Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/FeEiiWjAdJKymNjox7n7zCUc9Wk.roa
File:                     FeEiiWjAdJKymNjox7n7zCUc9Wk.roa (raw, json)
Hash identifier:          dzt2dxmN6m2Hyo/H9hlkWWL7XeHHBgERvBsbJJztvYI=
Subject key identifier:   15:E1:22:89:68:C0:74:92:B2:98:D8:E8:C7:B9:FB:CC:25:1C:F5:69
Certificate issuer:       /CN=aa5212958d8e1baa144a82a821f93a890dcba49a
Certificate serial:       0197F976E7D29BFA55FF45F4E9D0C8411BA3
Authority key identifier: AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/FeEiiWjAdJKymNjox7n7zCUc9Wk.roa
Signing time:             Fri 11 Jul 2025 12:30:08 +0000
ROA not before:           Fri 11 Jul 2025 12:30:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38547
IP address blocks:        43.226.224.0/22 maxlen: 22
                          43.226.224.0/24 maxlen: 24
                          43.226.225.0/24 maxlen: 24
                          43.226.226.0/24 maxlen: 24
                          43.226.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:76:e7:d2:9b:fa:55:ff:45:f4:e9:d0:c8:41:1b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa5212958d8e1baa144a82a821f93a890dcba49a
        Validity
            Not Before: Jul 11 12:30:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15e1228968c07492b298d8e8c7b9fbcc251cf569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:4e:a7:a0:11:9a:08:e9:bd:b2:75:ed:6a:40:
                    ba:63:56:35:8d:2b:c1:41:e4:15:9a:69:2b:57:26:
                    c7:0c:7a:bf:5d:f5:a6:cc:d8:68:84:d7:a4:df:3e:
                    5a:76:97:f0:56:76:f1:92:9d:f4:25:c0:80:e5:4f:
                    2a:f5:2a:0e:5f:2a:9f:65:59:97:05:0f:a3:7d:bd:
                    f3:b0:21:3c:7b:6b:d2:e9:dc:d6:9a:ce:e3:9b:48:
                    94:18:89:5f:c4:d7:ee:18:3f:c4:d8:db:bc:fb:b5:
                    5b:69:60:75:35:32:7e:64:fc:94:de:9c:da:da:93:
                    2b:5a:69:ac:18:f7:bf:86:9f:67:47:0d:97:0c:2c:
                    ed:e4:a8:86:d2:4a:0c:03:c0:d9:ff:5e:01:b3:38:
                    bd:86:f6:96:20:18:f6:0e:fc:1e:5b:1e:2f:a2:75:
                    f1:c2:57:0b:ac:0e:86:30:94:ab:55:32:f5:46:49:
                    21:d8:a6:b8:84:6a:20:e5:99:b6:36:3e:eb:02:20:
                    b6:f1:f0:16:9a:5c:b3:4b:e2:75:ad:3c:80:8a:65:
                    06:7a:20:d3:c1:dc:06:11:38:c4:b1:3a:c1:fc:fb:
                    41:5e:ca:d0:46:64:a4:3c:5a:22:ef:71:18:03:98:
                    86:15:04:e4:50:b5:8d:23:50:51:86:cf:82:cd:28:
                    a0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:E1:22:89:68:C0:74:92:B2:98:D8:E8:C7:B9:FB:CC:25:1C:F5:69
