Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/abYGyLAPbqJHUN4OgPJ4kSh32-A.roa
File:                     abYGyLAPbqJHUN4OgPJ4kSh32-A.roa (raw, json)
Hash identifier:          vWRxXzMhkOYcxdNq7oKZ4XFTV09UKCaMmWEVfb3hino=
Subject key identifier:   69:B6:06:C8:B0:0F:6E:A2:47:50:DE:0E:80:F2:78:91:28:77:DB:E0
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       0198E65A742179ADB8A126D00A2F8B3A0A57
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/abYGyLAPbqJHUN4OgPJ4kSh32-A.roa
Signing time:             Tue 26 Aug 2025 12:29:04 +0000
ROA not before:           Tue 26 Aug 2025 12:29:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205418
IP address blocks:        109.111.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e6:5a:74:21:79:ad:b8:a1:26:d0:0a:2f:8b:3a:0a:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Aug 26 12:29:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69b606c8b00f6ea24750de0e80f278912877dbe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:88:ee:0c:89:46:d2:63:a9:de:7a:ad:82:5f:
                    93:b4:4d:9e:11:85:aa:f2:8b:b3:df:f3:9e:c4:8b:
                    e8:6d:e3:28:dd:61:af:db:ed:1c:28:45:db:43:f0:
                    43:5f:8a:d5:98:3b:69:b0:13:82:d3:5d:eb:64:31:
                    9d:58:9a:c1:b1:e4:9e:b4:54:58:e1:41:9e:60:9b:
                    ac:56:cd:32:68:41:e0:af:6f:6c:58:11:05:26:54:
                    ad:66:30:86:9a:10:bd:03:f0:c9:18:e8:e8:19:a0:
                    5a:43:1b:b2:07:76:ed:1e:31:6e:9b:30:fb:05:83:
                    e0:56:c0:8b:3a:72:99:98:7b:e3:55:03:b3:bd:fc:
                    47:2d:5f:64:2d:c7:72:37:1f:cf:70:47:91:22:1b:
                    41:5b:8c:fa:b8:9c:a5:31:28:b8:46:b5:6c:7f:e6:
                    27:59:f0:04:9b:02:95:82:da:bd:8c:42:b1:c8:76:
                    75:5d:a8:ab:e0:29:35:b0:0d:f6:bf:7a:4b:91:35:
                    9a:7b:43:df:a4:9e:00:64:71:3e:6a:e9:22:aa:4b:
                    41:b6:aa:b4:be:93:e4:9c:43:74:11:09:39:55:2f:
                    12:01:4a:f7:3d:da:5d:3d:cf:47:b4:a4:43:7c:e2:
                    9a:d3:d0:94:db:66:37:c7:24:9a:f9:57:aa:c1:0f:
                    bc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B6:06:C8:B0:0F:6E:A2:47:50:DE:0E:80:F2:78:91:28:77:DB:E0
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/abYGyLAPbqJHUN4OgPJ4kSh32-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ca:1f:51:5e:ab:37:e1:5b:2b:26:5b:e7:2b:e5:69:3c:fa:
         f1:5b:be:06:ab:b1:bb:58:56:bf:47:f8:88:b9:f4:30:ad:05:
         31:e9:2b:77:8f:75:a9:07:90:37:40:ce:38:36:ba:d0:39:9c:
         4c:5a:98:64:1c:8e:81:8f:38:ea:54:5d:20:1e:2b:7a:9b:86:
         e8:aa:80:5c:d0:7c:d5:6c:98:75:19:3d:05:d4:73:8f:02:c1:
         93:95:e4:f2:4e:18:0f:2e:84:c3:8f:ff:b8:bf:cd:11:73:62:
         bd:46:13:7c:41:82:86:56:83:8f:ae:76:29:72:b2:92:18:2d:
         c2:57:30:5c:e0:40:da:d0:16:50:16:59:0e:70:7f:b5:6e:86:
         5a:44:37:88:df:7c:71:20:d1:d8:ad:d1:4e:7a:56:eb:f3:12:
         a4:1a:04:80:fa:2a:3f:c9:39:e0:7c:bc:82:e0:aa:81:95:15:
         b2:35:88:2f:d3:48:3b:c4:fa:13:5a:f2:89:0b:21:17:e9:4e:
         bc:50:15:d2:d2:fd:2d:0d:e9:a1:c9:fa:26:8d:b7:d4:37:98:
         03:dc:2f:cd:b3:fe:79:a8:d3:a6:dc:8f:3f:c5:65:73:03:db:
         8f:f0:01:c8:05:78:a3:3f:b1:ff:da:46:c2:a9:57:e0:08:0a:
         f1:17:30:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjmWnQhea24oSbQCi+LOgpXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwODI2MTIyOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWI2MDZjOGIwMGY2ZWEyNDc1MGRlMGU4MGYyNzg5MTI4NzdkYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4juDIlG0mOp3nqtgl+TtE2eEYWq
8ouz3/OexIvobeMo3WGv2+0cKEXbQ/BDX4rVmDtpsBOC013rZDGdWJrBseSetFRY
4UGeYJusVs0yaEHgr29sWBEFJlStZjCGmhC9A/DJGOjoGaBaQxuyB3btHjFumzD7
BYPgVsCLOnKZmHvjVQOzvfxHLV9kLcdyNx/PcEeRIhtBW4z6uJylMSi4RrVsf+Yn
WfAEmwKVgtq9jEKxyHZ1Xair4Ck1sA32v3pLkTWae0PfpJ4AZHE+aukiqktBtqq0
vpPknEN0EQk5VS8SAUr3PdpdPc9HtKRDfOKa09CU22Y3xySa+VeqwQ+85wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGm2BsiwD26iR1DeDoDyeJEod9vgMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvYWJZR3lMQVBicUpIVU40T2dQSjRrU2gzMi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbW//MA0G
CSqGSIb3DQEBCwUAA4IBAQA3yh9RXqs34VsrJlvnK+VpPPrxW74Gq7G7WFa/R/iI
ufQwrQUx6St3j3WpB5A3QM44NrrQOZxMWphkHI6BjzjqVF0gHit6m4boqoBc0HzV
bJh1GT0F1HOPAsGTleTyThgPLoTDj/+4v80Rc2K9RhN8QYKGVoOPrnYpcrKSGC3C
VzBc4EDa0BZQFlkOcH+1boZaRDeI33xxINHYrdFOelbr8xKkGgSA+io/yTngfLyC
4KqBlRWyNYgv00g7xPoTWvKJCyEX6U68UBXS0v0tDemhyfomjbfUN5gD3C/Ns/55
qNOm3I8/xWVzA9uP8AHIBXijP7H/2kbCqVfgCArxFzBf
-----END CERTIFICATE-----