Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/dNq1dUWXo15xfK5j2ALgaL9-X9M.roa
File:                     dNq1dUWXo15xfK5j2ALgaL9-X9M.roa (raw, json)
Hash identifier:          mGCrS09whic27p0ypY0pInzSeZzWepSv0K6RiezO+4c=
Subject key identifier:   74:DA:B5:75:45:97:A3:5E:71:7C:AE:63:D8:02:E0:68:BF:7E:5F:D3
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0197A72C30121EDE33B92EF512DC6EB2C64B
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/dNq1dUWXo15xfK5j2ALgaL9-X9M.roa
Signing time:             Wed 25 Jun 2025 12:59:40 +0000
ROA not before:           Wed 25 Jun 2025 12:59:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        109.122.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 03:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a7:2c:30:12:1e:de:33:b9:2e:f5:12:dc:6e:b2:c6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jun 25 12:59:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74dab5754597a35e717cae63d802e068bf7e5fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f9:17:cd:c3:79:46:88:c4:35:91:27:b9:7b:
                    38:c0:c3:cf:1c:f8:4e:43:98:99:cf:7e:a6:a4:0a:
                    e8:35:e0:50:c7:85:dc:ad:0c:01:c5:48:c2:49:85:
                    2d:af:de:d7:55:e1:c9:a3:03:d1:17:61:07:01:9a:
                    b2:c0:17:40:39:13:ae:21:95:a2:a0:c0:35:93:fd:
                    5a:4d:37:d8:ac:d1:3b:7b:b3:ba:c7:96:91:ca:0e:
                    fb:b6:8d:92:4a:98:78:5f:87:3c:f0:1d:a0:ba:c4:
                    f1:44:f9:a2:21:cc:27:0a:b0:10:ad:43:e6:d0:90:
                    2d:57:57:36:6a:98:07:be:36:12:43:be:1b:fb:04:
                    63:d2:f9:0b:cc:31:21:bc:e4:a0:d6:2f:02:61:f8:
                    30:8d:38:3d:05:2a:bd:87:cc:2f:f4:f7:a5:a2:38:
                    d1:ef:a8:67:37:d4:06:30:f9:ed:24:bb:70:f5:fe:
                    db:d6:e7:01:e0:99:b7:61:f6:2d:55:7f:f0:79:ec:
                    0b:1c:bc:07:c4:db:4c:72:37:74:d0:89:4c:15:3a:
                    6f:56:91:89:21:a7:82:9d:60:3b:47:4c:57:1f:5a:
                    3e:be:bc:2b:f8:83:ee:aa:13:7e:50:06:c2:41:28:
                    a5:29:87:6d:9e:5d:22:4f:8b:b4:e1:1e:3c:e9:d5:
                    0b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:DA:B5:75:45:97:A3:5E:71:7C:AE:63:D8:02:E0:68:BF:7E:5F:D3
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/dNq1dUWXo15xfK5j2ALgaL9-X9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:b1:4f:1f:1e:ef:e3:b7:aa:a0:c9:f5:df:f5:fa:83:e0:4a:
         ab:d9:40:64:7e:e2:a7:c4:cf:a9:3d:c0:8e:4d:18:b1:04:9a:
         f7:5b:4d:81:7f:ee:7a:20:92:fd:2c:fa:bf:e1:44:4d:7b:0b:
         c0:e3:28:5d:1c:23:92:52:bf:39:83:3b:1c:0c:1a:58:e2:d1:
         4f:c6:a2:59:63:2b:42:35:c3:25:f6:51:2a:e1:97:f6:43:58:
         4d:10:8f:9c:7d:c2:c2:02:9b:27:bf:6b:dd:5d:71:05:1f:55:
         c1:5e:bd:82:e3:01:3b:7f:a6:05:29:a6:09:e6:83:15:1f:a4:
         47:df:1d:69:27:4d:09:bc:20:a0:97:16:4c:de:2a:af:e5:00:
         6b:b0:c5:a6:d1:ee:8f:b1:4c:42:91:22:f5:ce:0e:b4:e3:8e:
         f4:5d:7c:74:5f:01:21:ba:d2:86:11:9f:f1:2e:b0:16:5f:94:
         ab:ff:43:56:b6:f9:e5:33:d4:f6:90:cc:ff:c0:a1:15:1a:37:
         87:b3:d7:31:c3:28:07:ba:04:29:34:e0:99:63:92:7f:65:8c:
         cd:42:dc:2f:83:33:bd:a8:f0:01:0a:04:33:0e:ce:d4:46:c4:
         4a:b1:c0:3f:fe:7b:20:c6:6b:b0:ff:35:76:b8:58:ce:45:ee:
         6c:6b:d1:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZenLDASHt4zuS71EtxussZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNjI1MTI1OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGRhYjU3NTQ1OTdhMzVlNzE3Y2FlNjNkODAyZTA2OGJmN2U1ZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPkXzcN5RojENZEnuXs4wMPPHPhO
Q5iZz36mpAroNeBQx4XcrQwBxUjCSYUtr97XVeHJowPRF2EHAZqywBdAOROuIZWi
oMA1k/1aTTfYrNE7e7O6x5aRyg77to2SSph4X4c88B2gusTxRPmiIcwnCrAQrUPm
0JAtV1c2apgHvjYSQ74b+wRj0vkLzDEhvOSg1i8CYfgwjTg9BSq9h8wv9PelojjR
76hnN9QGMPntJLtw9f7b1ucB4Jm3YfYtVX/weewLHLwHxNtMcjd00IlMFTpvVpGJ
IaeCnWA7R0xXH1o+vrwr+IPuqhN+UAbCQSilKYdtnl0iT4u04R486dULlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTatXVFl6NecXyuY9gC4Gi/fl/TMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvZE5xMWRVV1hvMTV4Zks1ajJBTGdhTDktWDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXr9MA0G
CSqGSIb3DQEBCwUAA4IBAQCxsU8fHu/jt6qgyfXf9fqD4Eqr2UBkfuKnxM+pPcCO
TRixBJr3W02Bf+56IJL9LPq/4URNewvA4yhdHCOSUr85gzscDBpY4tFPxqJZYytC
NcMl9lEq4Zf2Q1hNEI+cfcLCApsnv2vdXXEFH1XBXr2C4wE7f6YFKaYJ5oMVH6RH
3x1pJ00JvCCglxZM3iqv5QBrsMWm0e6PsUxCkSL1zg604470XXx0XwEhutKGEZ/x
LrAWX5Sr/0NWtvnlM9T2kMz/wKEVGjeHs9cxwygHugQpNOCZY5J/ZYzNQtwvgzO9
qPABCgQzDs7URsRKscA//nsgxmuw/zV2uFjORe5sa9GK
-----END CERTIFICATE-----