Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/od1ADzeqOn5bVC20zBnBeUVSNKw.roa
File:                     od1ADzeqOn5bVC20zBnBeUVSNKw.roa (raw, json)
Hash identifier:          VVSLdqnSFTyWUJsI+ZA3ZZGNebOqLFzR1C2rEUolb/0=
Subject key identifier:   A1:DD:40:0F:37:AA:3A:7E:5B:54:2D:B4:CC:19:C1:79:45:52:34:AC
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01999129D87631C4D44402BD4944641AC4A0
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/od1ADzeqOn5bVC20zBnBeUVSNKw.roa
Signing time:             Sun 28 Sep 2025 16:31:02 +0000
ROA not before:           Sun 28 Sep 2025 16:31:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399989
IP address blocks:        109.111.44.0/22 maxlen: 22
                          109.111.60.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:91:29:d8:76:31:c4:d4:44:02:bd:49:44:64:1a:c4:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Sep 28 16:31:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1dd400f37aa3a7e5b542db4cc19c179455234ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:07:dd:a4:91:66:f1:8d:e8:9a:7d:08:83:75:
                    df:86:79:62:7b:ab:23:d9:1f:1f:80:1c:48:ec:4e:
                    3d:1a:3f:29:4f:9b:b7:dc:45:1d:4f:a2:33:e3:60:
                    92:47:38:2b:f0:ca:56:7f:18:3a:13:17:74:d7:42:
                    d4:e9:37:13:88:14:73:4b:cb:0c:76:06:28:21:84:
                    88:a1:73:b1:4e:34:43:40:89:7f:46:1f:ac:53:2b:
                    86:eb:f7:67:e3:89:ab:ae:43:9b:ca:56:fe:83:84:
                    ab:e7:8c:56:f5:f1:25:9e:24:d2:44:4c:9a:2f:0c:
                    71:cc:3f:42:31:4f:1b:fa:1a:10:08:3d:76:77:45:
                    a8:fa:52:00:44:a3:1e:f1:f7:f7:9b:33:d9:42:ab:
                    fe:56:2a:a1:67:0d:72:0a:fd:9b:55:14:b1:1c:5d:
                    fe:82:c0:31:ce:10:c3:7a:9e:29:82:18:3d:ec:85:
                    e8:6f:d9:c1:3f:c6:67:f2:db:d5:5e:c5:3b:2b:e0:
                    2b:ff:07:a4:75:94:ed:df:66:22:a9:75:a1:a5:d7:
                    5e:b2:15:53:49:62:4d:db:51:f0:22:91:82:4c:cb:
                    a3:d7:18:f9:df:94:39:bb:53:ea:b0:76:ee:ae:a9:
                    8a:b4:5c:5c:6e:7a:a5:80:31:ab:c6:33:ce:cc:3f:
                    3d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:DD:40:0F:37:AA:3A:7E:5B:54:2D:B4:CC:19:C1:79:45:52:34:AC
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/od1ADzeqOn5bVC20zBnBeUVSNKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.44.0/22
                  109.111.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:b0:04:cd:2e:82:7d:8a:36:f0:f7:b2:cb:75:5b:db:b1:7f:
         dc:6e:10:02:4a:36:32:41:81:af:38:af:ed:ad:a1:ac:82:12:
         8e:a9:20:a1:90:22:bf:48:31:7a:c4:91:76:8e:81:b4:cb:0e:
         9c:bb:00:1b:78:86:36:8f:5e:e7:04:da:55:af:f6:2d:10:e7:
         51:d0:7a:78:4f:e6:36:15:8f:16:d6:4a:80:eb:dc:24:7a:ad:
         29:ea:5d:7b:7f:b7:81:95:1d:38:34:ed:29:39:fe:27:dd:6c:
         7e:1d:e4:3e:fe:b2:74:7b:81:25:80:5b:a9:9c:0e:71:8c:3b:
         33:8c:dd:9a:9c:ed:a4:97:f8:ee:82:85:3a:88:c7:f0:96:0d:
         5a:a5:93:24:da:ee:1a:93:b6:db:34:90:65:f7:b4:52:0b:71:
         3f:6d:f4:51:90:53:c3:f4:86:c4:b1:e2:14:fe:01:f9:ea:22:
         d0:b1:f0:80:d8:bc:5b:a2:58:03:81:b1:5a:b0:e4:5e:03:31:
         1f:6f:d4:e0:67:bd:0d:1b:ec:9a:a1:fc:c3:2b:3e:dd:b4:32:
         44:25:65:b5:7f:ad:62:44:92:d1:82:1e:b2:0a:c4:83:a8:70:
         37:00:c5:c8:8a:ee:5b:ff:e1:a1:13:15:fb:d1:91:af:c1:33:
         bc:86:f0:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmRKdh2McTURAK9SURkGsSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwOTI4MTYzMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWRkNDAwZjM3YWEzYTdlNWI1NDJkYjRjYzE5YzE3OTQ1NTIzNGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAfdpJFm8Y3omn0Ig3Xfhnlie6sj
2R8fgBxI7E49Gj8pT5u33EUdT6Iz42CSRzgr8MpWfxg6Exd010LU6TcTiBRzS8sM
dgYoIYSIoXOxTjRDQIl/Rh+sUyuG6/dn44mrrkObylb+g4Sr54xW9fElniTSREya
LwxxzD9CMU8b+hoQCD12d0Wo+lIARKMe8ff3mzPZQqv+ViqhZw1yCv2bVRSxHF3+
gsAxzhDDep4pghg97IXob9nBP8Zn8tvVXsU7K+Ar/wekdZTt32YiqXWhpddeshVT
SWJN21HwIpGCTMuj1xj535Q5u1PqsHburqmKtFxcbnqlgDGrxjPOzD89UQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKHdQA83qjp+W1QttMwZwXlFUjSsMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvb2QxQUR6ZXFPbjViVkMyMHpCbkJlVVZTTkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbW8sAwQC
bW88MA0GCSqGSIb3DQEBCwUAA4IBAQB5sATNLoJ9ijbw97LLdVvbsX/cbhACSjYy
QYGvOK/traGsghKOqSChkCK/SDF6xJF2joG0yw6cuwAbeIY2j17nBNpVr/YtEOdR
0Hp4T+Y2FY8W1kqA69wkeq0p6l17f7eBlR04NO0pOf4n3Wx+HeQ+/rJ0e4ElgFup
nA5xjDszjN2anO2kl/jugoU6iMfwlg1apZMk2u4ak7bbNJBl97RSC3E/bfRRkFPD
9IbEseIU/gH56iLQsfCA2LxbolgDgbFasOReAzEfb9TgZ70NG+yaofzDKz7dtDJE
JWW1f61iRJLRgh6yCsSDqHA3AMXIiu5b/+GhExX70ZGvwTO8hvDf
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:49 2025 by rpki-client