Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/FxDzr4dkx7gP7-0QN9qS1QSuAFE.roa
File:                     FxDzr4dkx7gP7-0QN9qS1QSuAFE.roa (raw, json)
Hash identifier:          2+R/DqRWvZVRETti21Zc43TNJBFDVQNiLw4+AXiQO7g=
Subject key identifier:   17:10:F3:AF:87:64:C7:B8:0F:EF:ED:10:37:DA:92:D5:04:AE:00:51
Certificate issuer:       /CN=43724e61e3ba2f94665917339e6dac2b680a18cf
Certificate serial:       0197F0AC892563E76A9C6CA10F53E842FEC2
Authority key identifier: 43:72:4E:61:E3:BA:2F:94:66:59:17:33:9E:6D:AC:2B:68:0A:18:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q3JOYeO6L5RmWRcznm2sK2gKGM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/FxDzr4dkx7gP7-0QN9qS1QSuAFE.roa
Signing time:             Wed 09 Jul 2025 19:32:08 +0000
ROA not before:           Wed 09 Jul 2025 19:32:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50349
IP address blocks:        91.240.248.0/22 maxlen: 22
                          193.150.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/Q3JOYeO6L5RmWRcznm2sK2gKGM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/Q3JOYeO6L5RmWRcznm2sK2gKGM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q3JOYeO6L5RmWRcznm2sK2gKGM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f0:ac:89:25:63:e7:6a:9c:6c:a1:0f:53:e8:42:fe:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43724e61e3ba2f94665917339e6dac2b680a18cf
        Validity
            Not Before: Jul  9 19:32:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1710f3af8764c7b80fefed1037da92d504ae0051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c1:1a:bc:8d:71:f1:d7:c5:47:5e:94:f4:eb:
                    8f:14:d7:a5:8f:d9:8b:2b:ed:2b:57:5d:05:7e:74:
                    21:ed:2f:22:d0:9f:5d:28:fa:11:98:5d:f5:2d:a7:
                    91:19:a2:22:9f:d4:92:08:63:f9:05:c8:5d:38:2b:
                    30:04:93:03:11:1e:13:36:da:0b:29:b8:cf:59:bd:
                    52:91:dc:96:80:4e:14:43:3b:bd:32:7b:c7:ef:60:
                    58:cb:57:cf:a6:f8:fa:78:67:28:61:a4:da:3c:08:
                    fd:70:64:0f:9c:66:b0:c4:dc:b4:3f:c7:2e:04:15:
                    75:05:db:24:d8:8d:9a:f2:d9:23:e9:39:ce:8e:e1:
                    55:aa:e1:30:ae:d2:d9:79:bb:c1:19:a5:32:7e:59:
                    78:70:a1:63:8c:92:5a:b4:bf:55:52:2b:36:e0:27:
                    b8:ee:21:95:26:05:64:94:25:d0:5f:1f:76:5c:5d:
                    c8:25:d8:37:d3:8a:12:44:60:bc:7a:de:b7:d7:2d:
                    b8:a1:53:3c:a6:c1:d4:92:11:ab:f2:f3:5f:ba:4a:
                    1c:45:2c:e0:47:92:c9:ff:0c:b6:db:8e:0f:06:97:
                    b2:ee:6a:27:1d:a6:21:6f:e2:4c:b4:a4:30:59:cd:
                    f0:42:58:8a:fe:82:25:61:0e:e8:af:3e:04:74:11:
                    79:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:10:F3:AF:87:64:C7:B8:0F:EF:ED:10:37:DA:92:D5:04:AE:00:51
            X509v3 Authority Key Identifier:
