Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/6Q2HcS2RcDd9Dr_MYHyibugbWc0.roa
File:                     6Q2HcS2RcDd9Dr_MYHyibugbWc0.roa (raw, json)
Hash identifier:          +al/CVwN5+E5qhE2z1hKzqr2S4yV6SQ/qbFlSTBTEk8=
Subject key identifier:   E9:0D:87:71:2D:91:70:37:7D:0E:BF:CC:60:7C:A2:6E:E8:1B:59:CD
Certificate issuer:       /CN=845de8732b1017138f87032b70fa3b7b8776ef71
Certificate serial:       01976959209916FDB2FCEE19E47BF6CBD6D9
Authority key identifier: 84:5D:E8:73:2B:10:17:13:8F:87:03:2B:70:FA:3B:7B:87:76:EF:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hF3ocysQFxOPhwMrcPo7e4d273E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/6Q2HcS2RcDd9Dr_MYHyibugbWc0.roa
Signing time:             Fri 13 Jun 2025 12:52:18 +0000
ROA not before:           Fri 13 Jun 2025 12:52:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        195.200.94.0/23 maxlen: 24
                          195.200.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/hF3ocysQFxOPhwMrcPo7e4d273E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/hF3ocysQFxOPhwMrcPo7e4d273E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hF3ocysQFxOPhwMrcPo7e4d273E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 09:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:69:59:20:99:16:fd:b2:fc:ee:19:e4:7b:f6:cb:d6:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=845de8732b1017138f87032b70fa3b7b8776ef71
        Validity
            Not Before: Jun 13 12:52:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e90d87712d9170377d0ebfcc607ca26ee81b59cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:8e:67:be:f4:2a:e1:ce:6f:b4:c2:b4:7d:e2:
                    ae:62:17:67:d6:a4:d7:0b:43:91:c2:2d:8d:ad:a9:
                    5c:2b:58:31:5d:a7:b8:b5:1a:b7:77:e3:e8:79:f6:
                    03:e3:de:e2:49:d2:0c:19:e8:c5:7a:6f:bb:d4:da:
                    ee:ad:a2:28:f1:e0:e5:cb:e0:c9:e7:ae:b9:9e:2e:
                    ac:0f:cd:d7:f1:1c:1c:e6:6e:ae:fc:54:ec:f1:11:
                    00:2c:6a:4a:9d:ad:7b:99:08:34:21:61:2a:3a:37:
                    a0:61:33:0f:f8:dc:f2:f7:0c:2d:73:d0:75:6b:71:
                    eb:0e:da:90:4c:4f:e5:2c:a9:ae:b5:78:81:27:52:
                    55:92:3b:34:2b:21:a7:2f:b8:81:2c:71:c5:cf:82:
                    e7:d6:3f:4e:46:04:6d:51:ac:01:9b:9d:fa:ba:18:
                    df:2b:a1:f3:ec:93:cf:1b:57:5c:01:c2:b7:c4:bd:
                    17:a2:49:48:9c:99:ef:66:6a:18:99:b6:09:d1:4c:
                    90:4c:47:ea:44:fe:3f:03:97:e7:14:3c:9b:a2:0b:
                    d6:33:18:e4:a4:af:16:b1:37:c4:e3:00:94:66:0e:
                    ad:78:aa:9a:57:36:e5:4d:07:7d:b7:24:d8:85:82:
                    95:cc:e5:90:90:9b:9d:81:95:d3:1e:e9:6e:d0:ba:
                    27:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:0D:87:71:2D:91:70:37:7D:0E:BF:CC:60:7C:A2:6E:E8:1B:59:CD
            X509v3 Authority Key Identifier:
