Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/sDqZRTbZvAQQTn6KJoc_Vm9WzY4.roa
File:                     sDqZRTbZvAQQTn6KJoc_Vm9WzY4.roa (raw, json)
Hash identifier:          iL19VOkv+2+1Ma+y58+a49a0z0arTyOufs85rap+38w=
Subject key identifier:   B0:3A:99:45:36:D9:BC:04:10:4E:7E:8A:26:87:3F:56:6F:56:CD:8E
Certificate issuer:       /CN=1faacab8e456bb291979a7357a7024f00bebaaf5
Certificate serial:       0199F6CDFF7D0F190FBF10941B509603585B
Authority key identifier: 1F:AA:CA:B8:E4:56:BB:29:19:79:A7:35:7A:70:24:F0:0B:EB:AA:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H6rKuORWuykZeac1enAk8AvrqvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/sDqZRTbZvAQQTn6KJoc_Vm9WzY4.roa
Signing time:             Sat 18 Oct 2025 10:11:59 +0000
ROA not before:           Sat 18 Oct 2025 10:11:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216357
IP address blocks:        66.33.37.0/24 maxlen: 24
                          194.117.85.0/24 maxlen: 24
                          2a14:3b41::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/H6rKuORWuykZeac1enAk8AvrqvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/H6rKuORWuykZeac1enAk8AvrqvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H6rKuORWuykZeac1enAk8AvrqvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f6:cd:ff:7d:0f:19:0f:bf:10:94:1b:50:96:03:58:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1faacab8e456bb291979a7357a7024f00bebaaf5
        Validity
            Not Before: Oct 18 10:11:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b03a994536d9bc04104e7e8a26873f566f56cd8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:39:e0:1a:42:ab:e0:e1:56:14:ca:82:5b:a3:
                    0c:3e:57:ff:d5:96:d7:c9:72:b1:ac:a7:50:04:57:
                    9f:9b:3b:9c:3f:48:ca:ad:f2:dd:68:e5:b1:08:8d:
                    7b:da:eb:0d:1e:c2:d2:f3:e5:dc:dc:6b:9c:c7:5a:
                    26:f2:09:fe:7c:0e:e0:6e:24:65:be:23:d0:4f:bd:
                    d6:c7:97:73:8f:0b:6a:22:ae:a0:11:59:b1:71:55:
                    ee:e0:68:a5:1d:fb:aa:14:2a:ab:31:05:07:b2:21:
                    08:1c:3c:84:19:47:83:16:e9:11:33:23:07:90:36:
                    ca:4e:c9:3b:72:1f:91:22:8e:4d:82:60:f2:a4:2c:
                    81:11:13:18:0d:c4:bb:5d:0b:9a:63:a0:c6:9b:a0:
                    6c:51:70:11:a9:b7:4a:e8:bc:24:06:13:09:6c:c6:
                    e0:cb:f3:65:e5:8f:79:ee:d1:a8:70:1f:48:72:3a:
                    99:c3:3e:6c:5b:55:1a:2a:97:14:40:38:c3:1f:e6:
                    d8:3d:35:57:1e:b8:c9:cf:cb:35:a9:48:9e:8a:23:
                    b9:8b:e2:2d:20:ee:c3:ee:f3:7f:ad:46:19:b9:62:
                    52:06:a8:4a:03:39:5b:68:e7:9c:7a:b1:04:e1:12:
                    e8:d9:94:6d:aa:69:45:3f:d9:8d:94:2f:f6:fa:ff:
                    90:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:3A:99:45:36:D9:BC:04:10:4E:7E:8A:26:87:3F:56:6F:56:CD:8E
            X509v3 Authority Key Identifier:
