Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/d525f8-d549-4909-b8c0-ff014900be8a/1/AAfqajz1lcpewMwtlfBl8TsBH6A.roa
File:                     AAfqajz1lcpewMwtlfBl8TsBH6A.roa (raw, json)
Hash identifier:          XdFJhIzEc3SMkZ3YWp110E+4v4+9POUyu2FIYDnnnm4=
Subject key identifier:   00:07:EA:6A:3C:F5:95:CA:5E:C0:CC:2D:95:F0:65:F1:3B:01:1F:A0
Certificate issuer:       /CN=d533b09430b048f0526ef6a937774e7f06203731
Certificate serial:       0199E18473EF908E6E2EC0EDA8024AFC4A33
Authority key identifier: D5:33:B0:94:30:B0:48:F0:52:6E:F6:A9:37:77:4E:7F:06:20:37:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1TOwlDCwSPBSbvapN3dOfwYgNzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/d525f8-d549-4909-b8c0-ff014900be8a/1/AAfqajz1lcpewMwtlfBl8TsBH6A.roa
Signing time:             Tue 14 Oct 2025 06:59:37 +0000
ROA not before:           Tue 14 Oct 2025 06:59:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48610
IP address blocks:        185.135.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/d525f8-d549-4909-b8c0-ff014900be8a/1/1TOwlDCwSPBSbvapN3dOfwYgNzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/d525f8-d549-4909-b8c0-ff014900be8a/1/1TOwlDCwSPBSbvapN3dOfwYgNzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1TOwlDCwSPBSbvapN3dOfwYgNzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e1:84:73:ef:90:8e:6e:2e:c0:ed:a8:02:4a:fc:4a:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d533b09430b048f0526ef6a937774e7f06203731
        Validity
            Not Before: Oct 14 06:59:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0007ea6a3cf595ca5ec0cc2d95f065f13b011fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d2:3f:04:ca:db:0c:74:1c:d1:fc:71:24:ad:
                    f4:c2:96:78:dd:5d:81:b6:0d:08:2e:a4:03:4f:f4:
                    69:43:bd:a0:52:05:01:33:d2:d6:4c:c3:1d:53:d7:
                    d7:1d:19:32:ee:b8:93:62:0d:71:a9:2e:7e:d9:2e:
                    e5:3a:69:43:13:0e:23:d9:d5:52:bd:93:bc:9f:3a:
                    5c:64:c7:71:35:78:b8:86:7f:98:cf:a2:9b:9d:10:
                    3c:e1:4f:79:ce:0b:1e:ac:c0:67:3f:04:aa:10:81:
                    0d:4d:2c:64:de:5c:d5:b8:85:ba:02:da:b0:7b:5a:
                    4f:39:28:1d:d8:85:32:27:69:71:75:aa:ad:60:68:
                    ae:b9:45:7b:32:89:c9:74:84:10:97:07:36:a8:30:
                    56:a6:24:96:53:e1:2f:9e:d1:29:e1:15:db:6d:72:
                    e1:bf:4b:85:7e:d4:bb:6e:ac:bd:dc:c3:1b:62:9c:
                    68:a4:89:7e:63:0c:fe:af:cc:9f:a5:23:4e:b8:25:
                    f4:bf:69:66:d2:61:66:3f:62:7e:15:6d:0e:a1:a5:
                    16:fd:fb:7b:6e:5d:fb:b1:48:cb:12:43:bc:f0:14:
                    ad:8c:24:b7:12:53:0e:b0:32:cc:06:74:a1:f2:5a:
                    7a:a3:fc:f5:e5:b1:02:2d:29:73:42:f1:35:8d:8a:
                    90:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:07:EA:6A:3C:F5:95:CA:5E:C0:CC:2D:95:F0:65:F1:3B:01:1F:A0
            X509v3 Authority Key Identifier:
