Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/B_6VAiyYERnx6Yv1Gg-DscQdqfY.roa
File:                     B_6VAiyYERnx6Yv1Gg-DscQdqfY.roa (raw, json)
Hash identifier:          WEi9PFGNu3t+eoYGNXTrrAHnwqsnZbAfuXVJZ/m89Qk=
Subject key identifier:   07:FE:95:02:2C:98:11:19:F1:E9:8B:F5:1A:0F:83:B1:C4:1D:A9:F6
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01965F05B050A412D0EFD343E75F573EF08F
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/B_6VAiyYERnx6Yv1Gg-DscQdqfY.roa
Signing time:             Tue 22 Apr 2025 19:42:10 +0000
ROA not before:           Tue 22 Apr 2025 19:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151704
IP address blocks:        85.209.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5f:05:b0:50:a4:12:d0:ef:d3:43:e7:5f:57:3e:f0:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr 22 19:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07fe95022c981119f1e98bf51a0f83b1c41da9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:36:dc:e9:b6:a4:8b:9c:96:42:ce:f3:00:fa:
                    5e:ff:55:73:71:db:38:ec:96:4d:63:cd:5c:dc:5a:
                    23:ae:0a:4d:b0:2a:55:3e:87:5b:65:04:1b:3f:b7:
                    6d:5e:7e:de:82:fd:63:c4:7b:b0:79:bd:53:91:54:
                    e6:ac:63:9d:9e:0e:57:03:e6:7e:9b:94:f5:11:86:
                    a7:3e:a1:32:9d:99:c2:02:7f:74:ff:a0:9a:80:7a:
                    a8:78:1f:c7:1a:ac:19:3d:6d:bb:d7:dc:ce:11:c3:
                    69:77:da:1d:1a:56:91:33:c2:1d:d0:59:b7:df:6e:
                    e3:20:71:fa:52:fe:23:b2:bf:f6:b7:de:48:71:9b:
                    03:bd:bc:04:29:ea:2d:0a:82:11:30:17:7e:e2:4e:
                    1b:16:18:6b:44:af:96:df:ff:40:d2:b3:48:3a:08:
                    5c:12:bd:95:54:af:de:8c:d2:e1:c0:0b:26:1a:b1:
                    30:de:5f:fe:23:b3:63:55:b7:dd:a0:af:85:bb:e7:
                    47:c3:3c:25:2d:41:54:1f:68:24:1d:b7:e8:50:ae:
                    e2:c2:fb:54:8c:86:04:d0:69:c7:66:7a:ad:f9:98:
                    bf:cc:01:b9:40:5c:6e:a9:fb:65:26:19:f3:db:ca:
                    80:4e:f4:9a:3d:f5:a0:82:ab:ae:0a:0e:65:18:8d:
                    41:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:FE:95:02:2C:98:11:19:F1:E9:8B:F5:1A:0F:83:B1:C4:1D:A9:F6
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/B_6VAiyYERnx6Yv1Gg-DscQdqfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:10:7c:97:43:7e:06:72:e2:4b:3c:8e:d9:8f:74:5a:1e:b7:
         80:b0:6f:61:3e:23:73:43:e6:d4:4b:37:20:b5:fe:25:7e:68:
         48:af:58:e5:fe:d7:53:f3:19:43:e0:f4:9b:47:86:de:2a:16:
         34:9f:3d:97:d0:8a:fb:8b:b6:12:9e:30:8e:60:2d:06:54:3a:
         41:cf:d1:0c:15:c8:48:54:15:a3:95:45:eb:c3:bc:1c:de:33:
         0b:d5:2b:26:b7:f5:22:af:e1:31:12:0f:67:d2:67:3c:61:58:
         11:a2:bb:81:79:e6:0f:bb:1a:e4:8d:54:53:a6:25:78:95:cc:
         27:1b:6b:b6:98:3f:59:0c:c2:5f:0e:c3:5b:79:d7:b6:ac:0c:
         23:b2:4f:e2:53:a6:67:40:d2:09:4e:75:be:22:32:9e:fd:b0:
         07:9e:d5:64:c9:bd:d6:af:03:7f:c8:77:66:03:d6:b8:b5:07:
         1e:3b:9b:ea:7e:db:4c:dc:ac:08:e4:b8:c2:77:dc:95:0e:87:
         a4:8f:10:3c:a4:b8:16:10:e1:b2:18:ab:d3:58:d0:61:90:56:
         f6:cc:c1:03:2f:3b:b8:57:78:13:6f:e3:48:fc:98:bc:07:82:
         26:df:52:8a:49:23:66:69:14:b7:bc:bf:85:f4:f6:16:22:b6:
         26:09:9e:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZfBbBQpBLQ79ND519XPvCPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwNDIyMTk0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2ZlOTUwMjJjOTgxMTE5ZjFlOThiZjUxYTBmODNiMWM0MWRhOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTbc6baki5yWQs7zAPpe/1Vzcds4
7JZNY81c3FojrgpNsCpVPodbZQQbP7dtXn7egv1jxHuweb1TkVTmrGOdng5XA+Z+
m5T1EYanPqEynZnCAn90/6CagHqoeB/HGqwZPW2719zOEcNpd9odGlaRM8Id0Fm3
327jIHH6Uv4jsr/2t95IcZsDvbwEKeotCoIRMBd+4k4bFhhrRK+W3/9A0rNIOghc
Er2VVK/ejNLhwAsmGrEw3l/+I7NjVbfdoK+Fu+dHwzwlLUFUH2gkHbfoUK7iwvtU
jIYE0GnHZnqt+Zi/zAG5QFxuqftlJhnz28qATvSaPfWggquuCg5lGI1B0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAf+lQIsmBEZ8emL9RoPg7HEHan2MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvQl82VkFpeVlFUm54Nll2MUdnLURzY1FkcWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdGhMA0G
CSqGSIb3DQEBCwUAA4IBAQAHEHyXQ34GcuJLPI7Zj3RaHreAsG9hPiNzQ+bUSzcg
tf4lfmhIr1jl/tdT8xlD4PSbR4beKhY0nz2X0Ir7i7YSnjCOYC0GVDpBz9EMFchI
VBWjlUXrw7wc3jML1Ssmt/Uir+ExEg9n0mc8YVgRoruBeeYPuxrkjVRTpiV4lcwn
G2u2mD9ZDMJfDsNbede2rAwjsk/iU6ZnQNIJTnW+IjKe/bAHntVkyb3WrwN/yHdm
A9a4tQceO5vqfttM3KwI5LjCd9yVDoekjxA8pLgWEOGyGKvTWNBhkFb2zMEDLzu4
V3gTb+NI/Ji8B4Im31KKSSNmaRS3vL+F9PYWIrYmCZ7h
-----END CERTIFICATE-----