Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/c4ykFbyuwWpyJB2BWXBrS7MqqhY.roa
File:                     c4ykFbyuwWpyJB2BWXBrS7MqqhY.roa (raw, json)
Hash identifier:          UGvZJpCibJ35udevs4lq6j/MrSO/YRjfu8sL9IBPTdk=
Subject key identifier:   73:8C:A4:15:BC:AE:C1:6A:72:24:1D:81:59:70:6B:4B:B3:2A:AA:16
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019962805D4A9FD024359090BCC8C5EF5080
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/c4ykFbyuwWpyJB2BWXBrS7MqqhY.roa
Signing time:             Fri 19 Sep 2025 15:03:23 +0000
ROA not before:           Fri 19 Sep 2025 15:03:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        64.137.52.0/23 maxlen: 23
                          104.233.0.0/22 maxlen: 22
                          104.233.4.0/22 maxlen: 22
                          104.238.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 04:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:62:80:5d:4a:9f:d0:24:35:90:90:bc:c8:c5:ef:50:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Sep 19 15:03:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=738ca415bcaec16a72241d8159706b4bb32aaa16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:bc:4e:44:76:a7:86:47:e2:08:76:75:8b:7b:
                    be:c4:d7:af:5d:5a:bb:92:a9:54:d8:bc:9a:ed:69:
                    ac:24:c2:e3:1f:08:4e:fb:f8:0f:45:b7:e2:74:33:
                    48:38:ed:6c:54:1c:06:e4:91:fa:39:dd:f2:48:58:
                    8e:95:70:53:7e:0a:b0:ca:3a:57:3a:9a:f8:e5:b9:
                    5d:6d:db:ac:22:70:9f:3e:36:6b:48:06:1e:4f:d0:
                    76:5b:9b:b4:6b:28:16:4e:a4:8a:07:53:06:34:de:
                    d5:2f:90:15:35:c9:11:f9:7e:81:11:90:c6:76:ca:
                    cd:5c:c5:dc:3d:de:b7:b6:b9:d0:d4:19:2c:d5:bb:
                    37:84:3a:27:3b:ad:fa:89:a9:44:d4:44:29:cc:a5:
                    8d:23:b8:5d:c6:03:73:c7:1f:6c:a7:fb:51:62:79:
                    e9:2b:48:17:25:7e:a3:f3:8f:92:5d:28:0b:5b:a2:
                    44:82:54:dc:b7:58:3c:c1:eb:12:59:5e:ee:42:eb:
                    ff:5e:0a:0e:f1:3d:98:86:a7:f4:e3:f6:b9:d8:aa:
                    49:0c:37:6e:1a:87:05:35:92:6a:48:a9:88:b5:d2:
                    62:60:7b:95:b0:fb:8d:ac:76:91:18:67:ce:16:78:
                    0d:58:15:c2:ca:a3:c7:00:6a:d1:00:11:2f:7a:0a:
                    fc:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:8C:A4:15:BC:AE:C1:6A:72:24:1D:81:59:70:6B:4B:B3:2A:AA:16
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/c4ykFbyuwWpyJB2BWXBrS7MqqhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.52.0/23
                  104.233.0.0/21
                  104.238.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:30:1a:e7:cd:bc:b3:5c:1c:cc:dc:a0:c7:c9:4d:4b:68:58:
         8c:fd:4b:d5:5e:39:91:04:8e:f6:7b:07:1f:5d:9d:8f:be:56:
         6f:ca:75:cd:1d:1f:86:08:50:0c:21:8c:7c:e2:f6:7d:2c:03:
         45:51:67:0b:98:fb:6f:10:15:64:7d:08:b4:37:54:10:12:a2:
         19:52:a4:2d:44:81:e2:d3:07:a3:cf:9d:a9:bb:64:59:7d:dc:
         30:b5:29:26:59:19:17:70:b4:32:c4:58:b1:e5:8a:a4:ec:fc:
         99:39:bb:04:e5:ea:69:1e:0c:3c:94:72:ca:d6:fd:50:09:7d:
         05:d9:8c:61:fa:9c:3a:62:0b:66:61:33:7c:d0:81:ca:b7:dc:
         15:4f:15:03:b3:71:56:cd:6d:30:cf:34:6c:b9:8d:f0:a3:06:
         cf:2c:a3:1a:31:21:34:87:33:9e:37:c4:f3:73:0e:1f:8e:71:
         a4:be:a8:1b:67:91:ab:50:ad:a3:ac:2b:a0:ce:be:e7:d3:14:
         3a:02:da:12:50:87:88:cc:d6:af:2c:64:f8:fa:47:73:d0:d7:
         93:09:01:80:e4:aa:a5:9e:39:f5:35:80:c0:e7:79:3c:fa:fb:
         bf:2d:b5:fb:a7:2f:d4:a8:f4:b0:ac:3d:e0:cf:8a:4d:ba:9b:
         28:3b:fa:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZligF1Kn9AkNZCQvMjF71CAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwOTE5MTUwMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzhjYTQxNWJjYWVjMTZhNzIyNDFkODE1OTcwNmI0YmIzMmFhYTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrxORHanhkfiCHZ1i3u+xNevXVq7
kqlU2Lya7WmsJMLjHwhO+/gPRbfidDNIOO1sVBwG5JH6Od3ySFiOlXBTfgqwyjpX
Opr45bldbdusInCfPjZrSAYeT9B2W5u0aygWTqSKB1MGNN7VL5AVNckR+X6BEZDG
dsrNXMXcPd63trnQ1Bks1bs3hDonO636ialE1EQpzKWNI7hdxgNzxx9sp/tRYnnp
K0gXJX6j84+SXSgLW6JEglTct1g8wesSWV7uQuv/XgoO8T2Yhqf04/a52KpJDDdu
GocFNZJqSKmItdJiYHuVsPuNrHaRGGfOFngNWBXCyqPHAGrRABEvegr84wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHOMpBW8rsFqciQdgVlwa0uzKqoWMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvYzR5a0ZieXV3V3B5SkIyQldYQnJTN01xcWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBQIk0AwQD
aOkAAwQCaO4AMA0GCSqGSIb3DQEBCwUAA4IBAQCBMBrnzbyzXBzM3KDHyU1LaFiM
/UvVXjmRBI72ewcfXZ2PvlZvynXNHR+GCFAMIYx84vZ9LANFUWcLmPtvEBVkfQi0
N1QQEqIZUqQtRIHi0wejz52pu2RZfdwwtSkmWRkXcLQyxFix5Yqk7PyZObsE5epp
Hgw8lHLK1v1QCX0F2Yxh+pw6YgtmYTN80IHKt9wVTxUDs3FWzW0wzzRsuY3wowbP
LKMaMSE0hzOeN8Tzcw4fjnGkvqgbZ5GrUK2jrCugzr7n0xQ6AtoSUIeIzNavLGT4
+kdz0NeTCQGA5Kqlnjn1NYDA53k8+vu/LbX7py/UqPSwrD3gz4pNupsoO/pw
-----END CERTIFICATE-----