                keyid:D5:33:B0:94:30:B0:48:F0:52:6E:F6:A9:37:77:4E:7F:06:20:37:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1TOwlDCwSPBSbvapN3dOfwYgNzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/d525f8-d549-4909-b8c0-ff014900be8a/1/AAfqajz1lcpewMwtlfBl8TsBH6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/d525f8-d549-4909-b8c0-ff014900be8a/1/1TOwlDCwSPBSbvapN3dOfwYgNzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:51:ad:18:e7:a8:c0:b9:d6:56:3a:1d:26:05:e8:5e:34:10:
         5c:d0:58:65:0e:9a:f5:f1:32:89:61:85:4c:e8:90:26:ce:a2:
         2f:d0:b5:03:5d:65:9f:da:d1:a8:a1:b5:59:ad:17:ff:17:97:
         7f:78:58:b3:c2:9b:7d:a5:22:c2:cb:70:b2:be:3b:75:3b:59:
         6b:51:8d:05:67:36:21:45:30:67:1a:7c:24:41:b1:4d:49:ff:
         40:d0:6d:66:97:91:a7:78:a2:19:55:28:79:ad:b4:da:d1:e7:
         f5:7d:1a:1d:cd:9b:4b:c1:47:e9:b7:03:94:20:a8:fd:c4:8d:
         95:a1:53:5e:0c:fa:0e:01:50:78:d8:5a:35:be:92:15:65:86:
         a8:ac:27:84:3f:c3:90:55:14:af:ae:29:34:54:b5:10:88:30:
         9b:c4:2a:da:e2:bc:e1:3c:98:29:8c:28:58:9d:68:ce:a8:34:
         a4:29:c5:ee:e2:98:8d:bc:88:58:68:da:fb:eb:19:e7:20:f4:
         ac:60:07:14:1f:d2:1b:0c:e1:0d:45:e4:ce:24:7e:4f:72:ae:
         7e:5d:8d:39:4f:d7:83:12:83:df:a7:07:a2:7d:b1:0b:8d:07:
         10:b8:65:04:11:85:06:18:50:47:45:c1:bf:48:37:24:11:aa:
         84:81:b0:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnhhHPvkI5uLsDtqAJK/EozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MzNiMDk0MzBiMDQ4ZjA1MjZlZjZhOTM3Nzc0ZTdmMDYy
MDM3MzEwHhcNMjUxMDE0MDY1OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA3ZWE2YTNjZjU5NWNhNWVjMGNjMmQ5NWYwNjVmMTNiMDExZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9I/BMrbDHQc0fxxJK30wpZ43V2B
tg0ILqQDT/RpQ72gUgUBM9LWTMMdU9fXHRky7riTYg1xqS5+2S7lOmlDEw4j2dVS
vZO8nzpcZMdxNXi4hn+Yz6KbnRA84U95zgserMBnPwSqEIENTSxk3lzVuIW6Atqw
e1pPOSgd2IUyJ2lxdaqtYGiuuUV7MonJdIQQlwc2qDBWpiSWU+EvntEp4RXbbXLh
v0uFftS7bqy93MMbYpxopIl+Ywz+r8yfpSNOuCX0v2lm0mFmP2J+FW0OoaUW/ft7
bl37sUjLEkO88BStjCS3ElMOsDLMBnSh8lp6o/z15bECLSlzQvE1jYqQpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAH6mo89ZXKXsDMLZXwZfE7AR+gMB8GA1UdIwQY
MBaAFNUzsJQwsEjwUm72qTd3Tn8GIDcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVRPd2xEQ3dTUEJTYnZhcE4zZE9md1lnTnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9kNTI1ZjgtZDU0OS00OTA5LWI4YzAt
ZmYwMTQ5MDBiZThhLzEvQUFmcWFqejFsY3Bld013dGxmQmw4VHNCSDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9kNTI1ZjgtZDU0OS00OTA5LWI4YzAtZmYwMTQ5MDBiZThh
LzEvMVRPd2xEQ3dTUEJTYnZhcE4zZE9md1lnTnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYcsMA0G
CSqGSIb3DQEBCwUAA4IBAQAlUa0Y56jAudZWOh0mBeheNBBc0FhlDpr18TKJYYVM
6JAmzqIv0LUDXWWf2tGoobVZrRf/F5d/eFizwpt9pSLCy3Cyvjt1O1lrUY0FZzYh
RTBnGnwkQbFNSf9A0G1ml5GneKIZVSh5rbTa0ef1fRodzZtLwUfptwOUIKj9xI2V
oVNeDPoOAVB42Fo1vpIVZYaorCeEP8OQVRSvrik0VLUQiDCbxCra4rzhPJgpjChY
nWjOqDSkKcXu4piNvIhYaNr76xnnIPSsYAcUH9IbDOENReTOJH5Pcq5+XY05T9eD
EoPfpweifbELjQcQuGUEEYUGGFBHRcG/SDckEaqEgbDp
-----END CERTIFICATE-----