Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/6p9AkcbnlE4Z8IbJhSYYYojDJrg.roa
File:                     6p9AkcbnlE4Z8IbJhSYYYojDJrg.roa (raw, json)
Hash identifier:          SKcAYEFRxxbeCI1HsQW06reRx+d5nEWDWPFTqTMItNM=
Subject key identifier:   EA:9F:40:91:C6:E7:94:4E:19:F0:86:C9:85:26:18:62:88:C3:26:B8
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       019788515E205884595296DA163F5B382E37
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/6p9AkcbnlE4Z8IbJhSYYYojDJrg.roa
Signing time:             Thu 19 Jun 2025 13:12:03 +0000
ROA not before:           Thu 19 Jun 2025 13:12:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44547
IP address blocks:        80.208.221.0/24 maxlen: 24
                          185.174.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 07:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:51:5e:20:58:84:59:52:96:da:16:3f:5b:38:2e:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Jun 19 13:12:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea9f4091c6e7944e19f086c98526186288c326b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:41:d7:39:8f:50:bc:68:84:d5:da:94:0b:43:
                    c0:4d:b8:62:30:ab:e3:14:91:cc:be:4e:32:c1:9a:
                    98:3f:d3:c3:36:ba:16:da:57:cd:73:b6:9a:68:bf:
                    6c:8e:e6:3f:43:1c:36:5e:2c:3d:af:f8:10:80:e5:
                    2b:7c:68:8a:6f:3a:2b:ef:1c:04:5f:6e:f7:e7:16:
                    2c:ba:8e:c4:a5:36:f3:38:64:4b:ee:1a:3a:c4:83:
                    75:d5:0e:60:97:ee:22:c6:d8:8b:9a:4b:ea:0e:53:
                    c9:48:d2:ad:2e:72:25:32:e7:1f:36:b4:40:da:88:
                    4c:e0:48:b7:79:e0:70:0e:b0:4c:cb:93:28:78:84:
                    04:68:a6:17:55:86:29:75:1d:5b:2b:ac:66:d2:06:
                    cb:78:be:55:43:1f:5b:35:7f:dc:32:bf:77:a2:eb:
                    f6:36:3a:d5:26:0d:f4:92:fd:17:e4:19:17:b7:ec:
                    17:22:cd:df:44:b2:1b:6f:5a:c7:00:77:40:2d:d7:
                    71:14:67:86:8d:ba:7e:b4:ad:50:e3:40:0a:58:03:
                    04:dc:4f:70:45:bd:16:72:1d:26:3c:cd:e5:8c:7e:
                    5a:2c:fc:d3:29:b3:37:c2:c6:c8:a9:3b:c1:93:57:
                    65:c5:7f:34:9e:17:1a:85:c8:2a:78:2b:c6:62:e0:
                    68:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:9F:40:91:C6:E7:94:4E:19:F0:86:C9:85:26:18:62:88:C3:26:B8
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/6p9AkcbnlE4Z8IbJhSYYYojDJrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.208.221.0/24
                  185.174.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:79:09:52:de:0c:cb:8d:03:e6:01:f9:4a:88:1c:2b:bd:7d:
         71:44:ac:55:72:8f:7a:04:ee:e2:14:70:cb:0f:12:e4:2f:f7:
         88:3d:ca:c6:d6:7a:5c:68:30:93:23:f9:0c:37:b4:60:d8:18:
         70:ce:23:2b:31:2e:ef:64:12:79:69:dc:91:6f:d9:eb:8b:74:
         4b:3a:a5:76:49:15:fd:d7:e4:b3:49:69:2c:9d:ec:2c:d3:06:
         ec:b4:27:8e:e6:8f:64:3f:be:4b:3e:8b:72:51:c7:52:c0:4b:
         fe:23:7d:31:a8:6f:e8:d5:b0:36:52:9d:af:5f:0b:ac:d4:d0:
         c9:4e:76:6d:67:46:4a:1d:30:8b:be:14:06:04:52:6a:a7:bc:
         cd:25:74:19:cb:b8:77:be:35:d2:8c:94:cd:8a:b0:82:76:c6:
         25:8e:e9:e2:f4:c3:a5:ad:24:54:aa:56:d7:a5:af:66:45:dc:
         d0:aa:1e:e3:d7:86:86:a0:7e:e8:ca:26:91:0f:0f:81:ee:75:
         8a:73:c2:43:41:91:21:76:7e:2d:7a:c9:aa:87:14:f0:6d:3a:
         24:f3:a1:dc:0d:ba:cb:56:6a:82:18:00:8b:fe:53:8f:65:65:
         40:65:ad:7e:f7:a2:de:73:a0:86:06:64:99:c2:bd:ed:d7:33:
         8a:38:26:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeIUV4gWIRZUpbaFj9bOC43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjUwNjE5MTMxMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTlmNDA5MWM2ZTc5NDRlMTlmMDg2Yzk4NTI2MTg2Mjg4YzMyNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEHXOY9QvGiE1dqUC0PATbhiMKvj
FJHMvk4ywZqYP9PDNroW2lfNc7aaaL9sjuY/Qxw2Xiw9r/gQgOUrfGiKbzor7xwE
X2735xYsuo7EpTbzOGRL7ho6xIN11Q5gl+4ixtiLmkvqDlPJSNKtLnIlMucfNrRA
2ohM4Ei3eeBwDrBMy5MoeIQEaKYXVYYpdR1bK6xm0gbLeL5VQx9bNX/cMr93ouv2
NjrVJg30kv0X5BkXt+wXIs3fRLIbb1rHAHdALddxFGeGjbp+tK1Q40AKWAME3E9w
Rb0Wch0mPM3ljH5aLPzTKbM3wsbIqTvBk1dlxX80nhcahcgqeCvGYuBouQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOqfQJHG55ROGfCGyYUmGGKIwya4MB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvNnA5QWtjYm5sRTRaOEliSmhTWVlZb2pESnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUNDdAwQA
ua5GMA0GCSqGSIb3DQEBCwUAA4IBAQB2eQlS3gzLjQPmAflKiBwrvX1xRKxVco96
BO7iFHDLDxLkL/eIPcrG1npcaDCTI/kMN7Rg2BhwziMrMS7vZBJ5adyRb9nri3RL
OqV2SRX91+SzSWksnews0wbstCeO5o9kP75LPotyUcdSwEv+I30xqG/o1bA2Up2v
Xwus1NDJTnZtZ0ZKHTCLvhQGBFJqp7zNJXQZy7h3vjXSjJTNirCCdsYljuni9MOl
rSRUqlbXpa9mRdzQqh7j14aGoH7oyiaRDw+B7nWKc8JDQZEhdn4tesmqhxTwbTok
86HcDbrLVmqCGACL/lOPZWVAZa1+96Lec6CGBmSZwr3t1zOKOCbY
-----END CERTIFICATE-----