Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/S1RIB9s1tG-hm5z5-rZePJ-MweU.roa
File:                     S1RIB9s1tG-hm5z5-rZePJ-MweU.roa (raw, json)
Hash identifier:          FmWX2DduKBzq/vRo5ziklwxZPbeNxAbr96ijiwn0mxI=
Subject key identifier:   4B:54:48:07:DB:35:B4:6F:A1:9B:9C:F9:FA:B6:5E:3C:9F:8C:C1:E5
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0197B3D35D657B91B851250BC9AA65F65F45
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/S1RIB9s1tG-hm5z5-rZePJ-MweU.roa
Signing time:             Fri 27 Jun 2025 23:57:42 +0000
ROA not before:           Fri 27 Jun 2025 23:57:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        37.128.240.0/20 maxlen: 24
                          109.111.32.0/19 maxlen: 24
                          176.221.16.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 02:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b3:d3:5d:65:7b:91:b8:51:25:0b:c9:aa:65:f6:5f:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jun 27 23:57:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b544807db35b46fa19b9cf9fab65e3c9f8cc1e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:72:af:f1:1a:a7:11:ac:dc:2f:75:4f:a2:be:
                    5c:72:0d:b0:5a:7e:84:03:b7:ce:64:75:52:2c:7b:
                    0a:92:a9:46:de:e6:21:b4:6d:29:da:80:44:00:e8:
                    7d:77:0e:bd:d9:72:df:25:ab:98:e1:0d:e8:ea:70:
                    1a:11:0c:84:c1:07:ca:b4:e8:7f:20:c3:ca:d1:83:
                    7c:ec:39:2b:ba:b4:f6:35:ca:9d:94:a3:ba:18:49:
                    1f:47:16:61:f2:91:bf:11:d4:16:1c:fc:db:ab:bd:
                    6f:77:b0:7a:56:0e:7e:64:47:0b:a1:40:7f:93:69:
                    74:82:30:a0:39:3c:0a:12:88:8a:78:28:0e:c4:97:
                    67:e4:ac:28:d9:af:97:23:7b:d0:b7:ac:d8:a4:3c:
                    2d:ab:91:07:18:1f:a0:d1:d1:e6:60:e0:7a:fe:ff:
                    1d:c7:82:ee:c5:b1:85:5c:72:b9:55:bc:62:50:ec:
                    5b:09:79:08:18:f2:30:0a:d3:92:62:21:a6:98:27:
                    a6:a1:1a:9c:c9:6a:56:82:a3:ac:3c:59:4e:c3:29:
                    5b:0f:46:bf:34:30:de:21:4d:89:a0:bb:72:7f:e3:
                    ce:23:97:09:f7:b5:3a:e8:8d:fd:ed:f0:13:8b:a5:
                    a8:82:2b:42:c9:d8:7d:0e:62:c7:56:2e:3f:65:dc:
                    ed:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:54:48:07:DB:35:B4:6F:A1:9B:9C:F9:FA:B6:5E:3C:9F:8C:C1:E5
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/S1RIB9s1tG-hm5z5-rZePJ-MweU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.240.0/20
                  109.111.32.0/19
                  176.221.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         82:63:b9:c7:38:90:d1:ea:c5:2b:d7:42:d3:6c:6b:0a:9a:27:
         fd:1b:02:eb:ff:32:bc:d7:a9:e2:4c:6d:a1:0c:31:a4:c7:ae:
         7c:c3:e7:5d:93:62:15:56:cf:99:7d:2c:61:f4:c9:85:c5:74:
         6f:ad:c4:83:ce:3b:fc:a6:7d:c5:69:5b:6a:0e:eb:95:d9:dc:
         f8:10:8b:f0:40:da:94:18:b3:d7:2b:bf:58:d5:f6:3d:07:71:
         b9:07:cf:50:d3:c1:42:90:c6:43:2c:c0:04:3c:b7:8b:92:40:
         3a:dd:01:2b:a2:0c:9d:f9:ef:83:cb:e1:08:7d:cc:22:21:ff:
         e6:64:2d:f0:92:2d:46:31:4c:95:b4:25:4b:22:7d:c1:27:d2:
         b7:e5:08:63:aa:08:c7:d5:25:32:75:bb:11:85:2d:62:e3:21:
         ec:35:f9:41:c1:0b:e8:8c:22:85:5c:2a:0b:78:2e:89:e2:9f:
         e0:49:5f:2c:1a:02:1e:e0:27:ef:ef:ab:b2:31:dd:39:46:8a:
         d0:fe:d7:be:0c:fa:0d:07:cd:e3:c0:39:5d:32:72:20:c5:f2:
         1b:69:26:cb:7d:8d:4e:6d:48:4b:a7:37:d6:de:f7:11:68:b7:
         f9:28:1b:05:8c:51:ae:bf:a4:57:ad:d7:c3:cd:a7:8f:95:06:
         b6:9d:3f:a5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZez011le5G4USULyapl9l9FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwNjI3MjM1NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjU0NDgwN2RiMzViNDZmYTE5YjljZjlmYWI2NWUzYzlmOGNjMWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3Kv8RqnEazcL3VPor5ccg2wWn6E
A7fOZHVSLHsKkqlG3uYhtG0p2oBEAOh9dw692XLfJauY4Q3o6nAaEQyEwQfKtOh/
IMPK0YN87DkrurT2NcqdlKO6GEkfRxZh8pG/EdQWHPzbq71vd7B6Vg5+ZEcLoUB/
k2l0gjCgOTwKEoiKeCgOxJdn5Kwo2a+XI3vQt6zYpDwtq5EHGB+g0dHmYOB6/v8d
x4LuxbGFXHK5VbxiUOxbCXkIGPIwCtOSYiGmmCemoRqcyWpWgqOsPFlOwylbD0a/
NDDeIU2JoLtyf+POI5cJ97U66I397fATi6WogitCydh9DmLHVi4/ZdzthwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEtUSAfbNbRvoZuc+fq2XjyfjMHlMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvUzFSSUI5czF0Ry1obTV6NS1yWmVQSi1Nd2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEJYDwAwQF
bW8gAwQEsN0QMA0GCSqGSIb3DQEBCwUAA4IBAQCCY7nHOJDR6sUr10LTbGsKmif9
GwLr/zK816niTG2hDDGkx658w+ddk2IVVs+ZfSxh9MmFxXRvrcSDzjv8pn3FaVtq
DuuV2dz4EIvwQNqUGLPXK79Y1fY9B3G5B89Q08FCkMZDLMAEPLeLkkA63QErogyd
+e+Dy+EIfcwiIf/mZC3wki1GMUyVtCVLIn3BJ9K35QhjqgjH1SUydbsRhS1i4yHs
NflBwQvojCKFXCoLeC6J4p/gSV8sGgIe4Cfv76uyMd05RorQ/te+DPoNB83jwDld
MnIgxfIbaSbLfY1ObUhLpzfW3vcRaLf5KBsFjFGuv6RXrdfDzaePlQa2nT+l
-----END CERTIFICATE-----