Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/urOt64IcWjkGwHZxkqOCPUOEjR4.roa
File:                     urOt64IcWjkGwHZxkqOCPUOEjR4.roa (raw, json)
Hash identifier:          Rkv7UWJXHLiOXNWaX5iz/7GalanqXJANSGjIZFx+Xgc=
Subject key identifier:   BA:B3:AD:EB:82:1C:5A:39:06:C0:76:71:92:A3:82:3D:43:84:8D:1E
Certificate issuer:       /CN=2d81421acb578415465ecdec4581e895ebbfbc7f
Certificate serial:       01989942BEFA1F432C1302742793291C3097
Authority key identifier: 2D:81:42:1A:CB:57:84:15:46:5E:CD:EC:45:81:E8:95:EB:BF:BC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LYFCGstXhBVGXs3sRYHoleu_vH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/urOt64IcWjkGwHZxkqOCPUOEjR4.roa
Signing time:             Mon 11 Aug 2025 13:12:24 +0000
ROA not before:           Mon 11 Aug 2025 13:12:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215566
IP address blocks:        109.175.218.0/24 maxlen: 24
                          109.175.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/LYFCGstXhBVGXs3sRYHoleu_vH8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/LYFCGstXhBVGXs3sRYHoleu_vH8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LYFCGstXhBVGXs3sRYHoleu_vH8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:99:42:be:fa:1f:43:2c:13:02:74:27:93:29:1c:30:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d81421acb578415465ecdec4581e895ebbfbc7f
        Validity
            Not Before: Aug 11 13:12:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bab3adeb821c5a3906c0767192a3823d43848d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:22:a6:24:3c:5a:5c:3d:04:df:5d:ad:33:82:
                    3b:28:84:e5:6b:f3:d3:fd:e0:19:56:55:d5:cd:cd:
                    97:5d:36:9a:0c:45:7c:ab:dd:44:ce:30:84:6a:a8:
                    18:d6:f7:28:85:2c:6d:ea:13:ef:67:3e:30:1a:3a:
                    2b:60:e1:0d:8c:ca:1f:0f:b5:be:9f:f0:8c:6f:64:
                    0b:20:10:20:97:5f:b5:fe:6e:15:68:87:2b:32:36:
                    f0:a2:08:c5:5a:55:eb:6c:e6:47:2e:d0:e7:7d:45:
                    3b:5f:fc:4f:bd:13:46:be:7d:fa:41:90:a9:74:90:
                    8b:a7:0b:f3:71:0a:05:02:b0:02:e5:ce:c8:e6:90:
                    fe:4d:4b:6f:17:8d:84:3f:a8:e7:b4:8f:77:ad:00:
                    95:ab:0e:a0:85:16:bf:0f:65:e7:0a:32:db:09:00:
                    6b:76:1b:93:04:65:ec:ff:08:23:bf:76:3d:31:de:
                    dd:f2:cc:af:1d:e3:25:89:5e:ea:99:86:6e:92:46:
                    44:90:38:bb:a6:8e:9e:c9:12:07:da:52:df:5c:02:
                    48:04:a5:92:73:53:24:f2:1b:21:a9:6e:7f:0e:ad:
                    0f:a7:f1:fc:d7:78:94:cb:2b:4a:5a:ea:e9:db:9c:
                    1d:09:54:2d:5e:ec:aa:6b:d8:55:11:03:26:fe:0c:
                    7d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B3:AD:EB:82:1C:5A:39:06:C0:76:71:92:A3:82:3D:43:84:8D:1E
            X509v3 Authority Key Identifier:
