Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/PaYlLL1YOtm8IJ8_CD0zAGIXidM.roa
File:                     PaYlLL1YOtm8IJ8_CD0zAGIXidM.roa (raw, json)
Hash identifier:          eUBaLNH36vCB6dujbo8I9hbjCeQAzjBG5TSSXdiMCes=
Subject key identifier:   3D:A6:25:2C:BD:58:3A:D9:BC:20:9F:3F:08:3D:33:00:62:17:89:D3
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       01989829AC58ADBAAC781AB31C0B1F4DA9A0
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/PaYlLL1YOtm8IJ8_CD0zAGIXidM.roa
Signing time:             Mon 11 Aug 2025 08:05:24 +0000
ROA not before:           Mon 11 Aug 2025 08:05:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42441
IP address blocks:        109.122.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:29:ac:58:ad:ba:ac:78:1a:b3:1c:0b:1f:4d:a9:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Aug 11 08:05:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3da6252cbd583ad9bc209f3f083d3300621789d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:32:97:53:5c:fb:73:7f:c4:28:8e:a9:c2:c5:
                    6b:9e:d5:c8:dc:2f:52:9e:af:28:b8:f3:6c:bd:89:
                    ac:03:7d:05:3d:e7:f8:51:6b:98:21:c4:1d:0b:51:
                    ad:61:c0:e4:3f:e1:6f:9c:fe:f1:5b:75:c3:25:b6:
                    36:85:87:66:6c:92:a0:c1:8d:a2:ad:42:d1:c9:c2:
                    92:b3:05:ac:84:9d:7d:9f:4c:c7:91:f4:83:2e:1a:
                    9e:db:0f:1b:5c:f2:7b:28:ea:56:5e:4a:3c:d1:90:
                    d7:4a:c4:07:cb:38:a2:6f:a3:6d:84:23:a2:75:a7:
                    bc:60:15:1c:34:4f:c5:27:db:b1:0a:de:9e:d7:34:
                    60:f9:a6:c5:66:f1:8b:64:2e:94:fe:e4:8a:dc:06:
                    07:9a:4a:a0:db:c9:7d:97:c2:84:8c:19:90:88:83:
                    35:61:21:42:a3:cf:e8:74:e4:ea:e5:a6:c8:0a:2b:
                    9e:5e:a2:ae:2d:1e:1e:05:23:1e:5f:de:d9:42:7a:
                    db:bd:59:b6:e1:3d:60:71:df:7c:1e:b3:b2:c7:04:
                    c6:cc:8c:17:e5:7c:59:ee:52:d4:b0:00:c4:2d:eb:
                    bd:1e:2b:c9:d8:5a:8f:7e:bf:fc:a0:a9:79:f2:d7:
                    fa:cb:17:54:8c:ff:2c:fd:1a:9b:8b:66:4f:2b:32:
                    87:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A6:25:2C:BD:58:3A:D9:BC:20:9F:3F:08:3D:33:00:62:17:89:D3
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/PaYlLL1YOtm8IJ8_CD0zAGIXidM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:10:48:83:8f:63:6d:58:df:1f:1e:a5:07:b3:b5:93:2f:76:
         46:aa:65:cb:ee:40:ab:94:c3:3b:24:d5:01:d1:80:f3:c4:8c:
         1b:b8:79:23:d5:63:44:00:5b:06:48:3d:97:23:bd:64:ad:a1:
         ca:8c:e0:ff:78:60:bf:d1:36:b6:4b:06:ac:b0:d5:e9:d8:95:
         c2:61:e8:4a:cc:1f:53:95:41:f9:c0:5e:a7:cb:e5:56:93:8e:
         bc:4a:1a:13:a6:8b:98:5c:60:67:fa:96:0a:1b:79:ac:a9:d8:
         a4:7b:7d:5e:27:08:0e:de:e3:3e:71:84:38:c8:e9:94:3d:5e:
         c1:72:c9:fd:02:3b:1c:eb:55:a1:64:ca:b8:7b:2e:25:50:39:
         ee:24:6c:23:c2:96:37:6c:d0:52:06:e3:da:83:32:10:43:4d:
         ce:29:86:82:a2:31:ca:ab:6b:1c:3f:4a:c5:38:31:3d:51:96:
         f2:18:37:93:2c:e7:01:88:d2:4b:af:3b:f6:8a:9d:5e:6a:3c:
         0c:f3:f9:0b:2f:c6:74:22:99:50:dc:6c:0f:7e:d3:0b:83:30:
         0f:87:52:63:1c:eb:4e:1b:14:33:a7:1c:de:20:70:a1:12:64:
         9e:5b:4e:5b:7b:e0:fc:54:f2:54:11:a4:91:da:a0:14:38:28:
         1f:1b:b7:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYKaxYrbqseBqzHAsfTamgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwODExMDgwNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGE2MjUyY2JkNTgzYWQ5YmMyMDlmM2YwODNkMzMwMDYyMTc4OWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDKXU1z7c3/EKI6pwsVrntXI3C9S
nq8ouPNsvYmsA30FPef4UWuYIcQdC1GtYcDkP+FvnP7xW3XDJbY2hYdmbJKgwY2i
rULRycKSswWshJ19n0zHkfSDLhqe2w8bXPJ7KOpWXko80ZDXSsQHyziib6NthCOi
dae8YBUcNE/FJ9uxCt6e1zRg+abFZvGLZC6U/uSK3AYHmkqg28l9l8KEjBmQiIM1
YSFCo8/odOTq5abICiueXqKuLR4eBSMeX97ZQnrbvVm24T1gcd98HrOyxwTGzIwX
5XxZ7lLUsADELeu9HivJ2FqPfr/8oKl58tf6yxdUjP8s/Rqbi2ZPKzKHOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2mJSy9WDrZvCCfPwg9MwBiF4nTMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvUGFZbExMMVlPdG04SUo4X0NEMHpBR0lYaWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXopMA0G
CSqGSIb3DQEBCwUAA4IBAQALEEiDj2NtWN8fHqUHs7WTL3ZGqmXL7kCrlMM7JNUB
0YDzxIwbuHkj1WNEAFsGSD2XI71kraHKjOD/eGC/0Ta2SwassNXp2JXCYehKzB9T
lUH5wF6ny+VWk468ShoTpouYXGBn+pYKG3msqdike31eJwgO3uM+cYQ4yOmUPV7B
csn9Ajsc61WhZMq4ey4lUDnuJGwjwpY3bNBSBuPagzIQQ03OKYaCojHKq2scP0rF
ODE9UZbyGDeTLOcBiNJLrzv2ip1eajwM8/kLL8Z0IplQ3GwPftMLgzAPh1JjHOtO
GxQzpxzeIHChEmSeW05be+D8VPJUEaSR2qAUOCgfG7cL
-----END CERTIFICATE-----