Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/1-tgzUJZoQ8k9qJvCTHao9N-dDTc.roa
File:                     1-tgzUJZoQ8k9qJvCTHao9N-dDTc.roa (raw, json)
Hash identifier:          ypcaVWXpZE0yxJmFZqPm5HUerJnW6NHkDTmFHd+p52w=
Subject key identifier:   FA:D8:33:50:96:68:43:C9:3D:A8:9B:C2:4C:76:A8:F4:DF:9D:0D:37
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0197BB867D328DEE5A3E8A4D375E9D952AF5
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/1-tgzUJZoQ8k9qJvCTHao9N-dDTc.roa
Signing time:             Sun 29 Jun 2025 11:50:42 +0000
ROA not before:           Sun 29 Jun 2025 11:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48011
IP address blocks:        109.122.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bb:86:7d:32:8d:ee:5a:3e:8a:4d:37:5e:9d:95:2a:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jun 29 11:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fad83350966843c93da89bc24c76a8f4df9d0d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ae:75:d0:79:b0:eb:f0:73:0a:af:04:2b:35:
                    e8:24:ac:c5:fb:2b:1c:28:0c:22:f5:b2:75:e4:38:
                    f0:9e:17:df:8d:77:d6:a0:96:3a:5e:89:a0:7d:86:
                    bd:69:01:60:71:25:79:e8:4e:cd:57:05:7f:e6:9e:
                    a1:a5:20:4d:db:1f:ee:e1:86:6d:31:9a:6b:b9:34:
                    7a:fd:35:a3:9c:2c:1c:86:e3:89:9a:4d:3a:5b:87:
                    99:ff:53:55:b7:3c:97:c0:ad:a4:9d:63:7e:dd:af:
                    16:e7:fd:34:e9:0b:b2:0d:fa:09:9a:8b:62:58:eb:
                    8b:68:99:f9:a9:fa:58:62:84:c0:f3:27:5b:e1:8e:
                    f4:6b:d7:e4:84:28:10:c4:e4:45:96:c4:c5:80:f7:
                    3b:59:84:5a:a9:a3:4b:cc:bc:4d:65:73:45:31:4b:
                    9f:d6:c6:1c:52:df:36:61:b0:95:f2:c0:d7:8b:b7:
                    0a:6f:52:2a:42:0a:3a:c0:58:c9:68:bd:53:35:12:
                    ab:59:35:2e:04:18:0a:1d:3c:33:c8:2f:b2:98:32:
                    d2:6e:f4:17:5c:20:e2:89:98:1e:5b:a6:12:a0:1e:
                    c2:e7:1a:d9:70:9b:73:d4:48:dd:f3:8a:2e:48:49:
                    e9:57:03:23:c2:36:88:b5:6d:91:23:d6:f5:58:e6:
                    23:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:D8:33:50:96:68:43:C9:3D:A8:9B:C2:4C:76:A8:F4:DF:9D:0D:37
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/1-tgzUJZoQ8k9qJvCTHao9N-dDTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:d6:fb:9e:52:9e:8b:89:c1:51:c4:0a:f8:bd:0c:96:d3:94:
         7f:6f:fb:cd:f5:41:03:25:52:cd:7e:09:27:df:f3:45:0c:c3:
         9e:14:5a:b4:db:40:0f:47:1f:24:18:6a:2b:d9:1e:e5:96:1f:
         35:d6:02:5a:17:67:ae:35:57:b1:b7:93:6f:dd:55:39:41:a0:
         11:0e:cc:44:ed:de:0e:89:d2:46:e1:b5:d0:fa:92:bd:f0:91:
         84:82:ca:60:0f:6e:40:b6:a6:70:c8:6d:67:71:52:c6:c0:6f:
         d1:1b:88:a1:a3:fc:66:23:41:a6:b0:ef:58:1e:5c:10:b4:89:
         a5:c3:31:90:e1:6d:02:65:98:ad:83:bf:30:7c:98:13:1a:65:
         a3:37:38:10:ce:26:85:1a:07:8a:cc:2f:b9:9b:5f:ef:11:d3:
         c8:82:56:c7:91:46:a0:35:1b:d9:d6:09:f8:49:6a:66:10:b8:
         6e:7a:91:ff:fd:3b:ee:75:e0:aa:3a:bb:46:d9:aa:a3:d9:62:
         c0:58:ca:cb:d8:b2:42:33:72:4d:4d:eb:56:62:65:25:58:e2:
         65:d2:2d:24:58:30:3d:10:9a:e8:91:fd:22:ae:4d:e7:77:bf:
         db:34:81:da:7c:ba:4b:14:62:a4:94:a4:8d:cb:32:c7:4c:32:
         44:0b:4f:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZe7hn0yje5aPopNN16dlSr1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNjI5MTE1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWQ4MzM1MDk2Njg0M2M5M2RhODliYzI0Yzc2YThmNGRmOWQwZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK510Hmw6/BzCq8EKzXoJKzF+ysc
KAwi9bJ15DjwnhffjXfWoJY6XomgfYa9aQFgcSV56E7NVwV/5p6hpSBN2x/u4YZt
MZpruTR6/TWjnCwchuOJmk06W4eZ/1NVtzyXwK2knWN+3a8W5/006QuyDfoJmoti
WOuLaJn5qfpYYoTA8ydb4Y70a9fkhCgQxORFlsTFgPc7WYRaqaNLzLxNZXNFMUuf
1sYcUt82YbCV8sDXi7cKb1IqQgo6wFjJaL1TNRKrWTUuBBgKHTwzyC+ymDLSbvQX
XCDiiZgeW6YSoB7C5xrZcJtz1Ejd84ouSEnpVwMjwjaItW2RI9b1WOYj/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrYM1CWaEPJPaibwkx2qPTfnQ03MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvMS10Z3pVSlpvUThrOXFKdkNUSGFvOU4tZERUYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTIvYzk2MWEwLTRmNTMtNDIyYS1iN2RkLTNkZmE1MTBkNmIx
Ni8xL2JkczRzMFBhTFJHVENlMnFHY2VuaUhBeWZyNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG16/DAN
BgkqhkiG9w0BAQsFAAOCAQEAINb7nlKei4nBUcQK+L0MltOUf2/7zfVBAyVSzX4J
J9/zRQzDnhRatNtAD0cfJBhqK9ke5ZYfNdYCWhdnrjVXsbeTb91VOUGgEQ7MRO3e
DonSRuG10PqSvfCRhILKYA9uQLamcMhtZ3FSxsBv0RuIoaP8ZiNBprDvWB5cELSJ
pcMxkOFtAmWYrYO/MHyYExplozc4EM4mhRoHiswvuZtf7xHTyIJWx5FGoDUb2dYJ
+ElqZhC4bnqR//077nXgqjq7Rtmqo9liwFjKy9iyQjNyTU3rVmJlJVjiZdItJFgw
PRCa6JH9Iq5N53e/2zSB2ny6SxRipJSkjcsyx0wyRAtP4g==
-----END CERTIFICATE-----