Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/AiihUBOdQr5rB4edLupVnrujGho.roa
File:                     AiihUBOdQr5rB4edLupVnrujGho.roa (raw, json)
Hash identifier:          cdzXjZqI3YC7uSFRmQOxs1A0q4wjHZ9LvJy1usvdpjU=
Subject key identifier:   02:28:A1:50:13:9D:42:BE:6B:07:87:9D:2E:EA:55:9E:BB:A3:1A:1A
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0198F15CEFDE8E05D00DE74CC80F30D287A5
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/AiihUBOdQr5rB4edLupVnrujGho.roa
Signing time:             Thu 28 Aug 2025 15:47:36 +0000
ROA not before:           Thu 28 Aug 2025 15:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399989
IP address blocks:        109.111.44.0/22 maxlen: 22
                          109.111.48.0/22 maxlen: 22
                          109.111.60.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f1:5c:ef:de:8e:05:d0:0d:e7:4c:c8:0f:30:d2:87:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Aug 28 15:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0228a150139d42be6b07879d2eea559ebba31a1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a5:68:88:3d:d9:d3:ca:69:4d:6b:07:fc:d6:
                    56:2d:dd:2d:f4:1c:9f:9c:15:f3:96:62:17:cf:29:
                    30:7d:08:d3:7c:02:07:f8:69:2f:92:cd:58:28:0a:
                    9b:01:6f:45:6a:80:19:5f:73:4a:80:03:e4:4b:ed:
                    a8:a9:61:68:b7:47:47:bd:ca:02:a2:c4:8d:93:14:
                    37:66:16:5e:83:fb:0f:4c:d0:b6:fc:95:f5:10:a6:
                    bf:b8:c1:81:ca:e8:1f:ba:95:ae:d8:80:04:bc:65:
                    f7:b4:d8:64:47:be:bf:b2:a4:cc:8d:e7:3d:cc:2e:
                    8e:6f:ac:4b:48:92:80:a6:85:04:80:aa:69:02:f4:
                    40:3a:e7:0e:04:65:63:95:49:25:df:df:55:0a:2d:
                    cf:3d:9c:dc:a4:7b:10:fe:84:da:d1:41:ab:6f:52:
                    61:28:8e:e3:bd:7d:55:11:33:3f:53:ba:a5:95:dc:
                    5b:15:ce:ff:bb:59:33:42:bf:ff:b4:ee:aa:17:a4:
                    ac:59:fb:35:06:a1:60:22:0d:b8:c7:79:8d:91:cd:
                    bd:87:fa:50:bb:bb:c0:98:d7:de:61:d5:40:34:d0:
                    00:e6:f9:08:77:f0:59:19:49:a7:17:0a:af:2f:b3:
                    ec:c6:73:f7:74:c2:a6:8a:a7:d8:78:0b:78:1c:e7:
                    0d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:28:A1:50:13:9D:42:BE:6B:07:87:9D:2E:EA:55:9E:BB:A3:1A:1A
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/AiihUBOdQr5rB4edLupVnrujGho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.44.0-109.111.51.255
                  109.111.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:5f:75:94:8b:d4:f0:25:11:41:95:97:0f:d9:4c:fa:97:44:
         c9:52:e1:13:91:fc:b6:61:67:a4:db:62:59:43:c6:2a:8d:f0:
         35:97:80:16:7a:2e:6c:44:b5:ee:a1:a6:07:17:15:b6:6f:eb:
         92:a6:80:60:23:38:20:38:8e:48:fb:ae:b6:92:43:6d:c5:6f:
         c2:e0:e8:ac:c9:7b:ac:7f:10:5b:ed:1f:e5:23:cf:30:9d:14:
         61:7d:b8:ea:0e:34:b0:3b:ba:a1:2f:8f:a3:4c:50:a4:7b:7f:
         e3:65:41:b7:60:ec:77:41:5b:15:fb:f3:80:87:df:e4:ba:e6:
         20:ae:13:9e:8e:42:f4:f9:d7:b8:70:51:58:f4:2f:e6:79:a4:
         50:a4:63:1e:6c:9d:8e:30:36:30:6f:55:bc:36:85:c1:58:89:
         8f:29:c9:5c:36:77:9e:f9:4d:9c:ee:56:53:b2:51:a3:90:ae:
         23:25:8a:16:eb:60:ca:9c:17:fc:22:46:63:34:95:f3:4e:7a:
         31:0d:c1:0e:d5:51:8c:4d:72:4b:8a:86:77:35:b6:4d:50:dc:
         99:54:0c:56:15:1c:e9:3b:d9:22:a3:14:15:01:20:f6:77:63:
         05:58:09:f4:76:82:7f:46:dc:be:18:84:bb:5f:b5:24:80:e1:
         25:a3:73:4d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZjxXO/ejgXQDedMyA8w0oelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwODI4MTU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjI4YTE1MDEzOWQ0MmJlNmIwNzg3OWQyZWVhNTU5ZWJiYTMxYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KVoiD3Z08ppTWsH/NZWLd0t9Byf
nBXzlmIXzykwfQjTfAIH+Gkvks1YKAqbAW9FaoAZX3NKgAPkS+2oqWFot0dHvcoC
osSNkxQ3ZhZeg/sPTNC2/JX1EKa/uMGByugfupWu2IAEvGX3tNhkR76/sqTMjec9
zC6Ob6xLSJKApoUEgKppAvRAOucOBGVjlUkl399VCi3PPZzcpHsQ/oTa0UGrb1Jh
KI7jvX1VETM/U7qlldxbFc7/u1kzQr//tO6qF6SsWfs1BqFgIg24x3mNkc29h/pQ
u7vAmNfeYdVANNAA5vkId/BZGUmnFwqvL7PsxnP3dMKmiqfYeAt4HOcNVwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAIooVATnUK+aweHnS7qVZ67oxoaMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvQWlpaFVCT2RRcjVyQjRlZEx1cFZucnVqR2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJtbywD
BAJtbzADBAJtbzwwDQYJKoZIhvcNAQELBQADggEBAJ1fdZSL1PAlEUGVlw/ZTPqX
RMlS4ROR/LZhZ6TbYllDxiqN8DWXgBZ6LmxEte6hpgcXFbZv65KmgGAjOCA4jkj7
rraSQ23Fb8Lg6KzJe6x/EFvtH+UjzzCdFGF9uOoONLA7uqEvj6NMUKR7f+NlQbdg
7HdBWxX784CH3+S65iCuE56OQvT517hwUVj0L+Z5pFCkYx5snY4wNjBvVbw2hcFY
iY8pyVw2d575TZzuVlOyUaOQriMlihbrYMqcF/wiRmM0lfNOejENwQ7VUYxNckuK
hnc1tk1Q3JlUDFYVHOk72SKjFBUBIPZ3YwVYCfR2gn9G3L4YhLtftSSA4SWjc00=
-----END CERTIFICATE-----