Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/96ar9m-bGL-MgyLfFLGB37-jKJw.roa
File:                     96ar9m-bGL-MgyLfFLGB37-jKJw.roa (raw, json)
Hash identifier:          Th24yD0i3kvTxzcR1uGKbyFN4whCra0flQBFeq2u56c=
Subject key identifier:   F7:A6:AB:F6:6F:9B:18:BF:8C:83:22:DF:14:B1:81:DF:BF:A3:28:9C
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0197CA3CF76D986A5CEB2584A7E21868DD08
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/96ar9m-bGL-MgyLfFLGB37-jKJw.roa
Signing time:             Wed 02 Jul 2025 08:24:42 +0000
ROA not before:           Wed 02 Jul 2025 08:24:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        109.122.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:3c:f7:6d:98:6a:5c:eb:25:84:a7:e2:18:68:dd:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jul  2 08:24:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7a6abf66f9b18bf8c8322df14b181dfbfa3289c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7e:17:b4:37:98:77:3e:49:da:bc:cd:1b:7e:
                    6f:ad:53:08:55:cf:1b:3e:a1:02:c4:92:8b:56:d6:
                    3c:95:46:3b:61:d4:77:3b:0f:c3:9a:49:60:b5:02:
                    b3:18:12:2f:ba:b5:b3:a5:e4:c9:33:23:b0:ce:95:
                    6e:d1:45:a3:16:9e:1d:0b:0b:e2:d3:ca:15:a1:1f:
                    10:8b:f5:9e:ea:85:f5:66:f4:f5:58:dd:42:9f:26:
                    f1:9d:f0:17:a5:9b:49:e2:c4:a9:a7:64:21:5b:8a:
                    4c:65:0b:23:72:6a:19:92:dc:d8:4d:16:9c:8b:55:
                    9f:a2:2a:15:2d:5f:b9:1e:37:54:21:3e:cc:7d:f5:
                    7e:e1:b2:87:1e:1b:27:53:c4:83:73:18:93:6c:12:
                    56:25:10:18:36:8e:11:81:19:66:f8:1d:27:e2:b2:
                    cb:dc:fc:fb:02:9c:bb:e1:1e:37:29:15:2d:78:8c:
                    cc:89:d6:fa:0b:18:03:89:a1:50:71:6a:d8:df:e3:
                    b3:ec:55:ac:5f:fb:5e:0a:cd:23:8a:3f:68:dd:ba:
                    12:4a:11:e7:ce:b2:3e:c9:94:b0:ae:cd:ac:a0:2e:
                    d9:14:3d:b3:10:83:70:4b:5a:49:74:dd:53:c4:7a:
                    6f:74:ff:31:83:5c:99:13:62:49:02:ce:78:e4:03:
                    56:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:A6:AB:F6:6F:9B:18:BF:8C:83:22:DF:14:B1:81:DF:BF:A3:28:9C
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/96ar9m-bGL-MgyLfFLGB37-jKJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:e7:a2:16:87:96:a4:1a:ea:d7:bc:78:1d:fd:fc:0e:7d:d9:
         ae:d7:8a:f8:27:db:17:28:1c:89:c7:21:6f:8c:08:b8:1a:0b:
         5e:ca:51:47:eb:b3:02:db:4d:5f:eb:ba:fe:99:a7:73:85:13:
         cb:d4:7f:c6:9f:5a:2b:12:4f:8c:65:f6:67:b1:88:b5:69:26:
         25:64:4b:f8:cf:4d:d3:8b:9b:80:6b:99:81:5a:59:e6:f4:e7:
         c6:86:78:5a:0b:24:b9:96:d3:35:2d:f3:af:6a:44:55:40:f1:
         39:ed:c1:d9:05:dc:39:ed:76:f5:e1:f2:43:5c:3c:39:cb:bf:
         4b:f5:f5:1b:b4:e4:95:97:ca:b0:ab:29:06:47:d9:c6:d8:f2:
         fe:17:f8:5d:de:25:cb:9e:80:82:4a:66:92:92:1e:0f:f2:38:
         1b:bb:03:4d:ab:59:e5:dc:f9:c8:2f:b4:ea:83:f2:db:a0:f5:
         58:59:ce:fe:0a:63:27:ad:60:c1:f6:64:ef:6c:69:2b:55:f3:
         35:28:3d:26:18:8f:dc:22:a7:b5:06:4e:2a:c8:b2:fa:88:ab:
         83:49:36:bc:de:3c:74:39:45:46:7e:9a:f7:70:13:25:23:01:
         4b:a4:14:50:2b:c8:92:db:6e:97:91:e4:c9:bd:f0:a5:40:6e:
         b0:81:1c:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfKPPdtmGpc6yWEp+IYaN0IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNzAyMDgyNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2E2YWJmNjZmOWIxOGJmOGM4MzIyZGYxNGIxODFkZmJmYTMyODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz34XtDeYdz5J2rzNG35vrVMIVc8b
PqECxJKLVtY8lUY7YdR3Ow/DmklgtQKzGBIvurWzpeTJMyOwzpVu0UWjFp4dCwvi
08oVoR8Qi/We6oX1ZvT1WN1CnybxnfAXpZtJ4sSpp2QhW4pMZQsjcmoZktzYTRac
i1WfoioVLV+5HjdUIT7MffV+4bKHHhsnU8SDcxiTbBJWJRAYNo4RgRlm+B0n4rLL
3Pz7Apy74R43KRUteIzMidb6CxgDiaFQcWrY3+Oz7FWsX/teCs0jij9o3boSShHn
zrI+yZSwrs2soC7ZFD2zEINwS1pJdN1TxHpvdP8xg1yZE2JJAs545ANWUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPemq/Zvmxi/jIMi3xSxgd+/oyicMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvOTZhcjltLWJHTC1NZ3lMZkZMR0IzNy1qS0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXr6MA0G
CSqGSIb3DQEBCwUAA4IBAQBC56IWh5akGurXvHgd/fwOfdmu14r4J9sXKByJxyFv
jAi4GgteylFH67MC201f67r+madzhRPL1H/Gn1orEk+MZfZnsYi1aSYlZEv4z03T
i5uAa5mBWlnm9OfGhnhaCyS5ltM1LfOvakRVQPE57cHZBdw57Xb14fJDXDw5y79L
9fUbtOSVl8qwqykGR9nG2PL+F/hd3iXLnoCCSmaSkh4P8jgbuwNNq1nl3PnIL7Tq
g/LboPVYWc7+CmMnrWDB9mTvbGkrVfM1KD0mGI/cIqe1Bk4qyLL6iKuDSTa83jx0
OUVGfpr3cBMlIwFLpBRQK8iS226XkeTJvfClQG6wgRy3
-----END CERTIFICATE-----