Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/COvg2MpN_oheD_zalSdxr-q7gqg.roa
File:                     COvg2MpN_oheD_zalSdxr-q7gqg.roa (raw, json)
Hash identifier:          TNZBHXn/rFK8B0FSzij1q86AM+2q2tMbA3NjJuonYNE=
Subject key identifier:   08:EB:E0:D8:CA:4D:FE:88:5E:0F:FC:DA:95:27:71:AF:EA:BB:82:A8
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0199F2777488280DB7A6F187540F096FA02F
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/COvg2MpN_oheD_zalSdxr-q7gqg.roa
Signing time:             Fri 17 Oct 2025 13:58:58 +0000
ROA not before:           Fri 17 Oct 2025 13:58:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.111.32.0/22 maxlen: 24
                          109.111.48.0/20 maxlen: 20
                          109.111.50.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:77:74:88:28:0d:b7:a6:f1:87:54:0f:09:6f:a0:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Oct 17 13:58:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08ebe0d8ca4dfe885e0ffcda952771afeabb82a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ea:44:70:70:01:75:dd:4a:d2:5f:86:2a:cb:
                    e6:95:3e:3a:e2:cb:a8:06:2d:1b:b8:b5:96:53:9a:
                    68:ca:e9:01:e1:55:d4:82:3c:29:d9:6c:45:62:66:
                    30:d2:ba:05:fa:70:8d:4b:dd:50:29:80:7b:28:43:
                    4e:27:77:96:57:cd:d5:52:2a:2d:41:df:21:a8:1e:
                    8d:22:34:07:cc:33:ad:c6:db:bc:2e:ba:bf:4c:fd:
                    4b:26:d1:b4:3e:c5:fb:51:65:40:92:4b:7e:ea:ff:
                    6b:38:08:83:b0:b1:89:ae:77:43:c8:d3:56:88:92:
                    46:d8:ec:45:56:16:85:97:cb:97:63:88:19:70:24:
                    eb:87:28:82:eb:90:11:f1:99:4b:64:ff:48:a7:3c:
                    1a:e1:b4:5a:e8:4d:91:5e:66:fe:3d:e0:5b:d9:bd:
                    f7:bf:a6:2e:fb:95:77:5f:f4:b0:54:ed:a5:7f:08:
                    27:9f:ba:3f:ab:e4:9f:f9:29:92:f1:41:a0:d1:46:
                    06:2a:ed:12:34:3f:87:2f:0c:1c:70:80:5b:3a:95:
                    f8:46:66:78:f5:f2:7f:6e:9b:00:8f:cd:9a:9f:b9:
                    09:03:8d:37:5c:22:9e:57:fa:a1:3a:e1:05:c2:68:
                    e6:23:25:36:ba:c0:85:7d:49:6a:a1:3c:53:1e:0f:
                    e4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:EB:E0:D8:CA:4D:FE:88:5E:0F:FC:DA:95:27:71:AF:EA:BB:82:A8
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/COvg2MpN_oheD_zalSdxr-q7gqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.32.0/22
                  109.111.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         84:16:a1:c2:63:d4:3d:c6:c7:8f:0f:2a:af:06:75:40:41:4d:
         97:a7:91:8b:77:0f:73:5a:61:1f:40:48:00:36:3a:0e:38:37:
         41:06:ae:40:b9:2b:b0:46:81:75:fc:3a:69:ca:a5:26:96:7d:
         95:d4:8f:60:05:35:08:ac:a6:10:3e:d3:03:f1:93:8b:5f:3b:
         ae:e8:79:00:0c:f9:67:e5:36:bc:b6:87:59:01:82:00:10:d1:
         d5:58:b6:6c:47:3e:9e:ea:0a:d0:c3:71:e3:4f:0f:f3:ad:e0:
         5f:5d:cc:15:bd:fa:d6:3a:b9:d2:42:7c:e4:2a:e7:c4:1f:a4:
         4b:7d:14:25:06:5d:4f:62:28:d2:c1:7c:fa:c8:75:84:ca:76:
         74:85:50:ac:76:ae:43:08:7b:c3:a0:b7:1d:99:51:c7:bf:af:
         74:00:ad:31:2f:a9:e4:60:7b:d5:b3:a6:b2:15:79:73:b3:d5:
         90:eb:ef:ad:15:e0:f0:e7:e9:2b:36:cc:af:21:8c:73:b2:4c:
         6a:30:2f:e3:1d:c7:bd:ea:7f:09:ee:59:d9:bb:d1:65:1a:11:
         e3:ea:7d:79:ad:0b:e7:7f:13:96:10:b2:2e:a6:0d:c0:bc:ed:
         45:d2:1f:2e:50:d7:eb:46:2f:95:76:30:62:d4:d7:97:51:ef:
         47:8e:49:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnyd3SIKA23pvGHVA8Jb6AvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUxMDE3MTM1ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGViZTBkOGNhNGRmZTg4NWUwZmZjZGE5NTI3NzFhZmVhYmI4MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+pEcHABdd1K0l+GKsvmlT464suo
Bi0buLWWU5poyukB4VXUgjwp2WxFYmYw0roF+nCNS91QKYB7KENOJ3eWV83VUiot
Qd8hqB6NIjQHzDOtxtu8Lrq/TP1LJtG0PsX7UWVAkkt+6v9rOAiDsLGJrndDyNNW
iJJG2OxFVhaFl8uXY4gZcCTrhyiC65AR8ZlLZP9Ipzwa4bRa6E2RXmb+PeBb2b33
v6Yu+5V3X/SwVO2lfwgnn7o/q+Sf+SmS8UGg0UYGKu0SND+HLwwccIBbOpX4RmZ4
9fJ/bpsAj82an7kJA403XCKeV/qhOuEFwmjmIyU2usCFfUlqoTxTHg/kjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAjr4NjKTf6IXg/82pUnca/qu4KoMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvQ092ZzJNcE5fb2hlRF96YWxTZHhyLXE3Z3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbW8gAwQE
bW8wMA0GCSqGSIb3DQEBCwUAA4IBAQCEFqHCY9Q9xsePDyqvBnVAQU2Xp5GLdw9z
WmEfQEgANjoOODdBBq5AuSuwRoF1/DppyqUmln2V1I9gBTUIrKYQPtMD8ZOLXzuu
6HkADPln5Ta8todZAYIAENHVWLZsRz6e6grQw3HjTw/zreBfXcwVvfrWOrnSQnzk
KufEH6RLfRQlBl1PYijSwXz6yHWEynZ0hVCsdq5DCHvDoLcdmVHHv690AK0xL6nk
YHvVs6ayFXlzs9WQ6++tFeDw5+krNsyvIYxzskxqMC/jHce96n8J7lnZu9FlGhHj
6n15rQvnfxOWELIupg3AvO1F0h8uUNfrRi+VdjBi1NeXUe9Hjkls
-----END CERTIFICATE-----