Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/REOoP6Y8-wsgon83LmwFQJMZALc.roa
File:                     REOoP6Y8-wsgon83LmwFQJMZALc.roa (raw, json)
Hash identifier:          A4lQGU6MhGm6OdwWVbHE5BG8fr09wGeJM7NnUUCETR0=
Subject key identifier:   44:43:A8:3F:A6:3C:FB:0B:20:A2:7F:37:2E:6C:05:40:93:19:00:B7
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019867C2FE8C4F6EE28B53A48413A014EA1C
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/REOoP6Y8-wsgon83LmwFQJMZALc.roa
Signing time:             Fri 01 Aug 2025 22:31:29 +0000
ROA not before:           Fri 01 Aug 2025 22:31:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199737
IP address blocks:        109.111.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:67:c2:fe:8c:4f:6e:e2:8b:53:a4:84:13:a0:14:ea:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Aug  1 22:31:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4443a83fa63cfb0b20a27f372e6c0540931900b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e6:bc:16:2d:90:3f:0d:d2:dd:18:a5:ff:a0:
                    39:8e:bf:0e:9c:3a:cf:ee:dd:82:b2:fd:56:8c:fe:
                    d4:d1:56:d5:ed:9b:12:8a:97:11:ff:84:7a:a2:58:
                    6c:74:39:c4:49:22:ee:99:42:48:d7:78:b3:99:71:
                    56:3d:fd:ce:ca:b6:ff:d2:04:b6:32:a9:a1:31:b2:
                    ca:44:a1:8d:df:3f:52:41:1a:eb:77:44:4c:65:43:
                    4d:2d:9c:11:b7:0f:d1:48:d5:54:2e:81:a9:ce:2a:
                    75:5b:c7:08:b1:ca:05:f0:47:5c:f6:f2:01:32:a9:
                    45:03:bd:87:d3:14:7f:18:e4:ed:ee:0c:97:63:26:
                    48:04:03:10:44:57:bd:23:f2:99:0d:e1:27:65:ac:
                    62:7a:9d:6e:03:f4:06:63:73:c6:73:3c:43:d2:c7:
                    67:ec:5a:52:fe:51:13:7f:c7:f9:18:e3:b5:a9:35:
                    fa:57:4d:06:ca:f5:b2:ef:cc:30:1f:b0:25:09:49:
                    33:33:36:62:fb:e9:be:d2:b5:35:06:48:b1:8b:09:
                    ef:4a:1f:de:be:95:f4:ff:99:3c:0e:18:4e:70:8e:
                    5b:db:03:68:d1:70:71:12:1f:18:46:2b:8f:ed:b2:
                    9c:65:44:ab:6a:56:6f:30:74:47:64:ed:04:33:91:
                    f7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:43:A8:3F:A6:3C:FB:0B:20:A2:7F:37:2E:6C:05:40:93:19:00:B7
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/REOoP6Y8-wsgon83LmwFQJMZALc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:0b:16:98:aa:5b:ce:25:d4:ab:68:47:d4:7e:f3:26:e2:be:
         7b:ef:ee:69:78:1b:9d:1a:61:6b:3c:a8:e3:77:4b:9e:70:5f:
         25:3c:45:f8:e9:d4:e3:b9:1c:45:d3:32:44:87:f7:b8:0d:45:
         55:ad:05:a1:d8:1b:1d:8f:d7:8a:30:a2:53:85:7e:d1:02:f6:
         3b:8b:60:43:fb:69:d1:a4:c4:3c:2e:db:9d:27:b5:30:9f:b4:
         bc:ae:3b:59:0d:34:a5:f7:f6:0a:a6:e0:96:eb:cc:95:fc:71:
         2c:b8:5e:83:a3:25:fb:36:91:24:f7:b9:bd:dd:e8:f7:f7:99:
         95:db:9e:3a:da:db:83:8d:57:d6:86:f7:72:ca:37:46:7c:59:
         76:2b:96:a2:a6:69:82:82:28:79:77:43:35:cc:f0:58:ba:1e:
         fc:8f:b4:e9:c9:cd:d0:b9:a7:94:90:87:d6:f4:43:6b:5d:52:
         27:d3:0f:86:32:d4:6d:c5:a3:db:70:db:a2:d3:fa:6e:40:35:
         29:7d:bb:b2:2d:30:16:7a:07:f2:f5:25:7f:78:60:de:96:63:
         ed:27:2d:25:ac:21:00:ea:39:fc:fb:9d:b2:03:b9:52:aa:1c:
         43:db:40:00:ad:9a:08:5d:b6:07:7f:bb:ce:66:ca:51:c5:da:
         3f:0b:f7:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhnwv6MT27ii1OkhBOgFOocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwODAxMjIzMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDQzYTgzZmE2M2NmYjBiMjBhMjdmMzcyZTZjMDU0MDkzMTkwMGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyua8Fi2QPw3S3Ril/6A5jr8OnDrP
7t2Csv1WjP7U0VbV7ZsSipcR/4R6olhsdDnESSLumUJI13izmXFWPf3Oyrb/0gS2
MqmhMbLKRKGN3z9SQRrrd0RMZUNNLZwRtw/RSNVULoGpzip1W8cIscoF8Edc9vIB
MqlFA72H0xR/GOTt7gyXYyZIBAMQRFe9I/KZDeEnZaxiep1uA/QGY3PGczxD0sdn
7FpS/lETf8f5GOO1qTX6V00GyvWy78wwH7AlCUkzMzZi++m+0rU1BkixiwnvSh/e
vpX0/5k8DhhOcI5b2wNo0XBxEh8YRiuP7bKcZUSralZvMHRHZO0EM5H3tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERDqD+mPPsLIKJ/Ny5sBUCTGQC3MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvUkVPb1A2WTgtd3Nnb244M0xtd0ZRSk1aQUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbW8mMA0G
CSqGSIb3DQEBCwUAA4IBAQCbCxaYqlvOJdSraEfUfvMm4r577+5peBudGmFrPKjj
d0uecF8lPEX46dTjuRxF0zJEh/e4DUVVrQWh2Bsdj9eKMKJThX7RAvY7i2BD+2nR
pMQ8LtudJ7Uwn7S8rjtZDTSl9/YKpuCW68yV/HEsuF6DoyX7NpEk97m93ej395mV
25462tuDjVfWhvdyyjdGfFl2K5aipmmCgih5d0M1zPBYuh78j7Tpyc3QuaeUkIfW
9ENrXVIn0w+GMtRtxaPbcNui0/puQDUpfbuyLTAWegfy9SV/eGDelmPtJy0lrCEA
6jn8+52yA7lSqhxD20AArZoIXbYHf7vOZspRxdo/C/fh
-----END CERTIFICATE-----