            X509v3 Authority Key Identifier:
                keyid:AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/FeEiiWjAdJKymNjox7n7zCUc9Wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:7b:ca:52:a8:fa:22:c5:da:e6:ac:ba:d3:a2:10:28:11:1d:
         4d:b8:c1:b8:b4:5f:84:d1:fe:52:8a:19:01:c9:d2:da:78:31:
         8a:b2:4c:ef:36:d3:14:ec:ac:aa:2e:f1:76:95:1a:e0:da:52:
         35:9f:e8:b0:15:60:f9:c5:4f:b3:c1:c8:f8:1a:2a:91:4a:50:
         fd:c8:1f:e8:6f:db:05:e1:e8:13:11:13:51:9c:99:d5:42:a1:
         59:26:24:45:3e:bf:5d:1b:f0:b6:07:23:6e:3f:a9:0a:dc:41:
         36:50:4e:1b:87:06:8b:b3:ce:5f:d3:9c:54:30:4f:f0:00:4a:
         35:d3:26:cb:de:d1:ba:6d:4c:b5:36:cc:bd:88:ce:7f:50:f0:
         b3:5a:31:28:ab:7c:2e:a9:a5:af:8a:da:f9:97:99:3c:81:26:
         2e:e6:bb:ff:aa:aa:26:c8:7b:a1:7a:3a:25:eb:6e:af:2d:ab:
         a9:05:c9:8a:7e:69:cb:bd:ce:17:45:e8:4b:fa:c0:a4:2e:25:
         8e:97:71:af:fc:1d:d3:4c:68:09:8d:3e:51:d9:f2:e7:2d:dd:
         6a:f2:b2:f6:9b:1a:c8:4b:7a:bc:ae:51:94:4c:19:bd:a8:5f:
         e3:b0:0d:3d:8a:9f:8b:a0:57:9f:42:e9:9d:94:be:8c:17:72:
         79:49:04:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf5dufSm/pV/0X06dDIQRujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTIxMjk1OGQ4ZTFiYWExNDRhODJhODIxZjkzYTg5MGRj
YmE0OWEwHhcNMjUwNzExMTIzMDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWUxMjI4OTY4YzA3NDkyYjI5OGQ4ZThjN2I5ZmJjYzI1MWNmNTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyk6noBGaCOm9snXtakC6Y1Y1jSvB
QeQVmmkrVybHDHq/XfWmzNhohNek3z5adpfwVnbxkp30JcCA5U8q9SoOXyqfZVmX
BQ+jfb3zsCE8e2vS6dzWms7jm0iUGIlfxNfuGD/E2Nu8+7VbaWB1NTJ+ZPyU3pza
2pMrWmmsGPe/hp9nRw2XDCzt5KiG0koMA8DZ/14Bszi9hvaWIBj2DvweWx4vonXx
wlcLrA6GMJSrVTL1Rkkh2Ka4hGog5Zm2Nj7rAiC28fAWmlyzS+J1rTyAimUGeiDT
wdwGETjEsTrB/PtBXsrQRmSkPFoi73EYA5iGFQTkULWNI1BRhs+CzSigOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXhIolowHSSspjY6Me5+8wlHPVpMB8GA1UdIwQY
MBaAFKpSEpWNjhuqFEqCqCH5OokNy6SaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYt
YjQwMWE0YTA0NDkyLzEvRmVFaWlXakFkSkt5bU5qb3g3bjd6Q1VjOVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYtYjQwMWE0YTA0NDky
LzEvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCK+LgMA0G
CSqGSIb3DQEBCwUAA4IBAQBye8pSqPoixdrmrLrTohAoER1NuMG4tF+E0f5SihkB
ydLaeDGKskzvNtMU7KyqLvF2lRrg2lI1n+iwFWD5xU+zwcj4GiqRSlD9yB/ob9sF
4egTERNRnJnVQqFZJiRFPr9dG/C2ByNuP6kK3EE2UE4bhwaLs85f05xUME/wAEo1
0ybL3tG6bUy1Nsy9iM5/UPCzWjEoq3wuqaWvitr5l5k8gSYu5rv/qqomyHuhejol
626vLaupBcmKfmnLvc4XRehL+sCkLiWOl3Gv/B3TTGgJjT5R2fLnLd1q8rL2mxrI
S3q8rlGUTBm9qF/jsA09ip+LoFefQumdlL6MF3J5SQRp
-----END CERTIFICATE-----