Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/FV7sZMg6O9JY4mwLcg69aoeW06M.roa
File:                     FV7sZMg6O9JY4mwLcg69aoeW06M.roa (raw, json)
Hash identifier:          VMFrYstU7+hz9IBC63E6LRr18iCOAuJeM9dbn8Jpzcg=
Subject key identifier:   15:5E:EC:64:C8:3A:3B:D2:58:E2:6C:0B:72:0E:BD:6A:87:96:D3:A3
Certificate issuer:       /CN=dd64166a91179308f253a9175616ccc6828c4463
Certificate serial:       01977C8AC35B96D491F491D317D638E027F0
Authority key identifier: DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/FV7sZMg6O9JY4mwLcg69aoeW06M.roa
Signing time:             Tue 17 Jun 2025 06:19:18 +0000
ROA not before:           Tue 17 Jun 2025 06:19:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34250
IP address blocks:        84.54.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 19:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7c:8a:c3:5b:96:d4:91:f4:91:d3:17:d6:38:e0:27:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd64166a91179308f253a9175616ccc6828c4463
        Validity
            Not Before: Jun 17 06:19:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=155eec64c83a3bd258e26c0b720ebd6a8796d3a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:12:4d:40:38:ec:1e:ee:09:86:99:eb:40:7a:
                    93:0b:e1:f1:92:ae:ee:b0:c5:1d:8f:25:1c:08:78:
                    76:f3:4c:5c:53:c9:a7:00:45:c8:26:ec:a8:8d:69:
                    07:04:1d:5c:70:8c:ae:5a:7f:58:a5:a6:44:79:10:
                    a0:0a:8c:d3:85:35:a4:39:62:55:bd:57:c2:10:9f:
                    a6:51:1c:e0:ea:45:f1:66:1d:0d:35:fd:bd:22:7e:
                    47:bf:98:a9:c7:98:6b:98:e0:b4:bd:0c:39:21:b6:
                    fb:14:26:99:e7:e2:fc:c6:af:d4:31:1f:07:39:80:
                    9d:ad:21:ec:23:de:c1:c6:2f:71:22:0d:c0:22:d6:
                    a3:40:44:5e:d5:3d:a7:72:94:dd:68:23:c8:ed:70:
                    03:e2:46:a1:c7:a7:86:48:01:7e:c8:a5:16:58:83:
                    be:d4:67:01:58:14:79:32:59:49:6d:38:28:6d:f6:
                    52:2f:0e:67:7b:69:4e:c7:0e:1b:98:47:d3:31:5f:
                    bb:21:55:9c:28:14:54:90:91:e9:ee:7c:b9:ae:5f:
                    91:34:95:38:b8:73:a9:bb:48:8c:db:34:ee:d7:d2:
                    15:10:4f:78:05:f7:2f:54:f2:3c:af:2f:d2:a1:dd:
                    14:a7:9e:70:93:0a:e5:a3:14:51:d2:24:57:8f:08:
                    ea:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:5E:EC:64:C8:3A:3B:D2:58:E2:6C:0B:72:0E:BD:6A:87:96:D3:A3
            X509v3 Authority Key Identifier:
                keyid:DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/FV7sZMg6O9JY4mwLcg69aoeW06M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:6f:17:cc:02:95:80:69:dd:be:e2:6c:2f:8a:72:62:64:86:
         36:03:50:d6:0e:d2:ea:4b:8c:11:ed:48:8e:43:3d:7b:c5:06:
         4e:1a:9d:a4:b7:3c:4d:70:23:bc:c7:7a:4d:9c:c9:66:e7:13:
         b5:8e:3f:7e:8b:61:01:13:5a:06:e4:4e:6d:74:4a:00:cb:cf:
         66:d1:a2:00:2e:ee:83:e3:9b:2d:c9:e9:28:65:6e:07:d6:3a:
         bd:f2:1e:b3:d7:08:b4:5d:f4:13:df:96:b3:61:fe:1f:e9:4e:
         ef:33:38:2a:60:80:11:0d:10:24:3b:b3:38:c6:59:ba:66:57:
         60:b6:97:b4:53:85:d3:a4:4c:2c:60:0b:1f:e4:60:ea:92:e2:
         6f:79:c3:ce:1a:65:79:e1:d0:1d:3d:95:26:fb:cd:e0:d0:7a:
         68:d0:8a:8a:c2:30:ed:71:de:b6:4e:7a:b7:53:e5:47:11:e2:
         0a:d0:37:15:df:da:82:fa:f3:cc:e7:07:c1:75:16:b6:4e:1a:
         2a:ff:f6:2f:2d:92:fd:f2:b4:9d:9f:97:50:fa:61:4d:c9:47:
         a7:a4:bc:e7:ec:46:07:68:7b:51:81:67:06:ab:d0:52:37:92:
         26:6f:46:ad:9e:02:30:d5:88:ea:68:55:bc:4b:85:5b:16:71:
         ba:7a:ab:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd8isNbltSR9JHTF9Y44CfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQxNjZhOTExNzkzMDhmMjUzYTkxNzU2MTZjY2M2ODI4
YzQ0NjMwHhcNMjUwNjE3MDYxOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTVlZWM2NGM4M2EzYmQyNThlMjZjMGI3MjBlYmQ2YTg3OTZkM2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphJNQDjsHu4JhpnrQHqTC+Hxkq7u
sMUdjyUcCHh280xcU8mnAEXIJuyojWkHBB1ccIyuWn9YpaZEeRCgCozThTWkOWJV
vVfCEJ+mURzg6kXxZh0NNf29In5Hv5ipx5hrmOC0vQw5Ibb7FCaZ5+L8xq/UMR8H
OYCdrSHsI97Bxi9xIg3AItajQERe1T2ncpTdaCPI7XAD4kahx6eGSAF+yKUWWIO+
1GcBWBR5MllJbTgobfZSLw5ne2lOxw4bmEfTMV+7IVWcKBRUkJHp7ny5rl+RNJU4
uHOpu0iM2zTu19IVEE94BfcvVPI8ry/Sod0Up55wkwrloxRR0iRXjwjquQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVe7GTIOjvSWOJsC3IOvWqHltOjMB8GA1UdIwQY
MBaAFN1kFmqRF5MI8lOpF1YWzMaCjERjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3Yzct
NzRkZTI1OGE3NmY4LzEvRlY3c1pNZzZPOUpZNG13TGNnNjlhb2VXMDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3YzctNzRkZTI1OGE3NmY4
LzEvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDZxMA0G
CSqGSIb3DQEBCwUAA4IBAQC2bxfMApWAad2+4mwvinJiZIY2A1DWDtLqS4wR7UiO
Qz17xQZOGp2ktzxNcCO8x3pNnMlm5xO1jj9+i2EBE1oG5E5tdEoAy89m0aIALu6D
45styekoZW4H1jq98h6z1wi0XfQT35azYf4f6U7vMzgqYIARDRAkO7M4xlm6Zldg
tpe0U4XTpEwsYAsf5GDqkuJvecPOGmV54dAdPZUm+83g0Hpo0IqKwjDtcd62Tnq3
U+VHEeIK0DcV39qC+vPM5wfBdRa2Thoq//YvLZL98rSdn5dQ+mFNyUenpLzn7EYH
aHtRgWcGq9BSN5Imb0atngIw1YjqaFW8S4VbFnG6eqve
-----END CERTIFICATE-----