                keyid:1F:AA:CA:B8:E4:56:BB:29:19:79:A7:35:7A:70:24:F0:0B:EB:AA:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H6rKuORWuykZeac1enAk8AvrqvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/sDqZRTbZvAQQTn6KJoc_Vm9WzY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/H6rKuORWuykZeac1enAk8AvrqvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.33.37.0/24
                  194.117.85.0/24
                IPv6:
                  2a14:3b41::/36

    Signature Algorithm: sha256WithRSAEncryption
         82:72:11:2a:e0:18:73:68:3f:04:ad:50:28:ce:65:f2:f9:83:
         12:75:b2:88:46:d6:7d:38:a5:cc:bb:76:fd:e4:6f:ee:fe:c0:
         d2:94:45:b0:a2:4c:74:3c:2e:f1:eb:02:eb:f8:d4:08:90:ba:
         e1:13:d0:22:ae:69:c3:24:13:5a:3a:78:07:f7:19:da:05:5a:
         89:dc:53:85:f7:6e:84:a0:dd:26:9e:f9:dd:c7:82:ab:ff:c6:
         1b:44:9a:fb:be:ad:fc:e0:43:8d:7b:39:71:9d:51:8f:0e:fa:
         f7:1e:f6:37:d9:e4:e0:08:36:9c:e6:80:f6:f6:14:7e:a3:ee:
         26:29:15:8f:36:8b:fd:96:fd:5e:d6:06:a6:48:f4:52:93:6b:
         e2:7b:32:ee:7e:84:bd:8e:72:b0:18:ef:56:2c:72:db:51:2a:
         78:c2:93:23:c2:31:f8:60:50:f9:69:cd:13:48:25:8f:d4:64:
         6d:81:a5:e7:4f:b3:1a:be:46:3b:e3:41:29:0a:2d:96:23:d9:
         f2:db:b9:23:e4:3b:3b:d0:e7:e1:ee:aa:e6:5d:a7:48:11:40:
         b8:f5:4f:99:ee:d2:95:05:43:9c:11:61:63:35:31:a5:cc:48:
         80:7f:84:3e:4d:66:1f:32:cd:de:98:d8:45:4c:9d:5a:4d:dd:
         a9:37:42:72
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZn2zf99DxkPvxCUG1CWA1hbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYWFjYWI4ZTQ1NmJiMjkxOTc5YTczNTdhNzAyNGYwMGJl
YmFhZjUwHhcNMjUxMDE4MTAxMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDNhOTk0NTM2ZDliYzA0MTA0ZTdlOGEyNjg3M2Y1NjZmNTZjZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjngGkKr4OFWFMqCW6MMPlf/1ZbX
yXKxrKdQBFefmzucP0jKrfLdaOWxCI172usNHsLS8+Xc3Gucx1om8gn+fA7gbiRl
viPQT73Wx5dzjwtqIq6gEVmxcVXu4GilHfuqFCqrMQUHsiEIHDyEGUeDFukRMyMH
kDbKTsk7ch+RIo5NgmDypCyBERMYDcS7XQuaY6DGm6BsUXARqbdK6LwkBhMJbMbg
y/Nl5Y957tGocB9IcjqZwz5sW1UaKpcUQDjDH+bYPTVXHrjJz8s1qUieiiO5i+It
IO7D7vN/rUYZuWJSBqhKAzlbaOecerEE4RLo2ZRtqmlFP9mNlC/2+v+QQwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFLA6mUU22bwEEE5+iiaHP1ZvVs2OMB8GA1UdIwQY
MBaAFB+qyrjkVrspGXmnNXpwJPAL66r1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDZyS3VPUld1eWtaZWFjMWVuQWs4QXZycXZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My81MDFmZDMtYThjZC00ZTJkLTlkMzIt
MmZiNzJhMGFlZjZkLzEvc0RxWlJUYlp2QVFRVG42S0pvY19WbTlXelk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My81MDFmZDMtYThjZC00ZTJkLTlkMzItMmZiNzJhMGFlZjZk
LzEvSDZyS3VPUld1eWtaZWFjMWVuQWs4QXZycXZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAQiElAwQA
wnVVMA4EAgACMAgDBgQqFDtBADANBgkqhkiG9w0BAQsFAAOCAQEAgnIRKuAYc2g/
BK1QKM5l8vmDEnWyiEbWfTilzLt2/eRv7v7A0pRFsKJMdDwu8esC6/jUCJC64RPQ
Iq5pwyQTWjp4B/cZ2gVaidxThfduhKDdJp753ceCq//GG0Sa+76t/OBDjXs5cZ1R
jw769x72N9nk4Ag2nOaA9vYUfqPuJikVjzaL/Zb9XtYGpkj0UpNr4nsy7n6EvY5y
sBjvVixy21EqeMKTI8Ix+GBQ+WnNE0glj9RkbYGl50+zGr5GO+NBKQotliPZ8tu5
I+Q7O9Dn4e6q5l2nSBFAuPVPme7SlQVDnBFhYzUxpcxIgH+EPk1mHzLN3pjYRUyd
Wk3dqTdCcg==
-----END CERTIFICATE-----