Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/F1xlFQ7FgaCkRr7zNPIXEUL8LPg.roa
File:                     F1xlFQ7FgaCkRr7zNPIXEUL8LPg.roa (raw, json)
Hash identifier:          9ulDHNmKBeTrfigdxBNsjQtToFMCvjIxH3LJ4T+lQYk=
Subject key identifier:   17:5C:65:15:0E:C5:81:A0:A4:46:BE:F3:34:F2:17:11:42:FC:2C:F8
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019A44378F787AF6AA67B97E3A00B2A246AF
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/F1xlFQ7FgaCkRr7zNPIXEUL8LPg.roa
Signing time:             Sun 02 Nov 2025 10:58:03 +0000
ROA not before:           Sun 02 Nov 2025 10:58:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        109.121.44.0/24 maxlen: 24
                          188.255.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:44:37:8f:78:7a:f6:aa:67:b9:7e:3a:00:b2:a2:46:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Nov  2 10:58:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=175c65150ec581a0a446bef334f2171142fc2cf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b1:e0:32:58:cb:ef:8d:d4:25:71:5f:94:28:
                    ba:5d:6e:dd:d7:09:fb:9f:0b:e3:df:00:8f:a7:3a:
                    98:32:38:12:13:64:8e:3d:f9:d5:35:17:f4:9c:63:
                    72:17:6a:71:f7:3c:ba:8f:2d:fe:c5:ab:fd:ff:be:
                    b0:e1:12:d3:87:e3:c4:42:74:7e:4f:d2:45:dc:6f:
                    d0:81:22:9c:09:b2:79:9a:ea:77:27:c1:58:34:f3:
                    5a:b3:3e:37:1c:2b:5c:68:24:70:29:38:f0:d7:2a:
                    cf:b4:15:4a:bc:19:99:fa:9d:de:62:2c:fa:4b:5a:
                    a4:67:03:b1:72:e4:8e:1d:b2:39:7c:05:50:12:53:
                    c6:22:c2:c8:d2:33:34:5b:6b:f5:f4:04:6f:79:12:
                    fd:74:aa:32:db:1a:65:a6:49:94:4e:07:87:53:49:
                    93:94:5f:61:5b:80:d2:28:35:12:11:bf:6d:57:4e:
                    d0:02:44:9f:97:16:5f:b1:d9:d8:1c:99:17:6a:8e:
                    ea:96:d0:41:68:4d:68:56:10:74:01:db:87:fd:e2:
                    3a:4a:3e:57:f1:fb:93:c6:6b:b5:29:aa:18:86:5b:
                    e4:ad:ca:1f:a9:d4:39:1e:cd:1d:4b:0e:1e:b0:35:
                    f1:a0:b9:38:26:73:c6:6c:be:87:59:b0:73:23:86:
                    d6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:5C:65:15:0E:C5:81:A0:A4:46:BE:F3:34:F2:17:11:42:FC:2C:F8
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/F1xlFQ7FgaCkRr7zNPIXEUL8LPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.44.0/24
                  188.255.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:02:1f:79:ce:55:e5:2e:71:3d:95:e3:43:ae:84:65:5d:62:
         05:52:ad:a1:7f:e0:f9:e5:7e:cd:8b:3d:1c:88:3d:d9:65:fd:
         db:ed:4c:20:d6:fc:cb:94:a5:de:4d:e2:cd:7e:86:99:a8:d5:
         34:7e:fd:ca:33:a7:ce:ca:d5:e8:df:d2:ae:9e:70:24:5b:aa:
         d7:63:56:36:d8:8f:e5:14:6a:da:03:df:24:77:89:62:5f:a2:
         60:1e:3e:39:04:9f:24:b2:97:56:a9:4b:11:a2:ce:70:20:da:
         a6:a3:8f:e8:c7:95:1d:2d:c4:0e:c6:a6:8e:4f:66:f7:d1:6f:
         27:c4:7f:e4:ff:1e:4d:f6:a7:16:c0:03:40:1a:9e:44:6b:d8:
         28:78:55:2a:97:92:8f:b2:90:e4:f8:ff:95:33:c7:55:cb:e9:
         14:d6:78:63:1d:bb:7a:05:45:70:23:fd:e2:10:d6:2a:66:0a:
         0e:7c:64:dc:76:d1:56:e2:19:d1:0d:7c:06:3f:d0:51:a0:34:
         ea:34:35:36:8d:b4:6e:c4:35:2f:41:38:63:d0:0e:04:7c:9e:
         fb:51:9e:38:22:dc:ca:ab:de:17:fb:1f:38:2f:69:4b:31:66:
         9f:3a:0c:f9:c0:99:1c:24:be:55:36:73:ca:aa:ed:ee:7e:96:
         e7:62:c4:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpEN494evaqZ7l+OgCyokavMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMTAyMTA1ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzVjNjUxNTBlYzU4MWEwYTQ0NmJlZjMzNGYyMTcxMTQyZmMyY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7HgMljL743UJXFflCi6XW7d1wn7
nwvj3wCPpzqYMjgSE2SOPfnVNRf0nGNyF2px9zy6jy3+xav9/76w4RLTh+PEQnR+
T9JF3G/QgSKcCbJ5mup3J8FYNPNasz43HCtcaCRwKTjw1yrPtBVKvBmZ+p3eYiz6
S1qkZwOxcuSOHbI5fAVQElPGIsLI0jM0W2v19ARveRL9dKoy2xplpkmUTgeHU0mT
lF9hW4DSKDUSEb9tV07QAkSflxZfsdnYHJkXao7qltBBaE1oVhB0AduH/eI6Sj5X
8fuTxmu1KaoYhlvkrcofqdQ5Hs0dSw4esDXxoLk4JnPGbL6HWbBzI4bWQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBdcZRUOxYGgpEa+8zTyFxFC/Cz4MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvRjF4bEZRN0ZnYUNrUnI3ek5QSVhFVUw4TFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXksAwQA
vP+rMA0GCSqGSIb3DQEBCwUAA4IBAQB9Ah95zlXlLnE9leNDroRlXWIFUq2hf+D5
5X7Niz0ciD3ZZf3b7Uwg1vzLlKXeTeLNfoaZqNU0fv3KM6fOytXo39KunnAkW6rX
Y1Y22I/lFGraA98kd4liX6JgHj45BJ8kspdWqUsRos5wINqmo4/ox5UdLcQOxqaO
T2b30W8nxH/k/x5N9qcWwANAGp5Ea9goeFUql5KPspDk+P+VM8dVy+kU1nhjHbt6
BUVwI/3iENYqZgoOfGTcdtFW4hnRDXwGP9BRoDTqNDU2jbRuxDUvQThj0A4EfJ77
UZ44ItzKq94X+x84L2lLMWafOgz5wJkcJL5VNnPKqu3ufpbnYsSH
-----END CERTIFICATE-----