Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dFs8LajL5R5nO6mUunRVvhmKoHs.roa
File:                     dFs8LajL5R5nO6mUunRVvhmKoHs.roa (raw, json)
Hash identifier:          xsNhoWpxXIXRIKfU3g1Gshwu39rqU7JQfToF/0qwcPg=
Subject key identifier:   74:5B:3C:2D:A8:CB:E5:1E:67:3B:A9:94:BA:74:55:BE:19:8A:A0:7B
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01966FE3524F7CB4768A2740C3A8385AE658
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dFs8LajL5R5nO6mUunRVvhmKoHs.roa
Signing time:             Sat 26 Apr 2025 02:18:10 +0000
ROA not before:           Sat 26 Apr 2025 02:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        109.111.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6f:e3:52:4f:7c:b4:76:8a:27:40:c3:a8:38:5a:e6:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Apr 26 02:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=745b3c2da8cbe51e673ba994ba7455be198aa07b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b6:a4:9d:e4:37:1a:6f:8c:7a:e1:93:da:ab:
                    8c:88:36:fd:f2:eb:b0:31:48:04:a5:6a:57:29:cb:
                    f3:c4:af:e2:b5:eb:b0:2c:b0:e8:77:c3:a8:0c:18:
                    39:ed:56:82:68:d4:bb:47:91:49:f4:db:f3:14:ac:
                    59:65:7f:cc:68:6d:19:b5:a4:5c:ce:8f:67:83:2c:
                    73:ac:19:32:35:a9:32:84:06:34:9e:24:36:04:dd:
                    17:c2:44:5b:b4:90:84:4f:32:a8:72:f7:8b:32:20:
                    e4:bd:39:95:0d:43:cf:59:e0:19:78:54:b1:59:83:
                    32:4b:ff:08:2c:3a:f9:f9:6e:35:a9:93:4c:1d:bd:
                    d1:f3:a6:86:62:b5:7a:00:c0:d7:59:ef:60:e3:bb:
                    18:19:88:d0:80:79:37:c1:b1:b5:22:1e:c1:45:25:
                    c6:d0:a5:6b:05:41:25:77:c9:65:71:4c:2f:75:73:
                    79:8f:d7:3c:cd:ba:6e:ee:de:f2:81:38:66:9e:c7:
                    41:97:5b:c6:37:15:6e:13:64:5b:84:c3:b2:64:a0:
                    25:9c:ff:a4:80:45:b6:58:77:cb:e5:2b:f4:9c:99:
                    8d:c1:e5:7f:2d:21:e3:aa:3d:ec:d5:d1:66:fe:91:
                    20:c6:de:95:f6:ae:d2:9d:a1:d1:27:61:0d:e3:44:
                    9d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:5B:3C:2D:A8:CB:E5:1E:67:3B:A9:94:BA:74:55:BE:19:8A:A0:7B
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dFs8LajL5R5nO6mUunRVvhmKoHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:e5:bd:c1:6c:7b:e3:0d:44:67:ce:22:71:b8:3c:6f:a7:a0:
         3a:fc:54:2e:4c:72:d7:79:43:b8:16:55:6e:4c:b4:e3:48:6e:
         90:24:4d:97:b9:13:37:6a:4a:69:50:1a:93:41:e4:d3:a2:47:
         5c:49:a2:23:f1:35:bf:17:0e:fe:77:ae:53:a3:d2:6f:ed:95:
         b3:46:03:6b:5f:69:d3:34:38:12:6e:30:97:e2:ac:7c:07:72:
         d7:31:35:a6:cc:2d:19:12:51:7a:69:cd:9c:23:76:b6:8b:4c:
         36:67:01:91:95:b1:a1:4c:fc:7c:10:ad:2e:d6:7c:e2:34:51:
         02:05:10:cf:ad:54:0b:f4:2e:24:84:3b:6b:a5:65:6e:4f:fc:
         4e:f8:f9:57:6a:57:8b:7b:15:93:64:5e:69:6f:eb:c5:f4:7c:
         33:73:e2:f8:11:0a:77:c0:28:bf:7b:15:07:b9:d2:23:af:21:
         4f:e5:5c:1d:a8:47:6a:37:ed:d2:ae:dd:38:59:05:dd:3f:ed:
         33:45:45:6f:61:a2:a1:46:6d:55:92:c5:58:3d:01:6c:67:d7:
         d6:63:57:c4:be:b0:ce:20:2d:d2:bb:81:b4:fd:3f:bb:38:89:
         5a:44:ab:11:69:55:cd:fc:18:bd:14:d6:db:22:60:2f:c8:0f:
         bb:46:1b:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZv41JPfLR2iidAw6g4WuZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwNDI2MDIxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDViM2MyZGE4Y2JlNTFlNjczYmE5OTRiYTc0NTViZTE5OGFhMDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrakneQ3Gm+MeuGT2quMiDb98uuw
MUgEpWpXKcvzxK/iteuwLLDod8OoDBg57VaCaNS7R5FJ9NvzFKxZZX/MaG0ZtaRc
zo9ngyxzrBkyNakyhAY0niQ2BN0XwkRbtJCETzKocveLMiDkvTmVDUPPWeAZeFSx
WYMyS/8ILDr5+W41qZNMHb3R86aGYrV6AMDXWe9g47sYGYjQgHk3wbG1Ih7BRSXG
0KVrBUEld8llcUwvdXN5j9c8zbpu7t7ygThmnsdBl1vGNxVuE2RbhMOyZKAlnP+k
gEW2WHfL5Sv0nJmNweV/LSHjqj3s1dFm/pEgxt6V9q7SnaHRJ2EN40SdDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRbPC2oy+UeZzuplLp0Vb4ZiqB7MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZEZzOExhakw1UjVuTzZtVXVuUlZ2aG1Lb0hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbW80MA0G
CSqGSIb3DQEBCwUAA4IBAQBO5b3BbHvjDURnziJxuDxvp6A6/FQuTHLXeUO4FlVu
TLTjSG6QJE2XuRM3akppUBqTQeTTokdcSaIj8TW/Fw7+d65To9Jv7ZWzRgNrX2nT
NDgSbjCX4qx8B3LXMTWmzC0ZElF6ac2cI3a2i0w2ZwGRlbGhTPx8EK0u1nziNFEC
BRDPrVQL9C4khDtrpWVuT/xO+PlXaleLexWTZF5pb+vF9Hwzc+L4EQp3wCi/exUH
udIjryFP5VwdqEdqN+3Srt04WQXdP+0zRUVvYaKhRm1VksVYPQFsZ9fWY1fEvrDO
IC3Su4G0/T+7OIlaRKsRaVXN/Bi9FNbbImAvyA+7Rhta
-----END CERTIFICATE-----