Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/aSbzflu2ueBH4HFc6DoptPDX5Rc.roa
File:                     aSbzflu2ueBH4HFc6DoptPDX5Rc.roa (raw, json)
Hash identifier:          Ps8MiI9EyDzRjGBlJSLfyNG1HvPUvesSrz/Go0N5kKw=
Subject key identifier:   69:26:F3:7E:5B:B6:B9:E0:47:E0:71:5C:E8:3A:29:B4:F0:D7:E5:17
Certificate issuer:       /CN=43724e61e3ba2f94665917339e6dac2b680a18cf
Certificate serial:       0197F0B69C0ED1DD228C0EB2FD5D04025B8F
Authority key identifier: 43:72:4E:61:E3:BA:2F:94:66:59:17:33:9E:6D:AC:2B:68:0A:18:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q3JOYeO6L5RmWRcznm2sK2gKGM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/aSbzflu2ueBH4HFc6DoptPDX5Rc.roa
Signing time:             Wed 09 Jul 2025 19:43:08 +0000
ROA not before:           Wed 09 Jul 2025 19:43:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34927
IP address blocks:        91.240.248.0/22 maxlen: 22
                          193.150.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/Q3JOYeO6L5RmWRcznm2sK2gKGM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/Q3JOYeO6L5RmWRcznm2sK2gKGM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q3JOYeO6L5RmWRcznm2sK2gKGM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f0:b6:9c:0e:d1:dd:22:8c:0e:b2:fd:5d:04:02:5b:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43724e61e3ba2f94665917339e6dac2b680a18cf
        Validity
            Not Before: Jul  9 19:43:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6926f37e5bb6b9e047e0715ce83a29b4f0d7e517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c3:9e:2b:60:f0:f9:dc:ba:82:2d:4b:a0:e2:
                    1e:f6:2a:95:de:db:1b:20:0e:6c:0c:b5:ca:29:7a:
                    05:c6:14:64:d5:ce:e7:6e:f6:02:21:b7:8d:fc:93:
                    77:7a:4e:f7:a0:91:66:b5:28:55:a8:eb:ba:08:6b:
                    c3:0a:c8:8e:f4:26:49:b7:da:f2:a3:fe:d8:78:85:
                    03:d7:d1:8f:0e:f1:2b:50:93:bf:7c:09:4a:15:d5:
                    e3:ed:26:53:c3:57:47:64:6e:17:9b:ca:4f:df:35:
                    01:c6:ed:d2:ca:16:f0:89:a0:b2:c4:51:47:4b:54:
                    18:57:70:33:17:99:70:f6:94:ca:da:38:fe:cd:7a:
                    60:82:dc:fa:33:42:da:8f:8d:eb:ad:ab:72:d2:7b:
                    5b:42:99:95:66:02:84:b1:59:a1:e3:42:29:e9:35:
                    73:96:3e:05:a2:b2:a4:9d:a5:96:6a:30:b1:f6:49:
                    8f:fa:c3:22:4d:70:0f:b8:54:b3:91:56:b5:be:e1:
                    f3:50:a9:46:67:aa:bf:b2:d2:ec:40:34:a8:99:9b:
                    fa:0e:a6:a0:4f:b7:4f:3a:e1:0f:43:36:53:72:8c:
                    24:a5:b6:84:be:08:ac:8e:ac:c4:3f:38:fb:8d:53:
                    58:67:dd:f3:30:e0:ff:e9:f9:7f:d4:bc:5d:ff:91:
                    e9:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:26:F3:7E:5B:B6:B9:E0:47:E0:71:5C:E8:3A:29:B4:F0:D7:E5:17
            X509v3 Authority Key Identifier:
