Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/vmXd6JCE5kf_nXENEGshI9bqd18.roa
File:                     vmXd6JCE5kf_nXENEGshI9bqd18.roa (raw, json)
Hash identifier:          jvJ9f/eUHMFjQiA1AQT5dKViK2og3agdpUoI7vfMR3k=
Subject key identifier:   BE:65:DD:E8:90:84:E6:47:FF:9D:71:0D:10:6B:21:23:D6:EA:77:5F
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01989E4E8C64B5850C400B9B824FD7923888
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/vmXd6JCE5kf_nXENEGshI9bqd18.roa
Signing time:             Tue 12 Aug 2025 12:43:24 +0000
ROA not before:           Tue 12 Aug 2025 12:43:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        109.111.52.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:32:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:4e:8c:64:b5:85:0c:40:0b:9b:82:4f:d7:92:38:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Aug 12 12:43:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be65dde89084e647ff9d710d106b2123d6ea775f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9f:6f:c2:d7:73:a0:86:d9:88:16:c4:d9:39:
                    45:a8:49:b8:27:cc:45:ae:24:89:65:b5:6e:2a:bf:
                    da:57:d4:dd:fb:bf:79:48:a5:0a:9c:a2:7c:8e:2e:
                    73:77:f6:0d:02:2b:93:23:27:77:11:90:d5:94:35:
                    8d:bd:09:79:5b:7d:ba:45:7b:80:8f:db:3b:b0:20:
                    ac:2f:75:5d:ab:2f:3f:90:50:4b:e2:f3:d4:0d:82:
                    84:66:b4:94:e8:08:9f:93:8f:42:4a:37:b6:7f:04:
                    bf:4e:48:42:64:ea:19:66:a2:e8:16:17:fb:2c:87:
                    f4:ee:4f:bb:5a:97:62:a7:24:5e:b2:e8:36:e2:63:
                    44:34:25:b8:f4:3c:96:4c:34:97:cf:94:36:c9:c1:
                    5e:cc:db:bb:04:2c:51:16:59:75:81:f9:56:3e:2b:
                    91:44:6c:59:4f:d7:8b:ab:e0:ab:ba:e6:b2:bf:08:
                    74:5b:e9:7b:6c:da:45:8f:0c:e8:fd:8a:24:95:a5:
                    be:b1:c3:a2:2d:c5:d2:9e:e6:e8:9d:77:50:b4:c2:
                    3a:1a:3f:8f:97:b7:de:7b:fb:30:e4:53:a0:18:0e:
                    03:86:da:cc:20:17:6b:ec:76:04:4c:80:83:d1:1b:
                    2a:66:75:49:60:52:c7:01:82:4d:7c:d2:67:97:03:
                    90:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:65:DD:E8:90:84:E6:47:FF:9D:71:0D:10:6B:21:23:D6:EA:77:5F
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/vmXd6JCE5kf_nXENEGshI9bqd18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:76:0b:1f:fb:5b:96:7a:8a:0c:8e:6a:64:a8:8c:c3:16:b2:
         3c:b0:a9:2c:88:ad:c5:2b:15:fd:69:8b:7d:15:d0:e6:55:21:
         1f:fa:9b:a6:58:38:d5:85:4f:8d:6c:b6:d6:e5:e8:d1:d5:1c:
         15:91:57:df:af:ad:7d:95:49:fe:2a:b9:4e:f2:ef:d8:28:d8:
         94:80:39:9d:65:e4:81:fe:2f:03:f6:e3:69:94:aa:ba:e3:2b:
         b8:a5:62:6f:ec:f4:f0:3e:09:cd:ed:f3:50:72:b1:ce:83:6a:
         8d:d7:80:ff:55:b5:47:90:a5:20:ba:7f:2e:33:d6:9f:f0:2a:
         e4:49:89:a2:91:b7:b8:df:96:32:35:22:29:95:a7:3f:f5:37:
         be:32:26:11:fe:a7:f5:de:02:8c:07:94:55:39:52:15:37:91:
         b3:81:d1:c5:50:63:68:9f:32:02:f9:fd:0f:cf:13:1e:93:84:
         66:a1:4f:fb:f3:09:7b:a5:b9:39:61:07:4f:ce:fd:2d:63:7b:
         32:9d:43:c5:db:62:9e:32:bf:1a:be:54:78:8b:cb:bb:3d:89:
         08:28:a1:27:bc:17:17:65:d4:a4:b4:b7:48:01:9b:36:aa:5f:
         6b:4b:07:d9:12:4b:00:d1:ba:2d:c0:e2:2b:fe:fc:39:6a:07:
         67:95:48:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZieToxktYUMQAubgk/XkjiIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwODEyMTI0MzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTY1ZGRlODkwODRlNjQ3ZmY5ZDcxMGQxMDZiMjEyM2Q2ZWE3NzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp9vwtdzoIbZiBbE2TlFqEm4J8xF
riSJZbVuKr/aV9Td+795SKUKnKJ8ji5zd/YNAiuTIyd3EZDVlDWNvQl5W326RXuA
j9s7sCCsL3Vdqy8/kFBL4vPUDYKEZrSU6Aifk49CSje2fwS/TkhCZOoZZqLoFhf7
LIf07k+7WpdipyResug24mNENCW49DyWTDSXz5Q2ycFezNu7BCxRFll1gflWPiuR
RGxZT9eLq+Cruuayvwh0W+l7bNpFjwzo/YoklaW+scOiLcXSnubonXdQtMI6Gj+P
l7fee/sw5FOgGA4DhtrMIBdr7HYETICD0RsqZnVJYFLHAYJNfNJnlwOQqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5l3eiQhOZH/51xDRBrISPW6ndfMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvdm1YZDZKQ0U1a2ZfblhFTkVHc2hJOWJxZDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbW80MA0G
CSqGSIb3DQEBCwUAA4IBAQCpdgsf+1uWeooMjmpkqIzDFrI8sKksiK3FKxX9aYt9
FdDmVSEf+pumWDjVhU+NbLbW5ejR1RwVkVffr619lUn+KrlO8u/YKNiUgDmdZeSB
/i8D9uNplKq64yu4pWJv7PTwPgnN7fNQcrHOg2qN14D/VbVHkKUgun8uM9af8Crk
SYmikbe435YyNSIplac/9Te+MiYR/qf13gKMB5RVOVIVN5GzgdHFUGNonzIC+f0P
zxMek4RmoU/78wl7pbk5YQdPzv0tY3synUPF22KeMr8avlR4i8u7PYkIKKEnvBcX
ZdSktLdIAZs2ql9rSwfZEksA0botwOIr/vw5agdnlUgm
-----END CERTIFICATE-----