Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_Kr9E5MKxyuntA5czBSmI-XiWLk.roa
File:                     _Kr9E5MKxyuntA5czBSmI-XiWLk.roa (raw, json)
Hash identifier:          yKCPcajH9aVqjBH/Z/+caEOZWjeFz70pUynCf4xQzl0=
Subject key identifier:   FC:AA:FD:13:93:0A:C7:2B:A7:B4:0E:5C:CC:14:A6:23:E5:E2:58:B9
Certificate issuer:       /CN=ff8dd5fe4179e8bda28532561919f6d07877c63d
Certificate serial:       01977E43202DBAAA2F98A20127849C28889C
Authority key identifier: FF:8D:D5:FE:41:79:E8:BD:A2:85:32:56:19:19:F6:D0:78:77:C6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_Kr9E5MKxyuntA5czBSmI-XiWLk.roa
Signing time:             Tue 17 Jun 2025 14:20:17 +0000
ROA not before:           Tue 17 Jun 2025 14:20:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44559
IP address blocks:        109.197.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:43:20:2d:ba:aa:2f:98:a2:01:27:84:9c:28:88:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff8dd5fe4179e8bda28532561919f6d07877c63d
        Validity
            Not Before: Jun 17 14:20:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcaafd13930ac72ba7b40e5ccc14a623e5e258b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:88:b4:8a:a3:64:17:39:c3:58:42:97:fc:34:
                    a6:1f:10:b3:ba:72:3b:1c:ae:21:de:53:35:11:26:
                    10:b7:48:6c:e3:e0:62:3b:27:9a:c0:19:36:79:da:
                    43:ed:4e:ac:de:df:47:4f:1c:de:05:25:ec:ec:d4:
                    f6:9e:28:71:cd:5e:40:6a:b2:33:dc:9b:53:b1:0a:
                    84:7a:4f:27:7f:f1:9f:67:23:59:b9:8d:0d:97:30:
                    bd:23:7f:df:d7:77:13:d1:52:bd:a6:4b:61:79:d0:
                    02:01:b9:79:bd:69:ed:ea:14:cb:77:2b:a9:71:a0:
                    0e:f9:8a:42:a2:2e:88:83:73:06:02:6d:7b:4e:db:
                    9d:fa:ec:56:10:b4:30:8b:6e:bf:e7:39:76:5d:8c:
                    88:80:5e:74:48:2c:3a:c5:d8:49:18:57:59:d3:92:
                    ea:5d:cd:b4:83:44:92:b9:e1:85:0f:15:8b:4e:55:
                    ca:7d:ff:44:78:0c:36:7b:3e:5e:6d:45:a6:d1:c0:
                    55:7e:e9:37:93:fb:9a:a4:f4:3e:a1:a2:2e:7b:d1:
                    8f:53:0d:09:f8:80:7a:50:42:c8:34:95:69:6d:26:
                    c7:17:da:be:e9:d0:4d:ec:7d:2a:25:92:63:26:bb:
                    fe:86:5a:bd:f1:99:8f:5c:ea:2c:8a:d0:86:bf:34:
                    ed:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:AA:FD:13:93:0A:C7:2B:A7:B4:0E:5C:CC:14:A6:23:E5:E2:58:B9
            X509v3 Authority Key Identifier:
                keyid:FF:8D:D5:FE:41:79:E8:BD:A2:85:32:56:19:19:F6:D0:78:77:C6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_Kr9E5MKxyuntA5czBSmI-XiWLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.197.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:56:4a:44:d0:2d:6f:ca:82:be:8f:96:68:e7:1c:b7:01:8a:
