Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1-zYH7xgT9jHLzOiK0op2xedNYxc.roa
File:                     1-zYH7xgT9jHLzOiK0op2xedNYxc.roa (raw, json)
Hash identifier:          EEfHurIFfYdUYQoV+3JgiQRhhQwtKC9h8bHhwZzyQo0=
Subject key identifier:   FB:36:07:EF:18:13:F6:31:CB:CC:E8:8A:D2:8A:76:C5:E7:4D:63:17
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0199B93064F3E75BBC4DD7AEA6A53AE3CD15
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1-zYH7xgT9jHLzOiK0op2xedNYxc.roa
Signing time:             Mon 06 Oct 2025 11:03:00 +0000
ROA not before:           Mon 06 Oct 2025 11:03:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213999
IP address blocks:        109.69.61.0/24 maxlen: 24
                          194.31.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b9:30:64:f3:e7:5b:bc:4d:d7:ae:a6:a5:3a:e3:cd:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Oct  6 11:03:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb3607ef1813f631cbcce88ad28a76c5e74d6317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:99:90:d5:8a:99:b6:98:8f:16:ff:1a:76:ae:
                    54:c5:57:c5:1a:cf:f9:70:ad:ba:1e:55:f6:46:2a:
                    6c:dd:1c:19:b7:18:fa:c1:5f:15:8a:85:d7:3f:5e:
                    7e:ce:50:da:8c:c6:3f:9f:62:e0:b8:b1:50:60:c9:
                    ad:52:2e:02:a9:89:2c:64:09:e6:70:dd:df:68:5d:
                    b9:99:43:69:d2:f5:aa:68:4f:d9:7e:30:0b:3a:6b:
                    30:57:f1:49:a9:9a:f9:37:0e:97:bb:24:bc:7d:e9:
                    b7:47:5a:ba:3d:c0:66:0c:01:5f:55:7b:98:7b:2d:
                    9a:27:0b:63:e6:07:48:75:1f:1f:46:a8:4c:6f:a5:
                    4a:13:9c:0f:8a:f3:94:f6:8a:24:3c:39:7c:7e:c1:
                    58:8c:a4:f7:74:91:ef:32:af:c9:62:f0:3a:e7:96:
                    8e:b9:78:ec:a6:20:9b:52:5f:58:9c:89:6e:f4:ad:
                    bd:75:19:96:38:c9:43:95:d0:59:09:70:73:bc:84:
                    5b:80:fb:3d:12:76:95:9d:b9:ea:e0:83:00:74:e1:
                    95:d6:fe:b8:a1:2b:6a:0d:bf:95:b2:41:42:d5:c5:
                    08:ca:87:9c:af:25:14:89:e0:e4:87:52:b7:93:9a:
                    7e:e5:d8:ad:cb:11:88:ca:56:2c:0b:b3:1d:3a:3f:
                    3a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:36:07:EF:18:13:F6:31:CB:CC:E8:8A:D2:8A:76:C5:E7:4D:63:17
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/1-zYH7xgT9jHLzOiK0op2xedNYxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.69.61.0/24
                  194.31.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:15:c2:ea:dc:9c:f6:f7:03:07:a1:06:f1:6b:f3:a7:79:3c:
         ca:6a:af:73:83:06:af:58:e1:d6:87:cc:89:9d:da:49:64:d3:
         07:14:b3:d9:76:1a:04:09:cd:67:92:3e:fd:aa:89:1e:ce:53:
         25:b9:62:de:f9:41:f6:cc:5a:8c:7c:af:6b:63:9c:db:de:48:
         e8:f2:e6:b4:3d:e9:ae:c7:1f:0c:6f:73:75:e9:1c:8a:2c:c5:
         b4:89:63:37:82:bb:28:26:45:62:2b:a2:3b:34:4b:1e:e0:70:
         0f:d4:53:04:9a:69:cc:75:42:c9:7e:5b:f4:f2:9e:49:68:a7:
         5e:6a:e4:9e:15:fd:ad:2e:fb:fa:b2:63:1f:ea:bc:e2:fc:53:
         39:8f:f4:99:00:52:49:d1:5f:73:54:29:4e:05:28:dc:f5:53:
         36:5f:35:19:7d:99:9d:5d:97:65:d4:cb:0e:77:47:21:96:23:
         e1:b3:df:4d:43:a7:80:92:06:f2:db:3a:ac:82:18:52:f6:40:
         f5:a0:2b:d8:0a:81:d2:58:43:21:17:cc:02:b2:e7:a3:e1:ca:
         60:a5:1c:ea:0c:f6:c4:40:8a:bb:1e:59:62:a6:e3:5f:e1:cf:
         ea:da:15:9d:7d:ce:fe:67:b1:05:7a:66:b2:3f:1e:a5:ea:0f:
         2b:7f:01:03
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZm5MGTz51u8TdeupqU6480VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUxMDA2MTEwMzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjM2MDdlZjE4MTNmNjMxY2JjY2U4OGFkMjhhNzZjNWU3NGQ2MzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZmQ1YqZtpiPFv8adq5UxVfFGs/5
cK26HlX2Rips3RwZtxj6wV8VioXXP15+zlDajMY/n2LguLFQYMmtUi4CqYksZAnm
cN3faF25mUNp0vWqaE/ZfjALOmswV/FJqZr5Nw6XuyS8fem3R1q6PcBmDAFfVXuY
ey2aJwtj5gdIdR8fRqhMb6VKE5wPivOU9ookPDl8fsFYjKT3dJHvMq/JYvA655aO
uXjspiCbUl9YnIlu9K29dRmWOMlDldBZCXBzvIRbgPs9EnaVnbnq4IMAdOGV1v64
oStqDb+VskFC1cUIyoecryUUieDkh1K3k5p+5dityxGIylYsC7MdOj86ZwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPs2B+8YE/Yxy8zoitKKdsXnTWMXMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvMS16WUg3eGdUOWpITHpPaUswb3AyeGVkTll4Yy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTgvNWE2ZmRhLTc4OTYtNGM1MC1hZmZkLTMwNDk1ZjQwMzc4
NC8xL1Y4Wnd5TnN5M1hTTjk1ZkZ5VEFUMk1rZnFEay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAG1FPQME
AMIfSTANBgkqhkiG9w0BAQsFAAOCAQEAFRXC6tyc9vcDB6EG8Wvzp3k8ymqvc4MG
r1jh1ofMiZ3aSWTTBxSz2XYaBAnNZ5I+/aqJHs5TJbli3vlB9sxajHyva2Oc295I
6PLmtD3prscfDG9zdekciizFtIljN4K7KCZFYiuiOzRLHuBwD9RTBJppzHVCyX5b
9PKeSWinXmrknhX9rS77+rJjH+q84vxTOY/0mQBSSdFfc1QpTgUo3PVTNl81GX2Z
nV2XZdTLDndHIZYj4bPfTUOngJIG8ts6rIIYUvZA9aAr2AqB0lhDIRfMArLno+HK
YKUc6gz2xECKux5ZYqbjX+HP6toVnX3O/mexBXpmsj8epeoPK38BAw==
-----END CERTIFICATE-----