Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/6IiDiISjYrNpR4mQkAdEju6JQSY.roa
File:                     6IiDiISjYrNpR4mQkAdEju6JQSY.roa (raw, json)
Hash identifier:          Cnl7r+OgkvrIBS1Qn33bZFCdLCcP2h9Q8sTKzfG52Tc=
Subject key identifier:   E8:88:83:88:84:A3:62:B3:69:47:89:90:90:07:44:8E:EE:89:41:26
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01963EB32718F18901795F27BC472D610088
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/6IiDiISjYrNpR4mQkAdEju6JQSY.roa
Signing time:             Wed 16 Apr 2025 13:04:10 +0000
ROA not before:           Wed 16 Apr 2025 13:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.121.43.0/24 maxlen: 24
                          185.47.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 07:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:b3:27:18:f1:89:01:79:5f:27:bc:47:2d:61:00:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 16 13:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e888838884a362b3694789909007448eee894126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:51:b2:cd:78:80:79:8c:10:d3:da:21:c1:13:
                    dd:f9:f3:7d:cd:7b:23:b0:57:3d:91:76:45:01:32:
                    08:75:e8:53:2a:d9:98:9e:e1:ec:9b:cc:dd:b6:f9:
                    73:cb:9b:cb:3f:26:70:61:bd:c5:a3:97:e1:33:e3:
                    61:c2:ba:e0:51:b0:4a:3f:65:a3:3c:80:20:9b:83:
                    0c:e5:c7:f5:74:b4:1d:e2:83:2d:91:ab:ea:56:3a:
                    f2:3c:15:50:6c:f7:89:b6:50:8d:e4:2d:01:b4:cd:
                    70:f8:63:ba:e0:c4:f1:f9:9f:a9:4a:63:a2:97:76:
                    9a:0d:cd:4d:ce:a0:24:36:ae:41:1f:96:fc:76:e4:
                    3f:2d:59:80:95:e9:7a:2e:e1:67:11:7b:58:fd:5f:
                    bd:b9:cd:db:80:8c:1f:09:c1:9a:0b:6c:13:5a:d6:
                    34:b5:92:ef:15:ac:40:6a:c3:b8:96:06:fe:2c:74:
                    da:58:c5:c4:b2:bb:38:10:8b:a7:3f:64:2e:dd:23:
                    4f:0d:be:8c:bd:2e:11:c4:4d:8f:40:df:9a:af:82:
                    3f:cf:bd:90:70:cf:01:d8:36:c2:1a:b4:76:79:55:
                    c7:bd:37:10:67:36:29:8c:12:91:bc:c5:af:e4:7b:
                    33:50:65:7c:d3:a6:ab:8e:66:9f:10:fd:5b:a7:e0:
                    08:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:88:83:88:84:A3:62:B3:69:47:89:90:90:07:44:8E:EE:89:41:26
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/6IiDiISjYrNpR4mQkAdEju6JQSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.43.0/24
                  185.47.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:d6:86:32:e6:26:b5:bb:71:f0:14:b1:ba:ef:3a:79:81:ca:
         60:08:a8:bf:81:cf:be:fe:35:2b:94:24:91:b7:b9:f0:6b:b7:
         37:5e:df:2e:f5:af:c4:58:01:03:fc:c1:e6:a2:88:7c:ad:7a:
         9e:1b:0a:ed:a9:7c:33:14:48:3b:da:4e:79:fc:aa:08:e9:7c:
         0f:93:68:07:ea:a6:3f:61:ec:25:b2:52:23:61:35:98:43:82:
         99:1e:6d:f7:ee:cf:8f:77:66:4f:12:98:29:74:10:06:de:aa:
         43:b3:c2:f0:1f:ee:55:ff:c9:8a:1e:08:11:10:b0:ca:08:f3:
         f1:7e:08:8a:e8:ec:40:8b:ef:bb:fc:5b:07:11:73:d4:3e:49:
         04:cd:f7:6a:ce:a2:2e:ad:12:63:cb:ab:2b:ea:1f:3d:0e:7d:
         cb:9f:7f:ff:29:31:d0:49:8e:37:2c:ab:49:37:20:96:fa:2d:
         28:50:e5:64:ea:fc:c2:ac:a2:59:40:1d:55:c9:3a:38:b3:cb:
         01:e7:48:34:50:31:e7:65:b5:70:6b:5e:e1:b2:ea:cb:0a:d5:
         d9:fb:c7:38:8f:84:a3:fa:64:cc:a2:07:44:8d:b5:6f:d4:ab:
         a0:39:24:2b:f9:48:a1:71:13:54:a6:ed:11:d9:09:df:a1:a7:
         ef:1d:bf:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZY+sycY8YkBeV8nvEctYQCIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwNDE2MTMwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODg4ODM4ODg0YTM2MmIzNjk0Nzg5OTA5MDA3NDQ4ZWVlODk0MTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VGyzXiAeYwQ09ohwRPd+fN9zXsj
sFc9kXZFATIIdehTKtmYnuHsm8zdtvlzy5vLPyZwYb3Fo5fhM+NhwrrgUbBKP2Wj
PIAgm4MM5cf1dLQd4oMtkavqVjryPBVQbPeJtlCN5C0BtM1w+GO64MTx+Z+pSmOi
l3aaDc1NzqAkNq5BH5b8duQ/LVmAlel6LuFnEXtY/V+9uc3bgIwfCcGaC2wTWtY0
tZLvFaxAasO4lgb+LHTaWMXEsrs4EIunP2Qu3SNPDb6MvS4RxE2PQN+ar4I/z72Q
cM8B2DbCGrR2eVXHvTcQZzYpjBKRvMWv5HszUGV806arjmafEP1bp+AIOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOiIg4iEo2KzaUeJkJAHRI7uiUEmMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvNklpRGlJU2pZck5wUjRtUWtBZEVqdTZKUVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXkrAwQA
uS9bMA0GCSqGSIb3DQEBCwUAA4IBAQBO1oYy5ia1u3HwFLG67zp5gcpgCKi/gc++
/jUrlCSRt7nwa7c3Xt8u9a/EWAED/MHmooh8rXqeGwrtqXwzFEg72k55/KoI6XwP
k2gH6qY/YewlslIjYTWYQ4KZHm337s+Pd2ZPEpgpdBAG3qpDs8LwH+5V/8mKHggR
ELDKCPPxfgiK6OxAi++7/FsHEXPUPkkEzfdqzqIurRJjy6sr6h89Dn3Ln3//KTHQ
SY43LKtJNyCW+i0oUOVk6vzCrKJZQB1VyTo4s8sB50g0UDHnZbVwa17hsurLCtXZ
+8c4j4Sj+mTMogdEjbVv1KugOSQr+UihcRNUpu0R2QnfoafvHb8V
-----END CERTIFICATE-----