Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/AVnx-FGQOCAK5RnaQADitDAO5hM.roa
File:                     AVnx-FGQOCAK5RnaQADitDAO5hM.roa (raw, json)
Hash identifier:          wCuFWWt6WOwIf0nZWJf9m4qBBL2Jw9B2DHBHaYoTQq0=
Subject key identifier:   01:59:F1:F8:51:90:38:20:0A:E5:19:DA:40:00:E2:B4:30:0E:E6:13
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       01979DE77E3EE3278A6274AC4BD29DF290F2
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/AVnx-FGQOCAK5RnaQADitDAO5hM.roa
Signing time:             Mon 23 Jun 2025 17:48:03 +0000
ROA not before:           Mon 23 Jun 2025 17:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200993
IP address blocks:        217.199.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 02:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:e7:7e:3e:e3:27:8a:62:74:ac:4b:d2:9d:f2:90:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jun 23 17:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0159f1f8519038200ae519da4000e2b4300ee613
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ca:a4:f9:82:f9:54:47:d5:ba:ec:39:ae:96:
                    d4:cf:7e:90:27:0d:eb:62:97:46:7f:29:27:1f:a1:
                    6b:b6:e9:2b:94:77:d7:07:fb:24:ac:b4:b2:99:fc:
                    a4:3b:de:f6:58:13:a7:0a:2c:40:20:9e:15:2b:b7:
                    4f:62:56:f8:c4:92:c7:aa:8b:5c:af:b8:ef:f9:a7:
                    3f:2e:a4:e8:00:c7:a2:6f:da:ab:8b:9f:c3:8f:d0:
                    a6:03:07:c2:d0:67:a3:08:c8:ee:87:d2:bd:e5:9e:
                    15:5c:b3:41:e1:35:9a:bf:31:97:dd:91:f9:7f:b5:
                    88:43:2e:a7:ea:a8:ca:1e:59:8e:e5:94:49:5f:6d:
                    e8:8b:01:5c:67:38:76:e7:65:b8:e9:86:aa:d9:b5:
                    74:f1:b6:96:a8:35:61:96:45:cc:b5:f3:a7:2b:d2:
                    4f:13:f7:23:c9:b0:a2:0a:b9:a1:5b:b3:a9:28:03:
                    f5:b7:34:b3:ca:05:85:26:71:ec:5b:0c:2f:ac:bd:
                    fe:d8:b8:af:95:80:74:4b:1b:ea:7b:c2:8a:32:2b:
                    df:bf:a4:3b:7f:6a:02:69:87:cd:d2:1a:bb:b3:93:
                    71:ad:b1:44:49:67:e8:65:55:17:c1:db:79:46:67:
                    fc:be:15:ce:7f:1f:2b:af:12:14:37:70:33:1f:29:
                    b3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:59:F1:F8:51:90:38:20:0A:E5:19:DA:40:00:E2:B4:30:0E:E6:13
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/AVnx-FGQOCAK5RnaQADitDAO5hM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.199.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:32:9b:91:f8:d8:43:db:7b:d5:79:b8:11:12:92:7e:4a:22:
         5d:78:68:ad:f4:2e:30:ff:9d:28:c5:b9:79:19:17:a2:3f:ac:
         b5:e9:89:5e:ff:1d:2c:4e:73:d2:fa:23:27:17:ce:10:63:79:
         fe:fd:1d:44:75:de:70:23:9e:77:17:52:88:68:82:ea:aa:9c:
         08:22:42:81:cc:33:71:5e:b0:c9:4d:a3:a4:9b:97:f4:44:fe:
         38:9d:5d:fa:c8:6e:c7:50:9d:8f:9c:22:fe:4a:99:e8:88:0b:
         3f:72:83:c9:c9:a5:10:84:66:df:0e:a8:67:27:64:5f:b3:a6:
         22:4b:b8:dc:63:ad:8e:87:39:8a:b9:a2:f7:6a:a4:9c:12:17:
         7f:5d:d4:3a:92:f8:f0:05:10:76:b0:40:70:19:ce:ec:f7:29:
         85:6a:de:5b:fd:05:1c:86:72:04:ab:24:4e:1c:e3:80:89:a9:
         0a:82:3f:84:a3:2a:0c:5e:b8:36:39:17:40:5a:de:87:55:49:
         7f:53:17:c9:1f:f7:fd:6d:a6:ec:7b:8b:13:3c:8e:c5:93:b8:
         a0:8e:4b:fb:58:14:21:08:14:d9:55:87:54:da:5b:cd:50:cb:
         8b:6f:7b:a1:f6:46:15:de:5e:c1:a2:2f:52:dd:aa:e2:7c:a5:
         86:8b:0d:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZed534+4yeKYnSsS9Kd8pDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjUwNjIzMTc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTU5ZjFmODUxOTAzODIwMGFlNTE5ZGE0MDAwZTJiNDMwMGVlNjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMqk+YL5VEfVuuw5rpbUz36QJw3r
YpdGfyknH6FrtukrlHfXB/skrLSymfykO972WBOnCixAIJ4VK7dPYlb4xJLHqotc
r7jv+ac/LqToAMeib9qri5/Dj9CmAwfC0GejCMjuh9K95Z4VXLNB4TWavzGX3ZH5
f7WIQy6n6qjKHlmO5ZRJX23oiwFcZzh252W46Yaq2bV08baWqDVhlkXMtfOnK9JP
E/cjybCiCrmhW7OpKAP1tzSzygWFJnHsWwwvrL3+2LivlYB0Sxvqe8KKMivfv6Q7
f2oCaYfN0hq7s5NxrbFESWfoZVUXwdt5Rmf8vhXOfx8rrxIUN3AzHymzJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFZ8fhRkDggCuUZ2kAA4rQwDuYTMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvQVZueC1GR1FPQ0FLNVJuYVFBRGl0REFPNWhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cfeMA0G
CSqGSIb3DQEBCwUAA4IBAQAlMpuR+NhD23vVebgREpJ+SiJdeGit9C4w/50oxbl5
GReiP6y16Yle/x0sTnPS+iMnF84QY3n+/R1Edd5wI553F1KIaILqqpwIIkKBzDNx
XrDJTaOkm5f0RP44nV36yG7HUJ2PnCL+SpnoiAs/coPJyaUQhGbfDqhnJ2Rfs6Yi
S7jcY62OhzmKuaL3aqScEhd/XdQ6kvjwBRB2sEBwGc7s9ymFat5b/QUchnIEqyRO
HOOAiakKgj+EoyoMXrg2ORdAWt6HVUl/UxfJH/f9babse4sTPI7Fk7igjkv7WBQh
CBTZVYdU2lvNUMuLb3uh9kYV3l7Boi9S3arifKWGiw2K
-----END CERTIFICATE-----