Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/Poiw2E-mLT2v3vPHQ4mWn5Erbv8.roa
File:                     Poiw2E-mLT2v3vPHQ4mWn5Erbv8.roa (raw, json)
Hash identifier:          3V6NagY5nBDP5ry2LKf1AJl9T65osEYx7aEHS/N5Z0A=
Subject key identifier:   3E:88:B0:D8:4F:A6:2D:3D:AF:DE:F3:C7:43:89:96:9F:91:2B:6E:FF
Certificate issuer:       /CN=fd2af9060c1f42c628fcfb8f0781d7a5bc21fc02
Certificate serial:       019A0601F6072F5ABD1B4C6CF6663E50C198
Authority key identifier: FD:2A:F9:06:0C:1F:42:C6:28:FC:FB:8F:07:81:D7:A5:BC:21:FC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Sr5BgwfQsYo_PuPB4HXpbwh_AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/Poiw2E-mLT2v3vPHQ4mWn5Erbv8.roa
Signing time:             Tue 21 Oct 2025 09:03:03 +0000
ROA not before:           Tue 21 Oct 2025 09:03:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197197
IP address blocks:        109.224.64.0/18 maxlen: 18
                          2a00:7e80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/_Sr5BgwfQsYo_PuPB4HXpbwh_AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/_Sr5BgwfQsYo_PuPB4HXpbwh_AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Sr5BgwfQsYo_PuPB4HXpbwh_AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 09:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:06:01:f6:07:2f:5a:bd:1b:4c:6c:f6:66:3e:50:c1:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd2af9060c1f42c628fcfb8f0781d7a5bc21fc02
        Validity
            Not Before: Oct 21 09:03:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e88b0d84fa62d3dafdef3c74389969f912b6eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:8a:59:6b:05:0e:6b:f9:a2:2e:9f:e6:7c:a0:
                    b7:7a:e4:44:81:b2:c7:65:f5:5d:83:15:f5:5d:75:
                    31:49:5d:6e:e9:e2:42:df:7a:e3:f1:7d:33:a4:cb:
                    a1:d4:23:7d:15:2e:1c:e2:e0:84:e1:40:02:71:5d:
                    05:97:86:1d:28:a1:ff:ff:90:63:06:4f:c2:74:f1:
                    c6:7e:10:e5:32:9d:96:47:90:67:a8:49:0a:b9:a0:
                    35:c1:d2:2c:45:80:60:86:19:5c:2e:55:ac:23:91:
                    1c:ff:80:1b:4c:82:1d:8d:ef:62:1a:b5:69:22:5b:
                    ec:80:40:e4:4b:a6:e9:ab:f9:6b:bf:08:0f:ff:ee:
                    af:3d:35:d4:e4:12:87:15:db:96:00:30:4e:13:0e:
                    39:cd:91:87:a9:48:af:c7:0e:90:16:7a:2a:24:db:
                    21:60:64:aa:86:8c:77:05:bf:66:03:50:63:ae:5b:
                    4c:84:93:31:0c:93:bf:36:e5:4c:27:df:cc:b9:78:
                    9c:ce:a2:61:69:96:9f:cc:ca:80:3a:37:26:b6:4c:
                    45:2a:48:27:c3:4f:a5:08:a6:74:0d:46:4f:56:7b:
                    e1:32:8c:ae:a3:71:70:e7:50:3b:a8:15:90:52:42:
                    07:97:fc:bc:35:fb:21:81:38:19:08:bf:da:9e:9e:
                    69:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:88:B0:D8:4F:A6:2D:3D:AF:DE:F3:C7:43:89:96:9F:91:2B:6E:FF
            X509v3 Authority Key Identifier:
