Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/Du1i7bTAaB4IIOTw_X0vw1MirSY.roa
File:                     Du1i7bTAaB4IIOTw_X0vw1MirSY.roa (raw, json)
Hash identifier:          nFL5MmAzQRcIkXClbhtA+EMVfYtDNnO3RVW3aGCvry0=
Subject key identifier:   0E:ED:62:ED:B4:C0:68:1E:08:20:E4:F0:FD:7D:2F:C3:53:22:AD:26
Certificate issuer:       /CN=70e5b30272e43053208978dbe44bfee10a5d007e
Certificate serial:       0197541F7754339CF07C306F12516A500D7A
Authority key identifier: 70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/Du1i7bTAaB4IIOTw_X0vw1MirSY.roa
Signing time:             Mon 09 Jun 2025 09:57:17 +0000
ROA not before:           Mon 09 Jun 2025 09:57:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200220
IP address blocks:        63.251.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:54:1f:77:54:33:9c:f0:7c:30:6f:12:51:6a:50:0d:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70e5b30272e43053208978dbe44bfee10a5d007e
        Validity
            Not Before: Jun  9 09:57:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0eed62edb4c0681e0820e4f0fd7d2fc35322ad26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:7b:8f:03:96:a4:38:3f:9f:6f:78:4c:a5:e0:
                    04:97:0b:ca:1f:fd:5f:5b:31:c4:a7:c8:08:a4:24:
                    2a:97:26:e9:e2:60:31:23:59:9b:9f:15:9e:ec:06:
                    4c:7f:01:bf:1d:6b:5b:1d:60:b2:65:ba:fb:09:eb:
                    83:c6:28:d5:ec:f3:07:d1:64:d3:a1:b2:cf:8f:f0:
                    0d:1e:03:78:d5:70:31:91:d5:73:40:a5:ac:4a:b6:
                    3d:70:00:fe:8a:98:9c:4c:5a:9a:36:07:5d:f9:56:
                    3b:71:e8:52:54:11:2c:89:09:3e:e3:a0:63:14:48:
                    17:cc:83:d5:13:e6:71:85:58:0b:79:65:c4:f6:39:
                    f3:58:3f:37:fc:76:12:38:60:9e:9b:13:c9:2f:7e:
                    a2:4d:72:51:b1:2d:dc:f0:83:7f:42:69:c2:2b:96:
                    86:a4:f0:b6:1e:bd:ec:63:0b:e9:dc:50:0c:0c:a2:
                    23:13:bb:9f:05:21:76:f9:ed:5b:8b:90:d7:d9:50:
                    c4:5a:cc:92:c0:43:fe:9f:04:ba:41:1d:09:2b:8f:
                    ef:73:64:97:33:d1:a2:48:f1:6e:b3:f5:fb:92:fc:
                    18:b0:b7:7c:d8:00:db:a6:08:a6:e7:6a:86:31:a2:
                    35:99:07:47:f5:39:12:b4:76:bd:c8:b3:12:14:4f:
                    9c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:ED:62:ED:B4:C0:68:1E:08:20:E4:F0:FD:7D:2F:C3:53:22:AD:26
            X509v3 Authority Key Identifier:
                keyid:70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/Du1i7bTAaB4IIOTw_X0vw1MirSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.251.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:7e:1e:b5:90:02:44:cf:63:16:d7:01:dc:86:a7:45:3e:a6:
         fe:00:0c:d4:f0:4c:3a:b3:a7:90:80:fa:e1:de:e9:c8:e2:ed:
         6a:f8:68:90:b8:5f:20:41:fd:e5:1c:b8:d7:69:71:b1:d9:ac:
         4f:7d:01:f3:8f:40:68:73:ae:d5:35:9d:e0:b8:ad:5f:e6:e3:
         a0:49:ce:28:98:b3:ae:d6:8a:a7:79:71:2d:27:77:37:56:92:
         3e:83:0c:c7:71:43:1e:55:e2:52:b4:5c:7b:36:20:07:92:cf:
         3f:c6:df:8c:40:c3:59:ff:f0:94:3e:17:26:11:30:40:b4:4e:
         b4:12:67:2f:37:49:5d:87:36:bf:7a:1a:9b:47:54:72:da:af:
         e1:94:8b:ff:96:83:0e:7b:e0:3e:61:1a:b0:92:fe:97:10:87:
         59:03:f8:cc:c7:82:30:bd:f4:27:ec:0b:63:2b:93:c7:f1:22:
         f9:64:c4:22:02:5f:ae:f3:26:4e:11:be:02:bf:b8:1a:b8:7b:
         6b:a4:55:49:46:5d:1d:43:b4:69:4f:10:3d:f1:25:f7:54:33:
         ad:74:d9:ab:c4:39:f5:c5:30:78:21:3b:87:b8:af:2a:f8:16:
         63:49:a6:1d:67:c8:65:30:a3:10:f2:dd:94:6e:b5:20:e7:07:
         c2:71:09:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdUH3dUM5zwfDBvElFqUA16MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZTViMzAyNzJlNDMwNTMyMDg5NzhkYmU0NGJmZWUxMGE1
ZDAwN2UwHhcNMjUwNjA5MDk1NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWVkNjJlZGI0YzA2ODFlMDgyMGU0ZjBmZDdkMmZjMzUzMjJhZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHuPA5akOD+fb3hMpeAElwvKH/1f
WzHEp8gIpCQqlybp4mAxI1mbnxWe7AZMfwG/HWtbHWCyZbr7CeuDxijV7PMH0WTT
obLPj/ANHgN41XAxkdVzQKWsSrY9cAD+ipicTFqaNgdd+VY7cehSVBEsiQk+46Bj
FEgXzIPVE+ZxhVgLeWXE9jnzWD83/HYSOGCemxPJL36iTXJRsS3c8IN/QmnCK5aG
pPC2Hr3sYwvp3FAMDKIjE7ufBSF2+e1bi5DX2VDEWsySwEP+nwS6QR0JK4/vc2SX
M9GiSPFus/X7kvwYsLd82ADbpgim52qGMaI1mQdH9TkStHa9yLMSFE+cywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7tYu20wGgeCCDk8P19L8NTIq0mMB8GA1UdIwQY
MBaAFHDlswJy5DBTIIl42+RL/uEKXQB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEt
MWZiYzY0MWI1MGIxLzEvRHUxaTdiVEFhQjRJSU9Ud19YMHZ3MU1pclNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEtMWZiYzY0MWI1MGIx
LzEvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAP/t6MA0G
CSqGSIb3DQEBCwUAA4IBAQAcfh61kAJEz2MW1wHchqdFPqb+AAzU8Ew6s6eQgPrh
3unI4u1q+GiQuF8gQf3lHLjXaXGx2axPfQHzj0Boc67VNZ3guK1f5uOgSc4omLOu
1oqneXEtJ3c3VpI+gwzHcUMeVeJStFx7NiAHks8/xt+MQMNZ//CUPhcmETBAtE60
EmcvN0ldhza/ehqbR1Ry2q/hlIv/loMOe+A+YRqwkv6XEIdZA/jMx4IwvfQn7Atj
K5PH8SL5ZMQiAl+u8yZOEb4Cv7gauHtrpFVJRl0dQ7RpTxA98SX3VDOtdNmrxDn1
xTB4ITuHuK8q+BZjSaYdZ8hlMKMQ8t2UbrUg5wfCcQmd
-----END CERTIFICATE-----