Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/_Vf3TO7lMmdtkCjp92trzTwldE4.roa
File:                     _Vf3TO7lMmdtkCjp92trzTwldE4.roa (raw, json)
Hash identifier:          ThjCJsCygSwWOPGFIhdZvUVgS1n+5uy4UgbfkgRne8M=
Subject key identifier:   FD:57:F7:4C:EE:E5:32:67:6D:90:28:E9:F7:6B:6B:CD:3C:25:74:4E
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019983089AA42DC738D6DEB105908BE417D0
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/_Vf3TO7lMmdtkCjp92trzTwldE4.roa
Signing time:             Thu 25 Sep 2025 22:40:03 +0000
ROA not before:           Thu 25 Sep 2025 22:40:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62068
IP address blocks:        43.240.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:83:08:9a:a4:2d:c7:38:d6:de:b1:05:90:8b:e4:17:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Sep 25 22:40:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd57f74ceee532676d9028e9f76b6bcd3c25744e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:be:25:8a:e2:71:8f:8e:b0:4c:3b:86:81:86:
                    5d:64:d5:27:84:60:2e:ec:85:10:f9:bf:33:d9:22:
                    c5:ed:a9:f4:13:a1:b9:e6:1f:5e:2b:ad:36:44:c0:
                    af:3d:a1:3f:6c:d4:71:8c:cc:08:83:7d:13:d2:37:
                    cf:5f:17:f7:db:b2:e7:6d:5e:32:e0:1f:82:b6:5d:
                    b7:9d:56:d4:05:78:ff:30:35:cc:8c:47:c9:a2:34:
                    ff:f5:3e:b7:ad:6b:28:f8:9c:ed:c9:60:a5:0b:aa:
                    af:9c:0e:75:23:04:19:db:d5:0f:63:5a:6a:e6:0b:
                    2d:27:60:93:b4:54:ca:d4:a3:0d:84:69:a9:95:48:
                    1b:45:24:d5:98:00:81:09:7d:ce:07:6d:fe:36:67:
                    9f:5d:dd:8e:0b:e1:4f:16:54:f1:83:81:1d:a5:13:
                    a8:91:1e:4a:0b:16:16:6f:d1:2f:36:bb:e3:a3:c8:
                    11:0a:84:53:15:20:4d:c6:e5:1f:72:50:13:59:4b:
                    02:0a:73:6d:45:be:84:57:07:c8:1e:a4:6a:70:4d:
                    93:6e:7d:c1:fa:8e:41:df:75:4f:19:55:20:8d:0c:
                    3a:af:7f:c4:e9:e2:c3:99:e7:81:9c:4c:2e:bf:ed:
                    c8:91:2c:36:aa:cc:71:d5:37:61:81:f0:d2:ae:99:
                    5c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:57:F7:4C:EE:E5:32:67:6D:90:28:E9:F7:6B:6B:CD:3C:25:74:4E
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/_Vf3TO7lMmdtkCjp92trzTwldE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:a8:ed:f9:81:27:de:1e:83:9e:5d:92:2b:26:a2:99:2f:d5:
         ea:d5:62:b9:b3:56:a2:f4:6a:de:91:d8:b3:38:19:65:9a:dd:
         2c:ce:c0:b9:9a:47:de:5f:a5:e9:db:b5:0c:f8:fb:a5:46:f3:
         02:47:6d:48:a4:21:e3:cd:d0:f9:46:01:26:c7:c2:60:5b:d9:
         14:73:45:cc:62:77:38:85:00:0d:45:21:24:64:3c:26:b6:bf:
         29:24:89:e8:a2:a4:a6:8b:c6:03:ea:1c:a7:c7:6a:05:5e:27:
         18:66:75:31:86:d7:cf:cd:a1:e1:fd:63:98:26:b7:ea:55:ca:
         a8:65:a0:73:3f:68:24:5a:03:24:62:74:5c:eb:73:c1:aa:07:
         69:1f:12:6e:89:6b:dc:0e:ae:49:dd:03:31:2b:1d:f7:c0:d2:
         87:66:6d:9f:45:29:59:68:b9:f4:27:52:6a:dd:7d:57:7d:83:
         52:c0:48:58:65:db:f9:12:38:e4:27:73:8d:51:39:77:f2:ed:
         1d:e4:60:00:59:49:a7:12:b6:cb:ea:b2:40:99:3b:41:86:a2:
         26:ba:dc:8d:ad:f7:84:e2:78:29:77:96:0e:28:f2:50:33:73:
         1f:55:b5:7b:d8:a1:37:b3:d9:67:0a:46:a0:0f:79:e7:ee:7e:
         a4:5e:ce:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmDCJqkLcc41t6xBZCL5BfQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwOTI1MjI0MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDU3Zjc0Y2VlZTUzMjY3NmQ5MDI4ZTlmNzZiNmJjZDNjMjU3NDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo74liuJxj46wTDuGgYZdZNUnhGAu
7IUQ+b8z2SLF7an0E6G55h9eK602RMCvPaE/bNRxjMwIg30T0jfPXxf327LnbV4y
4B+Ctl23nVbUBXj/MDXMjEfJojT/9T63rWso+JztyWClC6qvnA51IwQZ29UPY1pq
5gstJ2CTtFTK1KMNhGmplUgbRSTVmACBCX3OB23+NmefXd2OC+FPFlTxg4EdpROo
kR5KCxYWb9EvNrvjo8gRCoRTFSBNxuUfclATWUsCCnNtRb6EVwfIHqRqcE2Tbn3B
+o5B33VPGVUgjQw6r3/E6eLDmeeBnEwuv+3IkSw2qsxx1TdhgfDSrplczQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1X90zu5TJnbZAo6fdra808JXROMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvX1ZmM1RPN2xNbWR0a0NqcDkydHJ6VHdsZEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAK/CWMA0G
CSqGSIb3DQEBCwUAA4IBAQCPqO35gSfeHoOeXZIrJqKZL9Xq1WK5s1ai9Grekdiz
OBllmt0szsC5mkfeX6Xp27UM+PulRvMCR21IpCHjzdD5RgEmx8JgW9kUc0XMYnc4
hQANRSEkZDwmtr8pJInooqSmi8YD6hynx2oFXicYZnUxhtfPzaHh/WOYJrfqVcqo
ZaBzP2gkWgMkYnRc63PBqgdpHxJuiWvcDq5J3QMxKx33wNKHZm2fRSlZaLn0J1Jq
3X1XfYNSwEhYZdv5EjjkJ3ONUTl38u0d5GAAWUmnErbL6rJAmTtBhqImutyNrfeE
4ngpd5YOKPJQM3MfVbV72KE3s9lnCkagD3nn7n6kXs6c
-----END CERTIFICATE-----