                keyid:FD:2A:F9:06:0C:1F:42:C6:28:FC:FB:8F:07:81:D7:A5:BC:21:FC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Sr5BgwfQsYo_PuPB4HXpbwh_AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/Poiw2E-mLT2v3vPHQ4mWn5Erbv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/a98e4a-45aa-408c-b807-bfcf9a922a8b/1/_Sr5BgwfQsYo_PuPB4HXpbwh_AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.224.64.0/18
                IPv6:
                  2a00:7e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         bb:0d:d4:f9:42:2b:ce:05:e0:f7:6f:bc:32:c8:ad:5a:81:ee:
         72:29:2f:a5:5f:4c:fa:ec:ba:77:c2:a9:33:49:b3:9a:1b:f0:
         a5:b7:4d:ca:12:cc:d7:08:cf:03:b1:03:79:b9:85:1e:a2:c2:
         04:c9:95:6d:4c:a9:c6:d1:42:e8:3f:c0:48:50:2b:ec:40:eb:
         80:71:f2:74:88:1c:b5:66:1a:a6:c0:cc:c8:45:25:59:84:91:
         2a:8a:09:a2:4b:0f:72:ae:f9:80:b5:6a:bf:c3:44:e0:16:8c:
         bc:83:24:04:4c:6d:6e:08:f2:b3:dd:05:c5:dc:9f:0d:8f:fe:
         5f:f7:ee:a5:58:d7:2a:44:ee:46:ce:10:71:9a:22:71:b2:6c:
         f3:49:0f:cf:a8:9c:31:46:19:13:36:23:ac:bb:a3:a5:b8:b9:
         65:b6:ea:85:2d:45:97:6c:67:45:01:fc:67:bc:96:9c:b5:7c:
         a0:52:d2:c4:02:5a:8b:84:97:6e:f1:23:f0:0f:63:85:93:62:
         c7:27:ab:d4:e1:d5:28:c4:17:ea:24:6d:0f:65:2e:50:5d:a6:
         7c:08:aa:bb:96:3d:1e:bb:ed:9c:df:b8:f8:2d:3c:93:44:9e:
         ab:61:73:f7:8e:2c:1d:e7:21:35:97:af:39:53:35:b4:b9:03:
         e7:07:d1:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoGAfYHL1q9G0xs9mY+UMGYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMmFmOTA2MGMxZjQyYzYyOGZjZmI4ZjA3ODFkN2E1YmMy
MWZjMDIwHhcNMjUxMDIxMDkwMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTg4YjBkODRmYTYyZDNkYWZkZWYzYzc0Mzg5OTY5ZjkxMmI2ZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14pZawUOa/miLp/mfKC3euREgbLH
ZfVdgxX1XXUxSV1u6eJC33rj8X0zpMuh1CN9FS4c4uCE4UACcV0Fl4YdKKH//5Bj
Bk/CdPHGfhDlMp2WR5BnqEkKuaA1wdIsRYBghhlcLlWsI5Ec/4AbTIIdje9iGrVp
IlvsgEDkS6bpq/lrvwgP/+6vPTXU5BKHFduWADBOEw45zZGHqUivxw6QFnoqJNsh
YGSqhox3Bb9mA1BjrltMhJMxDJO/NuVMJ9/MuXiczqJhaZafzMqAOjcmtkxFKkgn
w0+lCKZ0DUZPVnvhMoyuo3Fw51A7qBWQUkIHl/y8NfshgTgZCL/anp5pJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD6IsNhPpi09r97zx0OJlp+RK27/MB8GA1UdIwQY
MBaAFP0q+QYMH0LGKPz7jweB16W8IfwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NyNUJnd2ZRc1lvX1B1UEI0SFhwYndoX0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hOThlNGEtNDVhYS00MDhjLWI4MDct
YmZjZjlhOTIyYThiLzEvUG9pdzJFLW1MVDJ2M3ZQSFE0bVduNUVyYnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hOThlNGEtNDVhYS00MDhjLWI4MDctYmZjZjlhOTIyYThi
LzEvX1NyNUJnd2ZRc1lvX1B1UEI0SFhwYndoX0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGbeBAMA0E
AgACMAcDBQAqAH6AMA0GCSqGSIb3DQEBCwUAA4IBAQC7DdT5QivOBeD3b7wyyK1a
ge5yKS+lX0z67Lp3wqkzSbOaG/Clt03KEszXCM8DsQN5uYUeosIEyZVtTKnG0ULo
P8BIUCvsQOuAcfJ0iBy1ZhqmwMzIRSVZhJEqigmiSw9yrvmAtWq/w0TgFoy8gyQE
TG1uCPKz3QXF3J8Nj/5f9+6lWNcqRO5GzhBxmiJxsmzzSQ/PqJwxRhkTNiOsu6Ol
uLlltuqFLUWXbGdFAfxnvJactXygUtLEAlqLhJdu8SPwD2OFk2LHJ6vU4dUoxBfq
JG0PZS5QXaZ8CKq7lj0eu+2c37j4LTyTRJ6rYXP3jiwd5yE1l685UzW0uQPnB9Gw
-----END CERTIFICATE-----