Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/3d4827-3f14-430e-9cee-d121c5a75d98/1/BLqnqYXfNpeDaXR1TT1NxALunTU.roa
File:                     BLqnqYXfNpeDaXR1TT1NxALunTU.roa (raw, json)
Hash identifier:          HiOoL5QoKyGrCXU+ZvFwDx1bHqF6go6OY2pLOukJd1s=
Subject key identifier:   04:BA:A7:A9:85:DF:36:97:83:69:74:75:4D:3D:4D:C4:02:EE:9D:35
Certificate issuer:       /CN=ffe437bcad9bacfa3b76b7dd0454133fb4d8cb3e
Certificate serial:       01985B3BE78B9901456C79FC59A49FA5337C
Authority key identifier: FF:E4:37:BC:AD:9B:AC:FA:3B:76:B7:DD:04:54:13:3F:B4:D8:CB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_-Q3vK2brPo7drfdBFQTP7TYyz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/3d4827-3f14-430e-9cee-d121c5a75d98/1/BLqnqYXfNpeDaXR1TT1NxALunTU.roa
Signing time:             Wed 30 Jul 2025 12:08:29 +0000
ROA not before:           Wed 30 Jul 2025 12:08:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12676
IP address blocks:        109.234.248.0/21 maxlen: 24
                          2a01:a740::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/3d4827-3f14-430e-9cee-d121c5a75d98/1/_-Q3vK2brPo7drfdBFQTP7TYyz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/3d4827-3f14-430e-9cee-d121c5a75d98/1/_-Q3vK2brPo7drfdBFQTP7TYyz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_-Q3vK2brPo7drfdBFQTP7TYyz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5b:3b:e7:8b:99:01:45:6c:79:fc:59:a4:9f:a5:33:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffe437bcad9bacfa3b76b7dd0454133fb4d8cb3e
        Validity
            Not Before: Jul 30 12:08:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04baa7a985df3697836974754d3d4dc402ee9d35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d6:22:c9:04:9d:88:6d:26:46:f7:01:7e:86:
                    03:0e:d4:c9:e3:54:71:f4:b9:ac:d9:0c:b7:c5:76:
                    9c:89:d7:97:e4:07:b7:06:5b:4d:6d:a0:30:b6:a1:
                    2e:fb:0b:77:d7:0e:47:31:17:40:3c:43:c6:84:8d:
                    36:93:50:e4:8a:da:f9:73:04:4c:be:2b:8e:c6:ca:
                    d0:4c:75:0c:0f:93:c0:d0:a4:3f:bb:12:b4:7c:91:
                    b6:cc:c1:cc:96:5b:c5:80:47:32:a9:96:6b:a8:ef:
                    3f:57:39:9c:84:80:03:f4:08:a2:a7:22:de:15:a9:
                    dc:9c:eb:e3:6a:31:4b:6c:cf:87:fe:c9:8b:61:3b:
                    e8:3f:55:b2:7b:1a:75:c2:c7:07:82:80:b2:f2:c0:
                    df:b9:9c:a8:6e:47:4e:64:6e:93:66:72:1a:97:4c:
                    69:bf:8c:cd:39:81:ad:b2:c3:85:d1:b9:da:6c:46:
                    0d:cf:86:95:55:10:c1:0e:2f:e7:91:45:ec:7a:6c:
                    e1:dc:a0:b6:bd:13:d9:ed:23:73:d3:b3:cb:c9:5f:
                    3e:99:d3:63:12:63:7d:75:72:95:cd:40:5a:33:cc:
                    5c:58:4d:56:13:df:4a:f7:77:e1:3d:35:d9:f9:e6:
                    b0:70:02:a3:60:a0:39:ac:24:c2:68:43:a9:29:f6:
                    dc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:BA:A7:A9:85:DF:36:97:83:69:74:75:4D:3D:4D:C4:02:EE:9D:35
            X509v3 Authority Key Identifier:
