Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ryFQ0iK2Z55blB_tG6y2_kM4ZUc.roa
File:                     ryFQ0iK2Z55blB_tG6y2_kM4ZUc.roa (raw, json)
Hash identifier:          N60FzfOZZTOGm9BG62XEuqZbTyV9t2kwKS4+QvyUEEE=
Subject key identifier:   AF:21:50:D2:22:B6:67:9E:5B:94:1F:ED:1B:AC:B6:FE:43:38:65:47
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0198D6B330ECF2C14B27B67E74F215F0AE20
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ryFQ0iK2Z55blB_tG6y2_kM4ZUc.roa
Signing time:             Sat 23 Aug 2025 11:32:04 +0000
ROA not before:           Sat 23 Aug 2025 11:32:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        109.111.40.0/23 maxlen: 24
                          185.65.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d6:b3:30:ec:f2:c1:4b:27:b6:7e:74:f2:15:f0:ae:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Aug 23 11:32:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af2150d222b6679e5b941fed1bacb6fe43386547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:08:3a:9d:07:97:98:81:92:e7:a0:34:1f:15:
                    25:89:e9:0f:0a:f7:ce:45:12:bb:4d:c0:7c:c2:92:
                    ee:7c:30:16:38:5c:e0:34:76:7e:61:ac:64:23:e4:
                    1e:e2:a6:93:ff:0e:46:16:9e:5c:58:f3:09:54:84:
                    03:9e:53:bd:59:7d:08:aa:71:53:23:3b:c3:40:c0:
                    7f:eb:3f:0f:00:76:ef:8d:d9:ea:4c:9f:99:88:ad:
                    b7:ba:19:60:e1:ae:7d:42:55:21:7e:6e:4f:72:90:
                    fa:72:f8:af:3b:70:52:3b:79:19:55:de:99:f1:80:
                    4c:c3:80:78:ae:72:9a:ee:f4:33:78:2e:69:de:be:
                    d5:3b:b7:a8:0f:26:91:82:4b:e7:c1:2d:d7:e3:c4:
                    b8:2c:b0:4e:a7:df:78:02:3b:51:be:f4:4d:93:20:
                    3c:64:62:b5:5e:6d:f5:b2:d3:f1:4b:56:42:26:d1:
                    5f:ea:f1:c3:60:38:ec:1d:22:03:d3:87:f5:4b:d2:
                    2c:90:01:b9:fb:64:40:16:64:7d:07:0f:20:4d:d0:
                    b1:a7:32:b7:cd:01:36:db:8f:e9:89:1d:a3:b1:82:
                    1d:43:45:24:e1:2f:16:b3:e5:c0:dc:71:7e:99:d0:
                    ca:32:88:dd:5a:93:4c:51:1e:4a:08:2a:91:04:09:
                    d7:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:21:50:D2:22:B6:67:9E:5B:94:1F:ED:1B:AC:B6:FE:43:38:65:47
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ryFQ0iK2Z55blB_tG6y2_kM4ZUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.40.0/23
                  185.65.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:bc:27:4c:40:fd:7a:81:61:79:cd:5c:33:b4:34:4d:a9:bc:
         63:a4:d2:88:10:35:56:cc:c0:9d:8f:94:0e:f6:cd:32:ca:1f:
         16:4a:1f:8e:fa:40:88:77:b6:d7:71:50:0b:14:d0:31:74:6a:
         b1:12:7e:4e:6d:8e:67:95:a2:4e:51:fa:f8:02:5d:df:fb:bd:
         24:e0:c8:fa:59:52:52:32:78:e6:2c:95:bf:93:02:d9:57:d0:
         6c:1e:d6:9c:05:c7:df:9d:72:57:17:8b:44:0c:b8:ca:78:89:
         29:62:ce:5b:01:a0:0a:05:3a:a0:6b:ef:7c:96:c5:01:cc:14:
         9b:73:4e:0a:bc:04:5b:2d:17:90:b3:04:7a:53:03:b5:1c:cf:
         c8:4e:e2:30:80:59:00:95:73:b6:1d:5e:82:32:00:d8:28:c3:
         96:21:80:ad:bf:d9:0a:29:9c:93:3e:6c:fe:af:4c:72:00:77:
         7c:9e:a8:16:80:a7:d2:d8:cb:de:87:d7:ec:33:13:08:a8:a9:
         7f:01:d8:51:c1:32:9a:d3:f1:85:3c:ac:3d:31:8a:5a:16:93:
         10:26:21:f9:fe:6b:28:72:b2:e2:5b:cd:a0:1b:c1:1f:f2:55:
         56:e3:19:77:f4:2d:b6:4e:8e:91:33:2d:22:6e:05:6e:b7:0a:
         e2:9a:6c:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjWszDs8sFLJ7Z+dPIV8K4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwODIzMTEzMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjIxNTBkMjIyYjY2NzllNWI5NDFmZWQxYmFjYjZmZTQzMzg2NTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwg6nQeXmIGS56A0HxUliekPCvfO
RRK7TcB8wpLufDAWOFzgNHZ+YaxkI+Qe4qaT/w5GFp5cWPMJVIQDnlO9WX0IqnFT
IzvDQMB/6z8PAHbvjdnqTJ+ZiK23uhlg4a59QlUhfm5PcpD6cvivO3BSO3kZVd6Z
8YBMw4B4rnKa7vQzeC5p3r7VO7eoDyaRgkvnwS3X48S4LLBOp994AjtRvvRNkyA8
ZGK1Xm31stPxS1ZCJtFf6vHDYDjsHSID04f1S9IskAG5+2RAFmR9Bw8gTdCxpzK3
zQE224/piR2jsYIdQ0Uk4S8Ws+XA3HF+mdDKMojdWpNMUR5KCCqRBAnXNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK8hUNIitmeeW5Qf7Rustv5DOGVHMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvcnlGUTBpSzJaNTVibEJfdEc2eTJfa000WlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBbW8oAwQA
uUE+MA0GCSqGSIb3DQEBCwUAA4IBAQCdvCdMQP16gWF5zVwztDRNqbxjpNKIEDVW
zMCdj5QO9s0yyh8WSh+O+kCId7bXcVALFNAxdGqxEn5ObY5nlaJOUfr4Al3f+70k
4Mj6WVJSMnjmLJW/kwLZV9BsHtacBcffnXJXF4tEDLjKeIkpYs5bAaAKBTqga+98
lsUBzBSbc04KvARbLReQswR6UwO1HM/ITuIwgFkAlXO2HV6CMgDYKMOWIYCtv9kK
KZyTPmz+r0xyAHd8nqgWgKfS2Mveh9fsMxMIqKl/AdhRwTKa0/GFPKw9MYpaFpMQ
JiH5/msocrLiW82gG8Ef8lVW4xl39C22To6RMy0ibgVutwrimmyy
-----END CERTIFICATE-----