                keyid:43:72:4E:61:E3:BA:2F:94:66:59:17:33:9E:6D:AC:2B:68:0A:18:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q3JOYeO6L5RmWRcznm2sK2gKGM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/FxDzr4dkx7gP7-0QN9qS1QSuAFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/Q3JOYeO6L5RmWRcznm2sK2gKGM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.248.0/22
                  193.150.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:6a:10:4d:5c:32:ac:66:b3:a3:8f:16:48:67:13:da:f3:df:
         59:e1:5f:c8:56:bd:a7:84:9c:56:8b:c9:30:d2:79:9b:08:e9:
         76:9f:af:6a:05:65:7b:4a:12:eb:15:f9:4c:97:90:c3:91:a4:
         12:0a:0a:6d:72:8e:5d:b9:75:0f:e7:9e:08:31:08:60:e1:67:
         71:de:43:a3:90:f9:23:b2:b7:af:03:1d:94:db:56:62:30:e8:
         31:34:78:c4:6f:3c:4a:34:18:18:40:ba:b3:59:b4:ca:d9:71:
         a3:9c:61:72:49:2d:ed:3b:59:e2:b4:7d:db:9c:7f:7d:48:24:
         5e:e2:6b:20:b5:6b:c9:5b:c6:3a:91:15:59:28:c7:1c:d3:75:
         97:ed:68:35:8a:90:84:7a:e3:5a:3a:ae:28:30:3e:3b:a2:cc:
         19:74:75:71:5a:1e:e7:34:7a:00:f4:3f:62:a7:e3:66:b2:59:
         75:b4:0f:67:27:dd:aa:59:38:bb:ad:e6:93:6d:0b:82:5d:ff:
         eb:5e:52:c3:d5:ea:a0:f3:b3:f3:fb:86:c6:e5:57:31:c3:34:
         fa:7e:dc:4b:de:d9:bf:39:7a:a2:10:25:fb:b3:8a:19:0c:e5:
         73:e1:ed:32:43:fa:a6:a7:09:f4:7f:8a:06:dc:bf:a9:80:4f:
         b5:09:ad:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfwrIklY+dqnGyhD1PoQv7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNzI0ZTYxZTNiYTJmOTQ2NjU5MTczMzllNmRhYzJiNjgw
YTE4Y2YwHhcNMjUwNzA5MTkzMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzEwZjNhZjg3NjRjN2I4MGZlZmVkMTAzN2RhOTJkNTA0YWUwMDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sEavI1x8dfFR16U9OuPFNelj9mL
K+0rV10FfnQh7S8i0J9dKPoRmF31LaeRGaIin9SSCGP5BchdOCswBJMDER4TNtoL
KbjPWb1SkdyWgE4UQzu9MnvH72BYy1fPpvj6eGcoYaTaPAj9cGQPnGawxNy0P8cu
BBV1Bdsk2I2a8tkj6TnOjuFVquEwrtLZebvBGaUyfll4cKFjjJJatL9VUis24Ce4
7iGVJgVklCXQXx92XF3IJdg304oSRGC8et631y24oVM8psHUkhGr8vNfukocRSzg
R5LJ/wy2244PBpey7monHaYhb+JMtKQwWc3wQliK/oIlYQ7orz4EdBF5OwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBcQ86+HZMe4D+/tEDfaktUErgBRMB8GA1UdIwQY
MBaAFENyTmHjui+UZlkXM55trCtoChjPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTNKT1llTzZMNVJtV1Jjem5tMnNLMmdLR004LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8wM2FmOGItM2U1OC00OTE2LWE5YjUt
NmI4NzcwMzZhYTFhLzEvRnhEenI0ZGt4N2dQNy0wUU45cVMxUVN1QUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8wM2FmOGItM2U1OC00OTE2LWE5YjUtNmI4NzcwMzZhYTFh
LzEvUTNKT1llTzZMNVJtV1Jjem5tMnNLMmdLR004LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW/D4AwQA
wZYVMA0GCSqGSIb3DQEBCwUAA4IBAQCwahBNXDKsZrOjjxZIZxPa899Z4V/IVr2n
hJxWi8kw0nmbCOl2n69qBWV7ShLrFflMl5DDkaQSCgptco5duXUP554IMQhg4Wdx
3kOjkPkjsrevAx2U21ZiMOgxNHjEbzxKNBgYQLqzWbTK2XGjnGFySS3tO1nitH3b
nH99SCRe4msgtWvJW8Y6kRVZKMcc03WX7Wg1ipCEeuNaOq4oMD47oswZdHVxWh7n
NHoA9D9ip+Nmsll1tA9nJ92qWTi7reaTbQuCXf/rXlLD1eqg87Pz+4bG5VcxwzT6
ftxL3tm/OXqiECX7s4oZDOVz4e0yQ/qmpwn0f4oG3L+pgE+1Ca0F
-----END CERTIFICATE-----