjYninvWHb
A7Xroe7QtClH71QFfqYv0hskydr/JWzWkD6Ow1pzMfGwqnoLfeFyg04GG8hPNfVa
MUWrjXNrw6wlrMvcWFiJoB82pDdiuAtqoy7PyOpdsElocM53MFHzfRVFFDCfHKBv
MIQbTGTIAZapUnfyxpfUTPRfTIqHwvmBHU+bi6ejOSQkBBT3QqueCXcSZMzfo742
2ZhE7UYchTmBR6Dhb/7t4b59tNmRaVsPGP/A4PsHMVhHGbdP/aEYCDo44QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+s2HhI5euyc54bhSEcQ04Ww6eAMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvYjZ6WWVFamw2N0p6bmh1RklSeERUaGJEcDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6TgMA0G
CSqGSIb3DQEBCwUAA4IBAQCI9FWeKyFNPoLkDUMInYFAJJXvOTGw4u0Q/YTNDLfo
JQmQgm0HUGK++ksOerjLdX6EDliSOTITsOp2hmXuLedDjAIQOeaywumW1nn9lPk/
3uzXYjdx7CI3/ltmo0Ulj/ctFGCLlzqlxRRBorWkFvMzLQILD983I6PFkbgDz01D
KbZMxJFoNLOUqQChB2AHkGyv5H68D6KPjiiJwqE6wXxMANbfLN4zTqdogUUd/0/J
qlcga4YOudcTpBk4kklgqQVt5DIA8Kr+nMcK5EGfUxv9ISddN9rJ/jXNKP5xD00c
Loj2G40J/24sgmhbaYnJxwaK4p+jV9L/5deSFRCttbKV
-----END CERTIFICATE-----