Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/0sjaeJEz0pkXr_1gNdMz2cgZ7yo.roa
File:                     0sjaeJEz0pkXr_1gNdMz2cgZ7yo.roa (raw, json)
Hash identifier:          KEt6yf7XHSBUNm4BTBszmuIVVsyz9gawMwqvtjbHFdA=
Subject key identifier:   D2:C8:DA:78:91:33:D2:99:17:AF:FD:60:35:D3:33:D9:C8:19:EF:2A
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       0199F643BED7269A6605778288C16AD0088A
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/0sjaeJEz0pkXr_1gNdMz2cgZ7yo.roa
Signing time:             Sat 18 Oct 2025 07:40:58 +0000
ROA not before:           Sat 18 Oct 2025 07:40:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35708
IP address blocks:        109.175.210.0/24 maxlen: 24
                          2a01:fb01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f6:43:be:d7:26:9a:66:05:77:82:88:c1:6a:d0:08:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Oct 18 07:40:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2c8da789133d29917affd6035d333d9c819ef2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ad:d7:77:05:2a:0d:53:b8:f7:cd:a5:f6:70:
                    f6:d6:b5:f5:8b:f0:c2:ab:dc:c7:74:18:b2:4e:d0:
                    0a:ee:bc:d9:51:30:42:38:a1:aa:f3:8d:79:bf:e2:
                    23:8e:ee:50:cf:64:86:d2:4f:c2:38:1c:4a:1f:c6:
                    8c:f9:f0:89:18:38:5d:cb:96:3b:81:67:e9:d9:bb:
                    b5:6b:98:2f:7d:26:e6:65:75:cc:c1:86:68:a1:c5:
                    aa:d4:d5:8f:7c:45:d3:1b:f6:f5:36:07:dc:05:63:
                    05:9a:3b:95:f5:fa:dc:b8:6f:e8:b1:d0:dc:e5:9b:
                    d8:c6:6a:6f:af:1a:c5:34:d7:e0:a8:68:02:38:e2:
                    7f:00:aa:11:3d:18:8a:1b:b4:2b:0b:c2:29:b2:1b:
                    a1:66:ac:1e:98:4f:38:af:f2:38:32:ea:40:0b:b5:
                    0d:ba:e7:96:78:35:71:a0:82:39:40:b7:71:cb:96:
                    09:29:9a:26:5a:e4:a6:da:ca:04:f7:34:eb:78:61:
                    b8:8b:fe:97:30:a3:a4:a8:ab:4e:4b:84:49:b8:21:
                    66:88:60:46:57:c9:b5:5d:6e:f8:50:ec:b8:cb:8f:
                    66:5c:1c:3b:24:fd:48:c6:86:07:12:d5:e2:c9:b7:
                    52:01:75:79:28:c0:bb:9c:33:56:0d:14:11:89:c2:
                    f2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C8:DA:78:91:33:D2:99:17:AF:FD:60:35:D3:33:D9:C8:19:EF:2A
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/0sjaeJEz0pkXr_1gNdMz2cgZ7yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.175.210.0/24
                IPv6:
                  2a01:fb01::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:b3:50:91:62:f4:bc:13:6c:e7:4f:87:fe:2e:80:70:2b:e9:
         fc:11:b8:47:ad:09:3d:a3:38:eb:b5:a7:aa:f5:fc:33:83:09:
         6f:9c:cb:2a:9e:e6:ad:d4:81:ad:bd:03:69:f9:ec:4f:44:6e:
         65:57:d9:44:cf:b9:d6:49:3a:3b:3a:84:99:81:a2:9d:f9:e1:
         35:26:87:8d:97:d1:28:9d:e3:20:42:8c:53:ad:9a:b2:2b:c9:
         fd:b2:97:55:60:80:c8:02:f3:67:b1:85:7b:0f:0d:76:f0:85:
         95:20:95:bb:09:18:3c:7f:e3:22:31:0e:8e:57:a5:87:ad:ad:
         ee:76:b5:a5:9e:5a:a5:8f:cc:ed:15:e2:92:87:d1:a4:d4:7e:
         59:19:8b:86:6d:6c:3b:62:12:b7:1f:da:03:47:52:cf:5a:ee:
         7d:84:97:21:b3:24:cc:7c:5f:f8:6c:13:e0:70:62:da:8b:76:
         08:41:7c:3e:2b:20:2c:d0:38:a2:77:d5:5a:f2:a3:be:41:83:
         5f:4c:de:34:2c:aa:3c:8f:61:f6:d0:bd:8e:79:4b:32:10:15:
         c0:13:16:ee:e7:69:b1:26:ec:95:68:d2:41:a5:00:68:60:2c:
         ff:7f:aa:83:cd:f3:1f:5c:d7:eb:ba:df:2d:cf:7f:9b:86:5e:
         03:a2:4d:99
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZn2Q77XJppmBXeCiMFq0AiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMDE4MDc0MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmM4ZGE3ODkxMzNkMjk5MTdhZmZkNjAzNWQzMzNkOWM4MTllZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq3XdwUqDVO4982l9nD21rX1i/DC
q9zHdBiyTtAK7rzZUTBCOKGq8415v+Ijju5Qz2SG0k/COBxKH8aM+fCJGDhdy5Y7
gWfp2bu1a5gvfSbmZXXMwYZoocWq1NWPfEXTG/b1NgfcBWMFmjuV9frcuG/osdDc
5ZvYxmpvrxrFNNfgqGgCOOJ/AKoRPRiKG7QrC8IpshuhZqwemE84r/I4MupAC7UN
uueWeDVxoII5QLdxy5YJKZomWuSm2soE9zTreGG4i/6XMKOkqKtOS4RJuCFmiGBG
V8m1XW74UOy4y49mXBw7JP1IxoYHEtXiybdSAXV5KMC7nDNWDRQRicLymwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNLI2niRM9KZF6/9YDXTM9nIGe8qMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvMHNqYWVKRXowcGtYcl8xZ05kTXoyY2daN3lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAba/SMA0E
AgACMAcDBQAqAfsBMA0GCSqGSIb3DQEBCwUAA4IBAQBRs1CRYvS8E2znT4f+LoBw
K+n8EbhHrQk9ozjrtaeq9fwzgwlvnMsqnuat1IGtvQNp+exPRG5lV9lEz7nWSTo7
OoSZgaKd+eE1JoeNl9EoneMgQoxTrZqyK8n9spdVYIDIAvNnsYV7Dw128IWVIJW7
CRg8f+MiMQ6OV6WHra3udrWlnlqlj8ztFeKSh9Gk1H5ZGYuGbWw7YhK3H9oDR1LP
Wu59hJchsyTMfF/4bBPgcGLai3YIQXw+KyAs0Diid9Va8qO+QYNfTN40LKo8j2H2
0L2OeUsyEBXAExbu52mxJuyVaNJBpQBoYCz/f6qDzfMfXNfrut8tz3+bhl4Dok2Z
-----END CERTIFICATE-----