         0a:42:f6:1c:80:a9:16:9b:0d:66:95:5d:46:4a:20:f4:1a:43:
         26:a8:77:36:6e:ef:ed:f6:c9:4d:11:ba:70:a6:32:66:b7:50:
         bc:50:e8:de:03:ca:21:46:24:b6:15:28:3b:65:ad:67:9f:dd:
         b4:ce:d2:0f:14:12:f7:9b:5f:85:9c:c0:c9:f2:ac:e6:fe:32:
         b0:42:f8:e3:6c:7a:be:ba:b6:04:9b:cc:ff:c7:c3:64:5e:7e:
         43:3e:83:0e:68:32:0f:fb:17:59:d2:6b:1e:25:0b:e2:1d:93:
         2c:95:20:f0:4c:7f:3b:19:c0:3b:3d:e6:79:4e:3f:c9:bd:1e:
         c1:0c:f9:0f:a8:f4:d5:82:f8:e7:ef:bb:77:94:3f:fb:70:ce:
         50:85:4c:45:37:78:a1:8f:1f:a0:ce:9e:8c:8c:30:4b:c3:86:
         81:1d:7d:37:75:33:dd:4e:a4:21:d0:68:7a:bd:2b:90:07:6c:
         7b:79:4b:a2:02:41:dd:e2:c4:81:0a:43:f0:57:9b:f7:c9:e2:
         6a:ab:21:28:d3:35:fb:43:e7:52:9e:0c:c0:b6:4e:76:8b:86:
         bc:72:a5:c6:66:84:d9:57:c8:8b:5c:9e:7f:a1:9c:f1:88:69:
         14:ab:32:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd+QyAtuqovmKIBJ4ScKIicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmOGRkNWZlNDE3OWU4YmRhMjg1MzI1NjE5MTlmNmQwNzg3
N2M2M2QwHhcNMjUwNjE3MTQyMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2FhZmQxMzkzMGFjNzJiYTdiNDBlNWNjYzE0YTYyM2U1ZTI1OGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYi0iqNkFznDWEKX/DSmHxCzunI7
HK4h3lM1ESYQt0hs4+BiOyeawBk2edpD7U6s3t9HTxzeBSXs7NT2nihxzV5AarIz
3JtTsQqEek8nf/GfZyNZuY0NlzC9I3/f13cT0VK9pkthedACAbl5vWnt6hTLdyup
caAO+YpCoi6Ig3MGAm17Ttud+uxWELQwi26/5zl2XYyIgF50SCw6xdhJGFdZ05Lq
Xc20g0SSueGFDxWLTlXKff9EeAw2ez5ebUWm0cBVfuk3k/uapPQ+oaIue9GPUw0J
+IB6UELINJVpbSbHF9q+6dBN7H0qJZJjJrv+hlq98ZmPXOositCGvzTtNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyq/ROTCscrp7QOXMwUpiPl4li5MB8GA1UdIwQY
MBaAFP+N1f5Beei9ooUyVhkZ9tB4d8Y9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzQzVl9rRjU2TDJpaFRKV0dSbjIwSGgzeGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80YjJmODgtM2UyMC00YWZhLWI3NTQt
MDZhNDA0NDM1ZTUwLzEvX0tyOUU1TUt4eXVudEE1Y3pCU21JLVhpV0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80YjJmODgtM2UyMC00YWZhLWI3NTQtMDZhNDA0NDM1ZTUw
LzEvXzQzVl9rRjU2TDJpaFRKV0dSbjIwSGgzeGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbcURMA0G
CSqGSIb3DQEBCwUAA4IBAQAyVkpE0C1vyoK+j5Zo5xy3AYoKQvYcgKkWmw1mlV1G
SiD0GkMmqHc2bu/t9slNEbpwpjJmt1C8UOjeA8ohRiS2FSg7Za1nn920ztIPFBL3
m1+FnMDJ8qzm/jKwQvjjbHq+urYEm8z/x8NkXn5DPoMOaDIP+xdZ0mseJQviHZMs
lSDwTH87GcA7PeZ5Tj/JvR7BDPkPqPTVgvjn77t3lD/7cM5QhUxFN3ihjx+gzp6M
jDBLw4aBHX03dTPdTqQh0Gh6vSuQB2x7eUuiAkHd4sSBCkPwV5v3yeJqqyEo0zX7
Q+dSngzAtk52i4a8cqXGZoTZV8iLXJ5/oZzxiGkUqzKN
-----END CERTIFICATE-----