Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/DUee1zARkcUrvJo1YXT27pZLsMI.roa
File:                     DUee1zARkcUrvJo1YXT27pZLsMI.roa (raw, json)
Hash identifier:          HI4DwNpTGowkvqavS8zu9KuCdBY9g/9IT49vijYsyXc=
Subject key identifier:   0D:47:9E:D7:30:11:91:C5:2B:BC:9A:35:61:74:F6:EE:96:4B:B0:C2
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       019A0A873084CC20FB13F9096C0111A55DC8
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/DUee1zARkcUrvJo1YXT27pZLsMI.roa
Signing time:             Wed 22 Oct 2025 06:07:03 +0000
ROA not before:           Wed 22 Oct 2025 06:07:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        209.131.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0a:87:30:84:cc:20:fb:13:f9:09:6c:01:11:a5:5d:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Oct 22 06:07:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d479ed7301191c52bbc9a356174f6ee964bb0c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:d6:88:e5:6f:8b:ef:52:38:ca:55:9e:cd:3b:
                    e9:0d:62:ba:94:e4:76:e0:7c:e9:3c:79:b8:1f:39:
                    6f:11:cc:b5:4c:74:b5:4a:77:b3:74:f3:7e:b2:9e:
                    c1:ab:ee:fb:9a:4b:79:34:cf:33:cc:50:bc:02:49:
                    82:78:b1:8a:b0:92:2f:06:b1:30:a0:52:57:91:24:
                    1e:76:3a:f7:41:25:cd:bf:91:27:56:df:a2:48:d0:
                    63:22:c2:32:59:f4:46:8d:db:2a:8c:5e:df:3c:c1:
                    69:65:74:1f:7d:5d:8c:92:51:7b:86:76:b4:34:7c:
                    b9:45:83:c1:d4:0e:de:3a:08:53:d0:7b:bc:17:66:
                    bf:dc:1c:ef:46:c9:8f:37:5a:7c:50:c2:0d:df:db:
                    29:a1:83:fe:7c:f5:8d:aa:04:de:be:0e:38:a6:a3:
                    41:ef:fc:80:15:bc:4b:81:cd:99:73:ba:75:23:64:
                    be:ba:cd:b5:ad:4b:43:a2:5e:fe:8e:5d:26:87:d0:
                    79:94:5b:2c:a3:42:4d:de:c8:39:8b:a3:22:6d:3a:
                    85:e4:9a:2f:ce:fd:6b:ff:32:9e:fc:66:0b:00:15:
                    2a:0d:a8:28:d1:4f:e4:5e:b7:65:e6:18:e2:b7:e3:
                    86:7e:1e:4f:30:62:59:78:62:0c:36:76:36:b2:e5:
                    19:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:47:9E:D7:30:11:91:C5:2B:BC:9A:35:61:74:F6:EE:96:4B:B0:C2
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/DUee1zARkcUrvJo1YXT27pZLsMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:68:48:ed:d9:af:97:38:23:ce:78:a5:68:37:c8:d0:c5:2d:
         9e:84:99:c9:57:0d:28:1e:05:c4:65:0f:89:37:a3:b0:e4:db:
         58:7b:18:e8:70:39:3a:b0:ac:1b:10:27:a1:b9:47:8a:70:b5:
         8a:71:0a:97:1d:13:87:f7:d9:36:71:8b:c2:df:64:52:07:b8:
         df:e4:c3:b2:b0:2c:a5:ae:c9:97:33:f1:bd:00:dd:50:96:93:
         af:7a:26:31:fd:ae:c0:61:b3:af:1c:d2:07:f6:a5:97:e0:2b:
         17:76:d6:0a:0b:7f:87:e4:04:bf:ac:e9:fd:32:31:0f:dc:57:
         fa:34:45:5a:a2:db:b7:bc:2a:05:80:de:2c:09:6f:01:bc:f7:
         2d:3e:ab:b3:97:79:15:c4:65:54:f0:27:0c:12:d9:8d:55:c5:
         c2:29:05:1c:57:93:5b:d6:50:da:36:88:1a:b9:dd:76:08:23:
         53:99:ea:a7:42:5f:a7:b5:b7:68:f3:5d:eb:8b:1f:aa:fb:fa:
         50:e4:67:5f:7b:55:13:40:30:b5:16:f9:72:4f:07:df:77:7a:
         c0:42:ff:c2:d6:89:ac:c4:5c:fd:b1:c5:2c:05:4e:fe:bc:34:
         cc:ec:05:30:42:63:f4:e8:7c:29:32:02:29:a2:c2:05:5c:79:
         46:92:ec:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoKhzCEzCD7E/kJbAERpV3IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjUxMDIyMDYwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQ3OWVkNzMwMTE5MWM1MmJiYzlhMzU2MTc0ZjZlZTk2NGJiMGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8taI5W+L71I4ylWezTvpDWK6lOR2
4HzpPHm4HzlvEcy1THS1SnezdPN+sp7Bq+77mkt5NM8zzFC8AkmCeLGKsJIvBrEw
oFJXkSQedjr3QSXNv5EnVt+iSNBjIsIyWfRGjdsqjF7fPMFpZXQffV2MklF7hna0
NHy5RYPB1A7eOghT0Hu8F2a/3BzvRsmPN1p8UMIN39spoYP+fPWNqgTevg44pqNB
7/yAFbxLgc2Zc7p1I2S+us21rUtDol7+jl0mh9B5lFsso0JN3sg5i6MibTqF5Jov
zv1r/zKe/GYLABUqDago0U/kXrdl5hjit+OGfh5PMGJZeGIMNnY2suUZowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1HntcwEZHFK7yaNWF09u6WS7DCMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvRFVlZTF6QVJrY1VydkpvMVlYVDI3cFpMc01JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0YNFMA0G
CSqGSIb3DQEBCwUAA4IBAQAXaEjt2a+XOCPOeKVoN8jQxS2ehJnJVw0oHgXEZQ+J
N6Ow5NtYexjocDk6sKwbECehuUeKcLWKcQqXHROH99k2cYvC32RSB7jf5MOysCyl
rsmXM/G9AN1QlpOveiYx/a7AYbOvHNIH9qWX4CsXdtYKC3+H5AS/rOn9MjEP3Ff6
NEVaotu3vCoFgN4sCW8BvPctPquzl3kVxGVU8CcMEtmNVcXCKQUcV5Nb1lDaNoga
ud12CCNTmeqnQl+ntbdo813rix+q+/pQ5Gdfe1UTQDC1FvlyTwffd3rAQv/C1oms
xFz9scUsBU7+vDTM7AUwQmP06HwpMgIposIFXHlGkuy3
-----END CERTIFICATE-----