Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/6ls_w5ayeosb2XRgI4pYUx6Crbk.roa
File:                     6ls_w5ayeosb2XRgI4pYUx6Crbk.roa (raw, json)
Hash identifier:          0VKAFPgFPa6CBr2ms8H6UXBaMdqvGWwTRE8Auc7C9NE=
Subject key identifier:   EA:5B:3F:C3:96:B2:7A:8B:1B:D9:74:60:23:8A:58:53:1E:82:AD:B9
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       019A2F437C009DF46544A5C79954FE7930B7
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/6ls_w5ayeosb2XRgI4pYUx6Crbk.roa
Signing time:             Wed 29 Oct 2025 09:19:03 +0000
ROA not before:           Wed 29 Oct 2025 09:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205896
IP address blocks:        84.247.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:43:7c:00:9d:f4:65:44:a5:c7:99:54:fe:79:30:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Oct 29 09:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea5b3fc396b27a8b1bd97460238a58531e82adb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:88:bc:98:a2:93:c7:a9:77:6a:e3:d0:13:4a:
                    23:c5:6d:4e:62:f6:f7:bc:1c:d1:f2:91:59:00:38:
                    a9:5a:18:1b:a7:b0:9d:5b:3e:78:bf:b7:a3:1b:56:
                    61:9c:5d:0a:0e:1a:ff:8f:81:61:48:48:09:a7:78:
                    1b:cb:16:40:3c:3b:e1:d7:fb:65:9d:d3:d5:14:19:
                    6a:6f:ba:ca:5e:6d:ef:da:d0:3a:0a:82:41:aa:4c:
                    fd:03:02:2a:1d:df:7d:eb:65:42:51:60:50:d9:b8:
                    bb:0b:93:56:69:00:3d:0e:b9:e9:fe:e6:e7:71:01:
                    bc:8e:f3:6c:2b:60:1a:05:b4:8b:8c:39:a9:11:0b:
                    81:c9:8b:43:33:28:4d:a3:4d:d2:7d:34:55:71:93:
                    69:95:6f:ca:8e:7b:42:bc:5b:9d:1a:53:ff:6e:6b:
                    84:8e:a7:49:dd:1b:be:4d:30:5d:75:e6:7c:21:e4:
                    a2:6c:53:3f:d7:b4:49:e3:bf:20:40:85:35:b3:4b:
                    64:73:7c:22:2d:38:4f:6e:5e:56:a9:73:b0:be:5b:
                    01:ec:8e:17:a6:d0:6a:f3:95:fd:c8:31:36:35:58:
                    b7:a5:ed:1d:b9:2e:23:35:11:c7:bc:d8:04:2e:cf:
                    2c:38:bc:2d:f3:9b:5e:6d:ad:14:95:69:e4:78:78:
                    c3:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:5B:3F:C3:96:B2:7A:8B:1B:D9:74:60:23:8A:58:53:1E:82:AD:B9
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/6ls_w5ayeosb2XRgI4pYUx6Crbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:00:e5:da:80:58:17:cf:de:a3:2b:3a:9f:1e:74:d5:3b:d8:
         91:43:bf:29:1f:46:ab:03:a9:3e:6a:1a:82:b8:7a:8f:3b:9b:
         52:d5:65:be:31:c7:e7:e5:3f:29:5f:62:9e:7e:24:46:af:ce:
         41:2f:8d:81:d6:ab:6f:8d:96:77:23:18:3d:f5:c9:90:e7:a3:
         96:23:ed:d4:37:6d:c0:8e:e6:5c:81:fa:8c:48:e5:d4:f8:97:
         f2:66:74:9b:d3:f1:a8:2e:15:34:b9:62:ee:ac:d3:50:41:05:
         ae:74:f3:0f:16:bf:07:f6:8a:66:1e:be:f7:38:7c:ca:f8:01:
         15:d8:a0:a3:02:2f:63:81:90:11:87:7e:5d:43:6a:34:25:06:
         f5:42:a3:b4:6b:51:80:5b:72:1d:a2:73:73:19:19:6c:84:df:
         75:27:dd:c8:4b:6b:d0:fe:04:e8:16:30:be:09:e3:b2:95:a6:
         69:b1:f9:dc:80:0e:35:7a:ed:d8:c5:d1:c4:9a:9d:f9:78:4f:
         83:0c:07:56:ae:c6:d7:68:f1:02:93:d3:80:8d:57:b8:c7:de:
         9e:56:67:8e:85:38:39:59:cf:c1:90:fb:86:a4:41:77:1a:65:
         8d:87:4a:b4:3b:16:fc:04:17:f3:9d:0b:b3:28:1e:da:5d:cf:
         50:8a:0c:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZovQ3wAnfRlRKXHmVT+eTC3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjUxMDI5MDkxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTViM2ZjMzk2YjI3YThiMWJkOTc0NjAyMzhhNTg1MzFlODJhZGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4i8mKKTx6l3auPQE0ojxW1OYvb3
vBzR8pFZADipWhgbp7CdWz54v7ejG1ZhnF0KDhr/j4FhSEgJp3gbyxZAPDvh1/tl
ndPVFBlqb7rKXm3v2tA6CoJBqkz9AwIqHd9962VCUWBQ2bi7C5NWaQA9Drnp/ubn
cQG8jvNsK2AaBbSLjDmpEQuByYtDMyhNo03SfTRVcZNplW/KjntCvFudGlP/bmuE
jqdJ3Ru+TTBddeZ8IeSibFM/17RJ478gQIU1s0tkc3wiLThPbl5WqXOwvlsB7I4X
ptBq85X9yDE2NVi3pe0duS4jNRHHvNgELs8sOLwt85teba0UlWnkeHjDTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpbP8OWsnqLG9l0YCOKWFMegq25MB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvNmxzX3c1YXllb3NiMlhSZ0k0cFlVeDZDcmJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPd5MA0G
CSqGSIb3DQEBCwUAA4IBAQAzAOXagFgXz96jKzqfHnTVO9iRQ78pH0arA6k+ahqC
uHqPO5tS1WW+Mcfn5T8pX2KefiRGr85BL42B1qtvjZZ3Ixg99cmQ56OWI+3UN23A
juZcgfqMSOXU+JfyZnSb0/GoLhU0uWLurNNQQQWudPMPFr8H9opmHr73OHzK+AEV
2KCjAi9jgZARh35dQ2o0JQb1QqO0a1GAW3IdonNzGRlshN91J93IS2vQ/gToFjC+
CeOylaZpsfncgA41eu3YxdHEmp35eE+DDAdWrsbXaPECk9OAjVe4x96eVmeOhTg5
Wc/BkPuGpEF3GmWNh0q0Oxb8BBfznQuzKB7aXc9QigwU
-----END CERTIFICATE-----