Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/6SPF9wUKHrZ6dX8XvKxjnVR5gSs.roa
File:                     6SPF9wUKHrZ6dX8XvKxjnVR5gSs.roa (raw, json)
Hash identifier:          fkqYDZXkVkcORjtoFgL9LCKCeNFqQJ4NJn9PSDeEfBQ=
Subject key identifier:   E9:23:C5:F7:05:0A:1E:B6:7A:75:7F:17:BC:AC:63:9D:54:79:81:2B
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0198717F0EEF16AF9AB18E0C6631480C4395
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/6SPF9wUKHrZ6dX8XvKxjnVR5gSs.roa
Signing time:             Sun 03 Aug 2025 19:53:29 +0000
ROA not before:           Sun 03 Aug 2025 19:53:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137897
IP address blocks:        45.65.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:71:7f:0e:ef:16:af:9a:b1:8e:0c:66:31:48:0c:43:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Aug  3 19:53:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e923c5f7050a1eb67a757f17bcac639d5479812b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0c:c4:73:56:9e:f3:5e:9b:56:8f:37:e0:6d:
                    83:a1:40:95:46:db:b8:6e:9c:94:3f:00:6e:8e:00:
                    dd:25:f1:7d:6d:9e:9e:4b:7f:bd:a7:d9:c1:3c:45:
                    3e:7b:64:64:05:5a:86:e6:6f:a3:1e:86:2e:1d:db:
                    77:80:06:f9:9e:5e:a7:99:c0:b5:78:59:83:1f:aa:
                    9f:18:dc:03:69:d5:1e:b9:a5:f3:88:14:de:89:02:
                    fb:c1:30:5b:b5:ad:7e:01:46:0f:28:d9:f5:8d:4a:
                    5d:bc:b9:1c:c6:5e:eb:eb:a1:c7:dc:da:b4:ec:c3:
                    f4:cf:bf:75:30:6f:3a:0a:94:f5:0b:4a:c3:df:a7:
                    b2:c3:9b:f9:ec:c2:2d:8b:e5:87:80:05:24:98:90:
                    89:18:b4:72:70:68:4d:a2:f4:f8:bd:14:c2:cb:9d:
                    c4:12:dd:48:13:cc:77:79:7a:a7:2a:21:bc:87:e9:
                    68:8b:87:3a:78:81:e4:61:ff:2d:24:56:7c:0c:1f:
                    b2:14:0c:c8:20:8f:5e:bd:59:d3:9d:ec:f3:28:eb:
                    d9:28:cf:eb:c0:a8:a4:01:6e:58:fd:5d:4e:f2:c4:
                    73:ad:16:61:27:6f:b7:0c:0c:0f:73:79:a5:e8:b3:
                    da:94:3a:c3:7b:8a:28:bd:3a:a5:d6:fc:06:8f:57:
                    5f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:23:C5:F7:05:0A:1E:B6:7A:75:7F:17:BC:AC:63:9D:54:79:81:2B
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/6SPF9wUKHrZ6dX8XvKxjnVR5gSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:77:7d:c6:a6:34:40:6b:2c:c7:a3:f5:3a:e7:43:77:0c:53:
         32:41:a1:cc:e8:b6:61:f0:d6:39:df:9e:ac:ab:8c:fc:0d:a2:
         28:1d:41:0b:43:1f:af:4e:f2:38:1a:4c:5f:1c:8b:02:dc:1b:
         26:a5:df:0e:36:72:7d:bc:fb:46:14:09:2a:b0:ea:7f:fa:cd:
         1b:0b:39:e0:de:da:a5:5b:54:23:b0:d9:4f:06:7e:5b:78:f2:
         51:0e:04:f2:bb:ba:09:f7:cf:9c:7a:b6:e5:f6:71:4b:85:90:
         04:ce:7b:89:70:27:df:4e:dd:17:45:76:76:27:16:a5:ab:8d:
         86:71:8e:a5:c0:7e:37:a3:01:6b:15:89:ca:fa:e3:7e:19:18:
         9a:ce:3b:cd:fb:50:57:86:70:32:43:30:06:dd:b6:7a:aa:98:
         20:92:88:74:91:c7:bd:76:0c:90:2e:5c:05:e4:63:35:ae:65:
         3b:69:70:dd:b9:4f:8f:2f:a3:69:e7:46:2e:e9:11:f0:42:8c:
         2f:9c:a5:cc:4a:d2:bc:19:1b:f5:c2:d0:d0:61:72:ef:9a:cb:
         82:3d:12:05:18:6c:ea:e6:fb:ba:51:08:31:64:94:14:d7:d4:
         9d:b2:69:b2:30:cc:5e:81:5e:90:44:eb:a9:d3:34:19:ca:18:
         fe:de:67:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhxfw7vFq+asY4MZjFIDEOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwODAzMTk1MzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTIzYzVmNzA1MGExZWI2N2E3NTdmMTdiY2FjNjM5ZDU0Nzk4MTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gzEc1ae816bVo834G2DoUCVRtu4
bpyUPwBujgDdJfF9bZ6eS3+9p9nBPEU+e2RkBVqG5m+jHoYuHdt3gAb5nl6nmcC1
eFmDH6qfGNwDadUeuaXziBTeiQL7wTBbta1+AUYPKNn1jUpdvLkcxl7r66HH3Nq0
7MP0z791MG86CpT1C0rD36eyw5v57MIti+WHgAUkmJCJGLRycGhNovT4vRTCy53E
Et1IE8x3eXqnKiG8h+loi4c6eIHkYf8tJFZ8DB+yFAzIII9evVnTnezzKOvZKM/r
wKikAW5Y/V1O8sRzrRZhJ2+3DAwPc3ml6LPalDrDe4oovTql1vwGj1dfpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkjxfcFCh62enV/F7ysY51UeYErMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvNlNQRjl3VUtIclo2ZFg4WHZLeGpuVlI1Z1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUFxMA0G
CSqGSIb3DQEBCwUAA4IBAQBVd33GpjRAayzHo/U650N3DFMyQaHM6LZh8NY5356s
q4z8DaIoHUELQx+vTvI4GkxfHIsC3Bsmpd8ONnJ9vPtGFAkqsOp/+s0bCzng3tql
W1QjsNlPBn5bePJRDgTyu7oJ98+cerbl9nFLhZAEznuJcCffTt0XRXZ2Jxalq42G
cY6lwH43owFrFYnK+uN+GRiazjvN+1BXhnAyQzAG3bZ6qpggkoh0kce9dgyQLlwF
5GM1rmU7aXDduU+PL6Np50Yu6RHwQowvnKXMStK8GRv1wtDQYXLvmsuCPRIFGGzq
5vu6UQgxZJQU19SdsmmyMMxegV6QROup0zQZyhj+3mdz
-----END CERTIFICATE-----