                keyid:2D:81:42:1A:CB:57:84:15:46:5E:CD:EC:45:81:E8:95:EB:BF:BC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LYFCGstXhBVGXs3sRYHoleu_vH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/urOt64IcWjkGwHZxkqOCPUOEjR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3b1d5a-fcc6-4ae3-a2c8-984eec3f7a3e/1/LYFCGstXhBVGXs3sRYHoleu_vH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.175.218.0/24
                  109.175.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:e5:34:74:1c:e1:19:12:21:eb:5a:dd:28:e4:7e:2c:41:d3:
         4b:3e:f5:bf:da:97:3d:e9:57:00:24:d4:8f:ce:8e:2f:42:ca:
         1e:fd:ac:10:3b:a1:de:8c:ea:89:d2:da:66:5e:63:91:41:a4:
         6f:40:8e:95:04:c7:74:27:bc:3a:18:c2:3a:90:d1:b9:29:c7:
         bd:d3:e5:89:f5:30:61:35:71:95:2f:1c:7e:fc:41:08:f6:67:
         48:c5:dd:81:f6:e3:ab:72:f1:85:3f:db:54:e9:77:56:6c:d3:
         09:51:d3:7b:5a:75:fc:35:a3:97:34:a8:46:37:0b:6a:07:4c:
         b3:3b:d3:e4:8e:f3:eb:4b:7f:ce:bb:1b:70:2c:53:a9:c3:77:
         ab:34:b4:e9:2d:a3:a7:fe:8b:00:9a:95:0b:d5:5d:06:db:66:
         94:78:f7:a1:c5:d8:c8:72:bc:3d:2d:c5:16:b8:2d:f8:f9:36:
         68:47:7b:86:83:be:36:b7:d4:80:79:93:9f:7f:3c:5c:a1:97:
         1e:9d:b1:62:86:8b:cc:4c:a5:12:98:08:7f:47:3e:00:38:3e:
         54:99:59:85:4e:af:12:14:0c:e5:5b:a8:82:bc:62:7c:6f:d3:
         f9:62:83:49:cd:64:5a:a0:68:7c:f9:fc:e7:29:e4:d6:47:e9:
         e7:7f:97:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiZQr76H0MsEwJ0J5MpHDCXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkODE0MjFhY2I1Nzg0MTU0NjVlY2RlYzQ1ODFlODk1ZWJi
ZmJjN2YwHhcNMjUwODExMTMxMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWIzYWRlYjgyMWM1YTM5MDZjMDc2NzE5MmEzODIzZDQzODQ4ZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCKmJDxaXD0E312tM4I7KITla/PT
/eAZVlXVzc2XXTaaDEV8q91EzjCEaqgY1vcohSxt6hPvZz4wGjorYOENjMofD7W+
n/CMb2QLIBAgl1+1/m4VaIcrMjbwogjFWlXrbOZHLtDnfUU7X/xPvRNGvn36QZCp
dJCLpwvzcQoFArAC5c7I5pD+TUtvF42EP6jntI93rQCVqw6ghRa/D2XnCjLbCQBr
dhuTBGXs/wgjv3Y9Md7d8syvHeMliV7qmYZukkZEkDi7po6eyRIH2lLfXAJIBKWS
c1Mk8hshqW5/Dq0Pp/H813iUyytKWurp25wdCVQtXuyqa9hVEQMm/gx9twIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLqzreuCHFo5BsB2cZKjgj1DhI0eMB8GA1UdIwQY
MBaAFC2BQhrLV4QVRl7N7EWB6JXrv7x/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFlGQ0dzdFhoQlZHWHMzc1JZSG9sZXVfdkg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zYjFkNWEtZmNjNi00YWUzLWEyYzgt
OTg0ZWVjM2Y3YTNlLzEvdXJPdDY0SWNXamtHd0haeGtxT0NQVU9FalI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zYjFkNWEtZmNjNi00YWUzLWEyYzgtOTg0ZWVjM2Y3YTNl
LzEvTFlGQ0dzdFhoQlZHWHMzc1JZSG9sZXVfdkg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAba/aAwQA
ba/eMA0GCSqGSIb3DQEBCwUAA4IBAQAd5TR0HOEZEiHrWt0o5H4sQdNLPvW/2pc9
6VcAJNSPzo4vQsoe/awQO6HejOqJ0tpmXmORQaRvQI6VBMd0J7w6GMI6kNG5Kce9
0+WJ9TBhNXGVLxx+/EEI9mdIxd2B9uOrcvGFP9tU6XdWbNMJUdN7WnX8NaOXNKhG
NwtqB0yzO9PkjvPrS3/OuxtwLFOpw3erNLTpLaOn/osAmpUL1V0G22aUePehxdjI
crw9LcUWuC34+TZoR3uGg742t9SAeZOffzxcoZcenbFihovMTKUSmAh/Rz4AOD5U
mVmFTq8SFAzlW6iCvGJ8b9P5YoNJzWRaoGh8+fznKeTWR+nnf5cV
-----END CERTIFICATE-----