Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/jlFeNJ8rFVn7ISsVs5qgW0jO98c.roa
File:                     jlFeNJ8rFVn7ISsVs5qgW0jO98c.roa (raw, json)
Hash identifier:          oHAWcW6fUfRIZDDzOU5psAplOlkZMhM2BE4gMWHzjcw=
Subject key identifier:   8E:51:5E:34:9F:2B:15:59:FB:21:2B:15:B3:9A:A0:5B:48:CE:F7:C7
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0199445FD6A8DEE48F5E7C363C88EA89BC53
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/jlFeNJ8rFVn7ISsVs5qgW0jO98c.roa
Signing time:             Sat 13 Sep 2025 18:39:15 +0000
ROA not before:           Sat 13 Sep 2025 18:39:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.111.32.0/22 maxlen: 24
                          109.111.48.0/20 maxlen: 20
                          109.111.52.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 21:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:44:5f:d6:a8:de:e4:8f:5e:7c:36:3c:88:ea:89:bc:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Sep 13 18:39:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e515e349f2b1559fb212b15b39aa05b48cef7c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e6:da:cf:df:61:2f:6a:78:0d:59:7e:93:00:
                    25:22:31:23:57:e7:ff:9e:a6:91:ee:e1:1a:fa:17:
                    ea:6e:43:88:47:bd:df:88:e2:ad:a3:76:9c:ae:97:
                    96:f5:97:92:ba:6a:50:7b:67:75:62:cc:53:94:6b:
                    08:e2:64:b8:b9:c5:60:2d:57:d9:3c:7b:c8:fd:32:
                    f6:d6:d9:22:16:a0:3b:13:db:90:7b:b9:d3:93:c3:
                    3b:26:a4:68:6a:57:03:b5:9a:66:bc:2e:84:89:76:
                    70:c0:9c:6f:22:7e:88:50:25:73:b7:7f:f2:14:79:
                    e5:5c:c5:ab:60:5a:fd:39:69:bf:93:0f:6b:ea:b4:
                    95:ec:f0:5d:33:e5:52:90:1a:7f:80:ab:5d:9b:4c:
                    41:d4:f7:5b:47:39:1c:48:93:d6:f1:a0:47:4c:fe:
                    eb:11:ab:aa:bf:67:3c:9e:46:39:3d:65:83:fb:30:
                    5e:f2:60:08:fd:9d:55:a1:60:ac:e8:02:d2:d8:54:
                    84:c8:be:5b:32:40:24:0e:1e:ea:0e:f4:8a:b0:54:
                    04:93:99:a9:9c:c3:00:a9:f0:52:c2:87:61:2f:84:
                    2a:56:d7:13:94:8e:e6:56:9f:a0:ff:7f:f6:92:4f:
                    62:3a:86:16:0b:b3:f4:f4:1c:05:9f:15:ce:b2:04:
                    d8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:51:5E:34:9F:2B:15:59:FB:21:2B:15:B3:9A:A0:5B:48:CE:F7:C7
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/jlFeNJ8rFVn7ISsVs5qgW0jO98c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.32.0/22
                  109.111.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:d6:91:20:5f:f1:d8:0e:4e:68:ad:97:81:5b:9d:c7:23:57:
         da:75:38:d8:ff:98:f9:6d:6c:13:f1:f9:7a:6b:65:29:50:2a:
         ae:f5:a3:d1:80:a7:50:fa:1c:91:b5:18:a5:4f:d1:4f:73:78:
         6f:53:29:37:4e:9a:d8:ee:01:28:22:b1:c3:04:2a:d0:19:fc:
         7f:5b:c6:a9:24:fb:74:40:aa:f1:6c:94:ef:ef:54:bc:bc:f9:
         8f:26:fd:be:7d:4c:4e:67:54:1b:3e:c9:54:85:be:8f:67:95:
         35:b7:71:10:fb:eb:53:07:35:0b:a9:52:ea:4a:89:fa:7d:88:
         73:fe:e5:8e:99:11:52:3e:54:30:b2:30:be:69:e7:f5:cb:9a:
         6f:a4:5e:4b:f0:98:8b:87:c5:6b:2c:c6:6b:a5:8d:01:ef:ff:
         70:92:9a:d5:31:9f:ef:b5:b3:88:07:60:5d:09:34:11:4a:66:
         1a:a5:d1:61:5a:10:84:a5:2d:cb:99:09:09:24:51:47:d7:38:
         15:70:3e:7e:08:64:6e:77:27:1e:7d:35:d2:6d:b8:31:1d:3f:
         ea:32:ce:d8:fb:6f:fe:b9:d7:a4:91:45:44:00:69:8a:29:64:
         b6:a6:77:81:85:92:88:8e:2e:92:ea:f8:a5:a1:06:3e:b6:79:
         39:1c:a6:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlEX9ao3uSPXnw2PIjqibxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwOTEzMTgzOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTUxNWUzNDlmMmIxNTU5ZmIyMTJiMTViMzlhYTA1YjQ4Y2VmN2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+baz99hL2p4DVl+kwAlIjEjV+f/
nqaR7uEa+hfqbkOIR73fiOKto3acrpeW9ZeSumpQe2d1YsxTlGsI4mS4ucVgLVfZ
PHvI/TL21tkiFqA7E9uQe7nTk8M7JqRoalcDtZpmvC6EiXZwwJxvIn6IUCVzt3/y
FHnlXMWrYFr9OWm/kw9r6rSV7PBdM+VSkBp/gKtdm0xB1PdbRzkcSJPW8aBHTP7r
Eauqv2c8nkY5PWWD+zBe8mAI/Z1VoWCs6ALS2FSEyL5bMkAkDh7qDvSKsFQEk5mp
nMMAqfBSwodhL4QqVtcTlI7mVp+g/3/2kk9iOoYWC7P09BwFnxXOsgTYMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI5RXjSfKxVZ+yErFbOaoFtIzvfHMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvamxGZU5KOHJGVm43SVNzVnM1cWdXMGpPOThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbW8gAwQE
bW8wMA0GCSqGSIb3DQEBCwUAA4IBAQCT1pEgX/HYDk5orZeBW53HI1fadTjY/5j5
bWwT8fl6a2UpUCqu9aPRgKdQ+hyRtRilT9FPc3hvUyk3TprY7gEoIrHDBCrQGfx/
W8apJPt0QKrxbJTv71S8vPmPJv2+fUxOZ1QbPslUhb6PZ5U1t3EQ++tTBzULqVLq
Son6fYhz/uWOmRFSPlQwsjC+aef1y5pvpF5L8JiLh8VrLMZrpY0B7/9wkprVMZ/v
tbOIB2BdCTQRSmYapdFhWhCEpS3LmQkJJFFH1zgVcD5+CGRudycefTXSbbgxHT/q
Ms7Y+2/+udekkUVEAGmKKWS2pneBhZKIji6S6viloQY+tnk5HKY4
-----END CERTIFICATE-----