Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/F0suYji7pyda6Pgm_yX79A_qaTE.roa
File:                     F0suYji7pyda6Pgm_yX79A_qaTE.roa (raw, json)
Hash identifier:          XG7UorX0bbwleiT45k2X3jyWBSNu43oe/Y2K8gmt6hs=
Subject key identifier:   17:4B:2E:62:38:BB:A7:27:5A:E8:F8:26:FF:25:FB:F4:0F:EA:69:31
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01991C73052FA0F6498D64D5DDE7714E2778
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/F0suYji7pyda6Pgm_yX79A_qaTE.roa
Signing time:             Sat 06 Sep 2025 00:35:23 +0000
ROA not before:           Sat 06 Sep 2025 00:35:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        109.111.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1c:73:05:2f:a0:f6:49:8d:64:d5:dd:e7:71:4e:27:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Sep  6 00:35:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=174b2e6238bba7275ae8f826ff25fbf40fea6931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:49:74:5d:2c:70:9f:62:67:fb:0b:e9:6c:1c:
                    9e:0d:98:f7:df:5f:a5:8b:5e:5c:1e:f5:da:9e:d1:
                    aa:bc:ab:af:35:67:0a:64:36:5f:8c:0d:d4:23:15:
                    35:a8:99:9b:d0:2e:47:2f:41:5e:9e:92:fd:8d:35:
                    0d:64:42:0c:68:27:6b:8e:64:65:75:63:47:a1:e9:
                    81:7e:dd:2d:46:ae:1b:07:0d:a0:20:4c:ed:57:50:
                    86:60:f6:a8:68:d0:88:4d:27:c7:98:d5:e1:d4:84:
                    69:0b:04:39:60:f1:9f:3a:81:3f:2b:d9:29:7a:f5:
                    5d:37:2e:53:81:26:3f:c8:4d:98:0a:33:42:21:04:
                    eb:71:6c:ff:bf:42:26:fb:76:96:4c:71:e1:c9:db:
                    ef:3d:c2:e1:f8:3d:28:de:5c:aa:c1:f5:f2:ef:55:
                    40:b2:3b:9a:ff:bc:07:69:8c:97:45:b3:76:e7:f9:
                    b3:7c:70:ba:7f:9a:e8:d2:3b:8b:72:77:7e:8b:d1:
                    9c:c1:95:17:72:77:d5:32:b5:5a:b5:11:22:a7:57:
                    1c:a0:f0:97:6e:da:d1:c5:50:2d:42:65:8f:cd:a5:
                    e6:47:68:7e:4d:11:f3:03:5c:5f:d3:2e:78:b5:f1:
                    66:f7:a7:e1:7b:93:d4:fe:54:aa:73:0e:0d:35:38:
                    d0:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4B:2E:62:38:BB:A7:27:5A:E8:F8:26:FF:25:FB:F4:0F:EA:69:31
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/F0suYji7pyda6Pgm_yX79A_qaTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:b9:f1:a9:8b:f1:72:f3:ea:0f:b4:ae:da:87:69:a3:72:4c:
         99:5d:8f:d9:2b:55:e7:7b:7c:0b:44:fb:76:e8:ad:36:20:2b:
         24:84:7a:5d:fc:6c:98:66:7d:06:f8:35:a9:07:97:33:04:68:
         50:1b:4d:2a:f3:d9:4c:a5:76:89:1c:db:4a:6b:bb:24:be:66:
         52:a5:50:cb:e3:74:b2:b8:00:08:d1:c8:b0:a4:55:a7:ed:1c:
         46:ea:21:8f:d1:9f:85:b7:1f:ec:33:5d:21:d9:58:3e:a4:a0:
         15:42:fc:53:ef:c6:2c:68:9d:ce:01:db:6e:c9:ae:a5:3a:63:
         70:2e:d6:69:12:02:19:cd:ef:dc:fe:01:ee:a4:5c:a0:9a:e8:
         21:a7:5e:93:61:82:ff:07:af:ef:c8:8a:3d:49:26:e1:32:73:
         b9:2b:12:ae:7e:7c:70:c5:ea:02:b6:01:d4:da:6c:59:c7:02:
         77:4c:1a:c8:f5:1d:3d:1b:ce:49:f4:69:55:35:eb:1c:ac:50:
         54:00:63:0f:b1:01:93:b6:4e:1a:cf:8c:d5:89:a6:08:d7:e2:
         75:e2:43:e6:41:d2:4a:a5:7b:bc:7e:b8:bd:cf:c7:f6:61:69:
         e4:2f:d5:4a:e0:2e:05:bf:66:6d:67:4e:41:16:0f:d4:5a:0f:
         31:62:53:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkccwUvoPZJjWTV3edxTid4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwOTA2MDAzNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzRiMmU2MjM4YmJhNzI3NWFlOGY4MjZmZjI1ZmJmNDBmZWE2OTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0l0XSxwn2Jn+wvpbByeDZj331+l
i15cHvXantGqvKuvNWcKZDZfjA3UIxU1qJmb0C5HL0FenpL9jTUNZEIMaCdrjmRl
dWNHoemBft0tRq4bBw2gIEztV1CGYPaoaNCITSfHmNXh1IRpCwQ5YPGfOoE/K9kp
evVdNy5TgSY/yE2YCjNCIQTrcWz/v0Im+3aWTHHhydvvPcLh+D0o3lyqwfXy71VA
sjua/7wHaYyXRbN25/mzfHC6f5ro0juLcnd+i9GcwZUXcnfVMrVatREip1ccoPCX
btrRxVAtQmWPzaXmR2h+TRHzA1xf0y54tfFm96fhe5PU/lSqcw4NNTjQDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdLLmI4u6cnWuj4Jv8l+/QP6mkxMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvRjBzdVlqaTdweWRhNlBnbV95WDc5QV9xYVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbW84MA0G
CSqGSIb3DQEBCwUAA4IBAQAqufGpi/Fy8+oPtK7ah2mjckyZXY/ZK1Xne3wLRPt2
6K02ICskhHpd/GyYZn0G+DWpB5czBGhQG00q89lMpXaJHNtKa7skvmZSpVDL43Sy
uAAI0ciwpFWn7RxG6iGP0Z+Ftx/sM10h2Vg+pKAVQvxT78YsaJ3OAdtuya6lOmNw
LtZpEgIZze/c/gHupFygmughp16TYYL/B6/vyIo9SSbhMnO5KxKufnxwxeoCtgHU
2mxZxwJ3TBrI9R09G85J9GlVNescrFBUAGMPsQGTtk4az4zViaYI1+J14kPmQdJK
pXu8fri9z8f2YWnkL9VK4C4Fv2ZtZ05BFg/UWg8xYlMc
-----END CERTIFICATE-----