                keyid:43:72:4E:61:E3:BA:2F:94:66:59:17:33:9E:6D:AC:2B:68:0A:18:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q3JOYeO6L5RmWRcznm2sK2gKGM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/aSbzflu2ueBH4HFc6DoptPDX5Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/03af8b-3e58-4916-a9b5-6b877036aa1a/1/Q3JOYeO6L5RmWRcznm2sK2gKGM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.248.0/22
                  193.150.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:ca:58:30:06:f1:74:fe:a8:8c:bb:bf:35:b5:a2:7e:1b:a7:
         e8:67:3d:a4:d3:d0:7f:44:ea:ba:4e:10:d6:31:ab:d2:0d:a0:
         b0:21:8e:c4:f4:28:e5:e9:20:77:26:7b:f2:00:3b:3b:b0:9f:
         1f:cd:0d:7a:f7:c5:d6:bf:89:51:80:49:fa:be:88:e4:b8:24:
         a4:f3:3b:9b:f6:a9:18:43:ee:cc:60:59:45:ff:d5:8d:9b:1d:
         eb:39:6a:77:5c:5a:1f:c9:1b:26:34:ea:4a:56:97:96:bb:9a:
         06:de:51:69:e5:d1:d1:63:06:25:29:01:28:bb:80:38:dd:37:
         8e:9c:f3:6a:03:61:0f:8e:c3:9b:2e:2f:21:16:3f:c3:30:a1:
         37:b2:5c:fe:2d:09:6b:8a:9f:e2:5d:e8:8a:e5:83:88:78:9a:
         62:82:10:a7:52:84:cc:e9:48:4f:9a:a1:c9:5e:5a:d3:7c:4e:
         d5:cc:ee:b8:3a:7d:65:b6:e1:7c:ea:fb:52:5f:e7:69:e6:c1:
         1e:a2:33:00:bf:af:2a:59:46:93:de:15:19:89:b5:9d:d5:37:
         9d:2c:fd:85:17:32:63:68:d1:33:52:09:05:9e:0c:0c:32:b6:
         ed:9d:73:ba:cd:12:8f:75:98:22:e1:4b:81:b7:6f:3c:19:1c:
         f3:3b:29:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfwtpwO0d0ijA6y/V0EAluPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNzI0ZTYxZTNiYTJmOTQ2NjU5MTczMzllNmRhYzJiNjgw
YTE4Y2YwHhcNMjUwNzA5MTk0MzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTI2ZjM3ZTViYjZiOWUwNDdlMDcxNWNlODNhMjliNGYwZDdlNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusOeK2Dw+dy6gi1LoOIe9iqV3tsb
IA5sDLXKKXoFxhRk1c7nbvYCIbeN/JN3ek73oJFmtShVqOu6CGvDCsiO9CZJt9ry
o/7YeIUD19GPDvErUJO/fAlKFdXj7SZTw1dHZG4Xm8pP3zUBxu3SyhbwiaCyxFFH
S1QYV3AzF5lw9pTK2jj+zXpggtz6M0Laj43rraty0ntbQpmVZgKEsVmh40Ip6TVz
lj4ForKknaWWajCx9kmP+sMiTXAPuFSzkVa1vuHzUKlGZ6q/stLsQDSomZv6Dqag
T7dPOuEPQzZTcowkpbaEvgisjqzEPzj7jVNYZ93zMOD/6fl/1Lxd/5HpjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGkm835btrngR+BxXOg6KbTw1+UXMB8GA1UdIwQY
MBaAFENyTmHjui+UZlkXM55trCtoChjPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTNKT1llTzZMNVJtV1Jjem5tMnNLMmdLR004LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8wM2FmOGItM2U1OC00OTE2LWE5YjUt
NmI4NzcwMzZhYTFhLzEvYVNiemZsdTJ1ZUJINEhGYzZEb3B0UERYNVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8wM2FmOGItM2U1OC00OTE2LWE5YjUtNmI4NzcwMzZhYTFh
LzEvUTNKT1llTzZMNVJtV1Jjem5tMnNLMmdLR004LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW/D4AwQA
wZYVMA0GCSqGSIb3DQEBCwUAA4IBAQArylgwBvF0/qiMu781taJ+G6foZz2k09B/
ROq6ThDWMavSDaCwIY7E9Cjl6SB3JnvyADs7sJ8fzQ1698XWv4lRgEn6vojkuCSk
8zub9qkYQ+7MYFlF/9WNmx3rOWp3XFofyRsmNOpKVpeWu5oG3lFp5dHRYwYlKQEo
u4A43TeOnPNqA2EPjsObLi8hFj/DMKE3slz+LQlrip/iXeiK5YOIeJpighCnUoTM
6UhPmqHJXlrTfE7VzO64On1ltuF86vtSX+dp5sEeojMAv68qWUaT3hUZibWd1Ted
LP2FFzJjaNEzUgkFngwMMrbtnXO6zRKPdZgi4UuBt288GRzzOymg
-----END CERTIFICATE-----