Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/_ye3EIHciuigbBOa_c27TQGdyAc.roa
File:                     _ye3EIHciuigbBOa_c27TQGdyAc.roa (raw, json)
Hash identifier:          eij8Q9Zfs/J3DUaqQIBD9kA69dYeDfoaHoC+Pd+t0gU=
Subject key identifier:   FF:27:B7:10:81:DC:8A:E8:A0:6C:13:9A:FD:CD:BB:4D:01:9D:C8:07
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0199CE174F678DBCF93505EC2E1A60B511D9
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/_ye3EIHciuigbBOa_c27TQGdyAc.roa
Signing time:             Fri 10 Oct 2025 12:27:38 +0000
ROA not before:           Fri 10 Oct 2025 12:27:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204917
IP address blocks:        109.248.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:17:4f:67:8d:bc:f9:35:05:ec:2e:1a:60:b5:11:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Oct 10 12:27:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff27b71081dc8ae8a06c139afdcdbb4d019dc807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:00:6f:25:d5:3b:4e:86:d3:f8:4c:77:51:38:
                    4e:9c:65:93:93:79:83:ff:2d:ca:06:93:4a:dd:73:
                    fd:fa:b5:e3:61:d2:ab:7b:39:0c:e2:d0:43:d3:d4:
                    9f:ae:fb:8e:ad:ba:91:6f:30:d4:5e:6b:76:fa:43:
                    0c:1d:f2:1f:9c:0e:a8:81:bf:4f:14:d1:60:b7:e0:
                    00:f9:b8:62:d2:1d:e6:c1:3d:ba:51:b8:ca:28:49:
                    d0:73:96:09:29:38:95:2a:ff:fc:ac:76:41:fb:c4:
                    ea:1a:ac:a7:e0:1e:04:87:b3:dd:31:89:1e:f2:26:
                    1f:28:69:0c:6c:31:04:ea:aa:c3:30:0d:4f:00:93:
                    0e:a8:84:aa:a1:91:ce:4d:05:45:96:1d:0d:31:0e:
                    1f:86:1f:c0:01:08:04:be:2d:40:3a:db:ba:a5:d7:
                    da:9f:03:01:be:39:2c:51:5b:76:54:64:28:94:6a:
                    73:0b:71:4f:f3:51:fa:4c:d6:08:af:68:df:b1:81:
                    f2:6a:ba:08:ad:3f:3c:b8:31:46:c2:39:b8:91:98:
                    3a:ab:2e:f9:d3:87:6b:6d:f0:e0:b4:b8:86:9a:fe:
                    b5:3d:6c:09:7c:0a:d8:c6:83:45:77:77:ac:a6:89:
                    44:59:be:4d:6e:35:81:fd:de:66:64:ad:5b:df:cd:
                    45:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:27:B7:10:81:DC:8A:E8:A0:6C:13:9A:FD:CD:BB:4D:01:9D:C8:07
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/_ye3EIHciuigbBOa_c27TQGdyAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:88:27:4b:33:81:01:76:0f:8a:91:59:9e:b7:0c:44:85:1e:
         a7:88:3a:49:27:d0:3d:19:ac:5a:19:b1:7a:66:8e:b4:b8:be:
         15:38:48:2d:c2:80:a1:04:66:71:34:3f:bb:28:8f:4f:b0:10:
         12:61:e6:48:01:4f:bd:4a:ef:05:fe:11:fe:cc:09:43:ea:ea:
         d1:67:66:c5:61:31:a7:bc:41:fb:21:49:50:08:51:65:7c:12:
         41:cd:d3:14:98:c1:ae:65:88:35:a1:5c:2b:c0:59:67:05:32:
         fd:49:8b:78:e0:7d:78:ae:33:8e:7a:fe:d0:54:00:d1:d0:7e:
         bb:57:20:2a:ad:a9:ae:1b:1b:7f:10:f7:9c:bf:68:8b:6b:18:
         a7:27:f8:94:1a:c9:e7:14:15:63:ea:bb:57:94:5b:e3:a6:9a:
         6a:dd:1c:df:bc:a8:2e:52:ec:cb:61:3c:67:91:a9:27:38:80:
         4a:94:38:4b:66:24:59:c7:d0:f7:32:ec:e6:7c:3c:bf:eb:6a:
         f2:42:ef:ec:99:09:1b:f7:76:80:bb:2a:7a:17:b8:b7:14:3c:
         31:31:00:95:30:b4:fa:e1:05:73:39:33:ef:61:30:9d:00:e5:
         47:c5:f8:cd:3b:da:fd:b2:e0:4d:34:c2:f0:74:c4:e1:f2:32:
         00:3e:bb:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOF09njbz5NQXsLhpgtRHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUxMDEwMTIyNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjI3YjcxMDgxZGM4YWU4YTA2YzEzOWFmZGNkYmI0ZDAxOWRjODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwBvJdU7TobT+Ex3UThOnGWTk3mD
/y3KBpNK3XP9+rXjYdKrezkM4tBD09SfrvuOrbqRbzDUXmt2+kMMHfIfnA6ogb9P
FNFgt+AA+bhi0h3mwT26UbjKKEnQc5YJKTiVKv/8rHZB+8TqGqyn4B4Eh7PdMYke
8iYfKGkMbDEE6qrDMA1PAJMOqISqoZHOTQVFlh0NMQ4fhh/AAQgEvi1AOtu6pdfa
nwMBvjksUVt2VGQolGpzC3FP81H6TNYIr2jfsYHyaroIrT88uDFGwjm4kZg6qy75
04drbfDgtLiGmv61PWwJfArYxoNFd3espolEWb5NbjWB/d5mZK1b381F2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8ntxCB3IrooGwTmv3Nu00BncgHMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvX3llM0VJSGNpdWlnYkJPYV9jMjdUUUdkeUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfj1MA0G
CSqGSIb3DQEBCwUAA4IBAQCyiCdLM4EBdg+KkVmetwxEhR6niDpJJ9A9GaxaGbF6
Zo60uL4VOEgtwoChBGZxND+7KI9PsBASYeZIAU+9Su8F/hH+zAlD6urRZ2bFYTGn
vEH7IUlQCFFlfBJBzdMUmMGuZYg1oVwrwFlnBTL9SYt44H14rjOOev7QVADR0H67
VyAqramuGxt/EPecv2iLaxinJ/iUGsnnFBVj6rtXlFvjpppq3RzfvKguUuzLYTxn
kaknOIBKlDhLZiRZx9D3MuzmfDy/62ryQu/smQkb93aAuyp6F7i3FDwxMQCVMLT6
4QVzOTPvYTCdAOVHxfjNO9r9suBNNMLwdMTh8jIAPrtD
-----END CERTIFICATE-----