                keyid:84:5D:E8:73:2B:10:17:13:8F:87:03:2B:70:FA:3B:7B:87:76:EF:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hF3ocysQFxOPhwMrcPo7e4d273E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/6Q2HcS2RcDd9Dr_MYHyibugbWc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/hF3ocysQFxOPhwMrcPo7e4d273E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:6b:3b:ee:11:c2:e1:d4:46:97:3a:d6:5d:10:d6:2e:bf:1f:
         8c:55:07:94:24:96:6b:16:19:67:98:fa:b1:7b:52:0c:72:5c:
         2c:cb:55:a0:75:af:50:d2:81:4a:98:69:33:13:db:51:8d:ed:
         52:d1:bf:f1:74:96:a8:d3:8f:ea:f8:76:53:07:ae:15:fb:32:
         2e:e8:3a:15:91:29:83:90:97:73:c7:fb:04:2a:58:25:00:ff:
         ec:18:23:5d:18:31:22:7a:d5:c0:67:8a:b9:bd:d8:cd:3a:4c:
         94:ac:20:4a:ec:bc:2a:07:02:21:a0:35:6b:e0:30:fe:42:00:
         46:cf:0b:0d:a4:e1:60:92:bc:d8:35:07:89:51:85:ef:62:f2:
         ff:b0:44:0d:76:8c:ba:62:0a:5d:f5:c2:62:13:fb:c0:bf:ec:
         e8:e6:5d:02:84:37:45:db:90:8d:b5:25:fd:05:99:04:e2:64:
         16:71:77:ad:61:0e:9c:fa:5c:43:11:9c:d3:ad:ce:2a:ea:b4:
         27:25:0a:b8:c3:6f:0d:96:92:b7:8b:36:e9:a8:e6:16:13:1b:
         d1:ce:34:f0:73:a4:f3:f1:c6:b7:bf:80:c0:5b:c4:e2:24:4f:
         3f:7b:ff:83:50:03:67:0d:7f:d0:77:5b:e2:f9:57:a4:d7:d9:
         f3:d8:21:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdpWSCZFv2y/O4Z5Hv2y9bZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWRlODczMmIxMDE3MTM4Zjg3MDMyYjcwZmEzYjdiODc3
NmVmNzEwHhcNMjUwNjEzMTI1MjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTBkODc3MTJkOTE3MDM3N2QwZWJmY2M2MDdjYTI2ZWU4MWI1OWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Y5nvvQq4c5vtMK0feKuYhdn1qTX
C0ORwi2NralcK1gxXae4tRq3d+PoefYD497iSdIMGejFem+71NruraIo8eDly+DJ
5665ni6sD83X8Rwc5m6u/FTs8REALGpKna17mQg0IWEqOjegYTMP+Nzy9wwtc9B1
a3HrDtqQTE/lLKmutXiBJ1JVkjs0KyGnL7iBLHHFz4Ln1j9ORgRtUawBm536uhjf
K6Hz7JPPG1dcAcK3xL0XoklInJnvZmoYmbYJ0UyQTEfqRP4/A5fnFDybogvWMxjk
pK8WsTfE4wCUZg6teKqaVzblTQd9tyTYhYKVzOWQkJudgZXTHulu0Lon3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkNh3EtkXA3fQ6/zGB8om7oG1nNMB8GA1UdIwQY
MBaAFIRd6HMrEBcTj4cDK3D6O3uHdu9xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEYzb2N5c1FGeE9QaHdNcmNQbzdlNGQyNzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85YWZiMzMtZTBhYS00OTNiLWE0NmQt
YTg4NWZiNDBkOTBkLzEvNlEySGNTMlJjRGQ5RHJfTVlIeWlidWdiV2MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85YWZiMzMtZTBhYS00OTNiLWE0NmQtYTg4NWZiNDBkOTBk
LzEvaEYzb2N5c1FGeE9QaHdNcmNQbzdlNGQyNzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw8heMA0G
CSqGSIb3DQEBCwUAA4IBAQBdazvuEcLh1EaXOtZdENYuvx+MVQeUJJZrFhlnmPqx
e1IMclwsy1Wgda9Q0oFKmGkzE9tRje1S0b/xdJao04/q+HZTB64V+zIu6DoVkSmD
kJdzx/sEKlglAP/sGCNdGDEietXAZ4q5vdjNOkyUrCBK7LwqBwIhoDVr4DD+QgBG
zwsNpOFgkrzYNQeJUYXvYvL/sEQNdoy6Ygpd9cJiE/vAv+zo5l0ChDdF25CNtSX9
BZkE4mQWcXetYQ6c+lxDEZzTrc4q6rQnJQq4w28NlpK3izbpqOYWExvRzjTwc6Tz
8ca3v4DAW8TiJE8/e/+DUANnDX/Qd1vi+Vek19nz2CFG
-----END CERTIFICATE-----