                keyid:FF:E4:37:BC:AD:9B:AC:FA:3B:76:B7:DD:04:54:13:3F:B4:D8:CB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_-Q3vK2brPo7drfdBFQTP7TYyz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/3d4827-3f14-430e-9cee-d121c5a75d98/1/BLqnqYXfNpeDaXR1TT1NxALunTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/3d4827-3f14-430e-9cee-d121c5a75d98/1/_-Q3vK2brPo7drfdBFQTP7TYyz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.248.0/21
                IPv6:
                  2a01:a740::/32

    Signature Algorithm: sha256WithRSAEncryption
         c1:d9:a3:f8:c9:9d:18:a1:d4:89:d2:b0:c3:2c:e8:92:17:f2:
         2f:e0:9b:a0:a7:52:94:f7:42:68:46:76:86:77:d9:31:86:79:
         55:dd:7b:4b:8d:6f:15:14:d9:94:2f:56:29:9b:27:e1:46:88:
         31:8b:75:2b:f9:c2:e1:55:58:07:54:c4:95:71:6b:74:ee:8a:
         60:9f:2c:af:ef:c9:55:a2:9b:ea:0d:7a:e6:f2:99:ae:1d:1f:
         1d:2b:f9:88:57:3c:33:95:78:f5:50:f6:ee:86:53:ec:65:46:
         e2:aa:56:24:11:af:16:df:b2:96:d8:07:41:f3:58:51:0a:c7:
         f1:a5:9a:fb:4d:a3:f6:ea:e6:8e:ee:5c:1c:a6:c0:6f:1b:4e:
         a8:8d:92:5b:bb:4f:c7:bb:88:f6:63:3a:41:00:e7:d0:2b:df:
         97:a0:da:0f:be:a4:32:80:56:d3:4f:bc:9c:5c:e4:8d:b1:8c:
         be:17:16:d1:2c:11:e3:5d:e1:90:4d:4a:a4:fb:44:58:40:5e:
         f4:20:10:29:9e:f0:b6:b2:11:ea:4b:64:b3:5f:a9:e4:cc:3d:
         47:89:28:52:18:ba:04:de:c7:87:55:48:3f:f4:f4:1b:4f:31:
         aa:8c:cb:10:69:6a:2f:3b:93:36:96:df:82:98:cd:3c:46:dd:
         86:ea:ab:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhbO+eLmQFFbHn8WaSfpTN8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZTQzN2JjYWQ5YmFjZmEzYjc2YjdkZDA0NTQxMzNmYjRk
OGNiM2UwHhcNMjUwNzMwMTIwODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGJhYTdhOTg1ZGYzNjk3ODM2OTc0NzU0ZDNkNGRjNDAyZWU5ZDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidYiyQSdiG0mRvcBfoYDDtTJ41Rx
9Lms2Qy3xXacideX5Ae3BltNbaAwtqEu+wt31w5HMRdAPEPGhI02k1Dkitr5cwRM
viuOxsrQTHUMD5PA0KQ/uxK0fJG2zMHMllvFgEcyqZZrqO8/VzmchIAD9AiipyLe
FancnOvjajFLbM+H/smLYTvoP1Wyexp1wscHgoCy8sDfuZyobkdOZG6TZnIal0xp
v4zNOYGtssOF0bnabEYNz4aVVRDBDi/nkUXsemzh3KC2vRPZ7SNz07PLyV8+mdNj
EmN9dXKVzUBaM8xcWE1WE99K93fhPTXZ+eawcAKjYKA5rCTCaEOpKfbccQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAS6p6mF3zaXg2l0dU09TcQC7p01MB8GA1UdIwQY
MBaAFP/kN7ytm6z6O3a33QRUEz+02Ms+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXy1RM3ZLMmJyUG83ZHJmZEJGUVRQN1RZeXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi8zZDQ4MjctM2YxNC00MzBlLTljZWUt
ZDEyMWM1YTc1ZDk4LzEvQkxxbnFZWGZOcGVEYVhSMVRUMU54QUx1blRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi8zZDQ4MjctM2YxNC00MzBlLTljZWUtZDEyMWM1YTc1ZDk4
LzEvXy1RM3ZLMmJyUG83ZHJmZEJGUVRQN1RZeXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDber4MA0E
AgACMAcDBQAqAadAMA0GCSqGSIb3DQEBCwUAA4IBAQDB2aP4yZ0YodSJ0rDDLOiS
F/Iv4Jugp1KU90JoRnaGd9kxhnlV3XtLjW8VFNmUL1YpmyfhRogxi3Ur+cLhVVgH
VMSVcWt07opgnyyv78lVopvqDXrm8pmuHR8dK/mIVzwzlXj1UPbuhlPsZUbiqlYk
Ea8W37KW2AdB81hRCsfxpZr7TaP26uaO7lwcpsBvG06ojZJbu0/Hu4j2YzpBAOfQ
K9+XoNoPvqQygFbTT7ycXOSNsYy+FxbRLBHjXeGQTUqk+0RYQF70IBApnvC2shHq
S2SzX6nkzD1HiShSGLoE3seHVUg/9PQbTzGqjMsQaWovO5M2lt+CmM08Rt2G6qv8
-----END CERTIFICATE-----