Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/pvpYwyIzqwBRQdRmlaqRX0MkZa4.roa
File:                     pvpYwyIzqwBRQdRmlaqRX0MkZa4.roa (raw, json)
Hash identifier:          g3aQYwteGJ1u8NwsAR0A6XCWkxPhJui2fQ7XwpQsy8A=
Subject key identifier:   A6:FA:58:C3:22:33:AB:00:51:41:D4:66:95:AA:91:5F:43:24:65:AE
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01991C73EF68202905F3F51084982D42A4FC
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/pvpYwyIzqwBRQdRmlaqRX0MkZa4.roa
Signing time:             Sat 06 Sep 2025 00:36:23 +0000
ROA not before:           Sat 06 Sep 2025 00:36:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.111.32.0/22 maxlen: 24
                          109.111.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1c:73:ef:68:20:29:05:f3:f5:10:84:98:2d:42:a4:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Sep  6 00:36:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6fa58c32233ab005141d46695aa915f432465ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:36:4c:d3:c4:7d:cc:0b:67:9f:d2:ea:fe:57:
                    c5:71:45:58:4c:4d:92:c0:61:92:97:b0:f7:44:a1:
                    61:ac:32:3a:e3:e5:f9:5b:95:e7:3b:86:df:c4:c1:
                    e1:4d:86:8a:7c:c0:f0:b3:e5:88:d0:64:03:27:1e:
                    f9:64:df:64:a3:cf:71:c3:ec:1e:01:37:60:c0:7f:
                    5b:9a:69:0d:dc:6a:ea:e5:30:a7:d1:f1:50:4f:33:
                    5b:f2:b9:ef:a0:d2:fa:7d:fa:a3:ff:db:2f:d3:6f:
                    35:ca:ec:94:79:72:d3:db:a8:eb:7e:07:e2:e6:90:
                    0e:06:d8:95:79:1a:98:b2:22:3c:e0:84:c2:b4:00:
                    f0:6e:81:fb:54:17:07:c6:be:f3:82:54:0f:62:8f:
                    ad:83:2e:78:40:73:e3:7e:3f:9f:90:e2:98:6d:68:
                    83:b4:c4:b0:cc:f4:da:3f:f4:5d:21:18:70:50:dd:
                    7f:1c:94:86:33:f4:4d:bb:03:71:e0:0c:22:54:d7:
                    51:7c:30:2c:c2:35:05:86:e0:d0:ef:02:0d:46:3a:
                    87:ad:c1:a6:11:ec:ee:1c:a3:9f:e9:64:19:93:46:
                    aa:6e:c5:f4:71:a7:66:aa:b4:2e:1d:93:b2:99:30:
                    1d:71:59:05:bf:ea:c0:36:48:8c:2a:98:80:cd:1f:
                    df:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:FA:58:C3:22:33:AB:00:51:41:D4:66:95:AA:91:5F:43:24:65:AE
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/pvpYwyIzqwBRQdRmlaqRX0MkZa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.32.0/22
                  109.111.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b0:7d:a9:fd:3a:c7:98:42:50:7a:64:cd:ec:3d:d3:fd:5c:dc:
         b4:63:76:ca:e7:dc:2d:23:8c:fd:2c:98:fe:45:45:ce:ff:28:
         c8:1c:ce:65:1d:22:ae:8c:d2:6c:a2:d1:ef:4f:f1:7e:a7:3e:
         c1:52:c7:ab:d2:e7:5c:aa:12:d1:09:a4:55:19:a9:de:47:eb:
         8c:cd:0d:f3:42:0d:25:b9:c7:74:c4:b6:9b:e1:c3:df:ca:b9:
         0d:6d:d2:b5:be:2c:c9:23:43:56:53:49:ec:62:d9:c3:5e:c9:
         d5:aa:77:d0:c3:3e:9c:ee:53:e9:9e:5a:7c:2d:7b:be:05:17:
         6e:31:d2:92:17:51:23:13:5b:59:c3:be:e3:5a:71:74:7a:26:
         4b:f4:39:f9:f0:44:2c:69:2a:e3:2a:9d:a1:c9:d3:54:8d:38:
         b7:fd:6c:22:20:9c:7c:f1:e8:e2:ff:e8:6d:39:70:e3:87:99:
         69:b6:e7:11:4e:e7:07:48:f8:c4:ed:c8:e4:98:50:e2:fb:09:
         7a:bb:1e:c3:2b:7b:55:54:3f:9b:6c:94:f0:19:0e:4c:42:af:
         01:7e:a3:f2:77:b0:69:1a:5d:f7:3b:34:f9:4e:86:c9:c5:3d:
         09:5c:81:8d:eb:8f:87:f5:d3:5b:09:46:5f:db:9c:1c:7e:78:
         c9:74:2b:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkcc+9oICkF8/UQhJgtQqT8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwOTA2MDAzNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmZhNThjMzIyMzNhYjAwNTE0MWQ0NjY5NWFhOTE1ZjQzMjQ2NWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjZM08R9zAtnn9Lq/lfFcUVYTE2S
wGGSl7D3RKFhrDI64+X5W5XnO4bfxMHhTYaKfMDws+WI0GQDJx75ZN9ko89xw+we
ATdgwH9bmmkN3Grq5TCn0fFQTzNb8rnvoNL6ffqj/9sv0281yuyUeXLT26jrfgfi
5pAOBtiVeRqYsiI84ITCtADwboH7VBcHxr7zglQPYo+tgy54QHPjfj+fkOKYbWiD
tMSwzPTaP/RdIRhwUN1/HJSGM/RNuwNx4AwiVNdRfDAswjUFhuDQ7wINRjqHrcGm
EezuHKOf6WQZk0aqbsX0cadmqrQuHZOymTAdcVkFv+rANkiMKpiAzR/fiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKb6WMMiM6sAUUHUZpWqkV9DJGWuMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvcHZwWXd5SXpxd0JSUWRSbWxhcVJYME1rWmE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbW8gAwQE
bW8wMA0GCSqGSIb3DQEBCwUAA4IBAQCwfan9OseYQlB6ZM3sPdP9XNy0Y3bK59wt
I4z9LJj+RUXO/yjIHM5lHSKujNJsotHvT/F+pz7BUser0udcqhLRCaRVGaneR+uM
zQ3zQg0lucd0xLab4cPfyrkNbdK1vizJI0NWU0nsYtnDXsnVqnfQwz6c7lPpnlp8
LXu+BRduMdKSF1EjE1tZw77jWnF0eiZL9Dn58EQsaSrjKp2hydNUjTi3/WwiIJx8
8eji/+htOXDjh5lptucRTucHSPjE7cjkmFDi+wl6ux7DK3tVVD+bbJTwGQ5MQq8B
fqPyd7BpGl33OzT5TobJxT0JXIGN64+H9dNbCUZf25wcfnjJdCuW
-----END CERTIFICATE-----