Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/D9KqMTAksNO2iOKAwulZkRCL4Fw.roa
File:                     D9KqMTAksNO2iOKAwulZkRCL4Fw.roa (raw, json)
Hash identifier:          x9me+db9iBftpJ/9nLLqbm0SGnpLl+KbaGJCrguqqhk=
Subject key identifier:   0F:D2:AA:31:30:24:B0:D3:B6:88:E2:80:C2:E9:59:91:10:8B:E0:5C
Certificate issuer:       /CN=d5f94786d036685440901a3dce5a334cf13272a0
Certificate serial:       01992A3079E581552238E99379103EB59320
Authority key identifier: D5:F9:47:86:D0:36:68:54:40:90:1A:3D:CE:5A:33:4C:F1:32:72:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1flHhtA2aFRAkBo9zlozTPEycqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/D9KqMTAksNO2iOKAwulZkRCL4Fw.roa
Signing time:             Mon 08 Sep 2025 16:37:23 +0000
ROA not before:           Mon 08 Sep 2025 16:37:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62093
IP address blocks:        171.22.211.0/24 maxlen: 24
                          185.110.20.0/22 maxlen: 22
                          2a02:c540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/1flHhtA2aFRAkBo9zlozTPEycqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/1flHhtA2aFRAkBo9zlozTPEycqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1flHhtA2aFRAkBo9zlozTPEycqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 13:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2a:30:79:e5:81:55:22:38:e9:93:79:10:3e:b5:93:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f94786d036685440901a3dce5a334cf13272a0
        Validity
            Not Before: Sep  8 16:37:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fd2aa313024b0d3b688e280c2e95991108be05c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8a:9d:1f:94:eb:a2:fe:8d:db:a2:8d:b6:0c:
                    74:85:4d:c2:8c:d1:f7:b6:6a:c3:61:a6:d3:95:3f:
                    51:86:af:56:7f:fd:99:4f:5b:18:c3:92:7d:b8:f6:
                    95:ea:f4:f8:14:11:a7:81:e6:7d:75:bb:40:6f:c4:
                    6d:2d:a6:9c:9f:ae:38:6d:79:b2:96:3c:ff:79:2e:
                    f0:2a:a5:ac:a2:49:e4:af:8b:14:ff:6c:dd:4e:9a:
                    65:45:fd:57:bc:e2:8b:9c:cf:e8:d4:0d:d8:ae:84:
                    5c:5a:da:6b:c1:1d:b4:52:e9:5f:f5:0f:07:44:c7:
                    e4:63:b7:8a:5b:67:89:4a:f8:bb:81:dc:3e:a8:ae:
                    a3:0c:a2:f2:a1:bf:29:1d:e7:57:dc:d2:57:7d:9d:
                    ed:ad:43:30:f4:20:ab:ce:86:f6:49:9f:42:e4:f6:
                    a3:43:c0:43:74:8b:bf:15:09:7a:ef:8b:e9:7d:ad:
                    6d:fb:18:34:58:67:4d:ed:8a:f8:9c:bf:30:32:08:
                    dd:8e:1b:57:e7:4e:3d:cb:92:e2:47:a1:bc:4b:d5:
                    a4:04:6f:7e:6d:4f:05:28:2b:a5:29:cb:bc:03:34:
                    14:e0:79:b5:be:c0:b0:af:a8:54:19:13:c5:4b:b2:
                    e1:c5:68:3f:d2:74:97:ef:3f:d8:1d:74:fc:cc:d8:
                    fe:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:D2:AA:31:30:24:B0:D3:B6:88:E2:80:C2:E9:59:91:10:8B:E0:5C
            X509v3 Authority Key Identifier:
                keyid:D5:F9:47:86:D0:36:68:54:40:90:1A:3D:CE:5A:33:4C:F1:32:72:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1flHhtA2aFRAkBo9zlozTPEycqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/D9KqMTAksNO2iOKAwulZkRCL4Fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/70496c-63b8-47c8-a769-c9a69683a8e8/1/1flHhtA2aFRAkBo9zlozTPEycqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.211.0/24
                  185.110.20.0/22
                IPv6:
                  2a02:c540::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:52:84:d8:5c:95:0d:20:14:11:ed:36:dc:79:71:9e:19:2e:
         5e:64:4d:96:ba:e1:b4:32:89:e3:34:42:45:fb:d1:14:f0:c7:
         7b:18:13:31:59:0a:6f:21:31:f6:88:b2:dc:0b:d9:c9:6e:fe:
         7d:f2:4b:96:da:be:bd:e5:75:48:fa:8d:30:92:f1:d0:f3:50:
         fa:bc:53:43:13:b4:10:92:e9:4b:5b:17:d3:e7:21:af:5e:2f:
         da:61:9a:af:a1:28:29:51:04:4d:50:67:0b:4f:e1:51:49:85:
         d7:1b:5c:6b:53:7b:ac:4d:d3:86:54:82:04:ef:fb:53:6a:4a:
         af:fa:d8:a7:34:ea:3f:01:1c:02:40:90:f2:8c:00:da:5c:c0:
         3a:18:71:34:3b:6e:53:24:92:89:5b:32:77:ab:c3:4c:b7:58:
         95:4a:61:fd:f9:e0:ef:ff:c1:62:92:4f:f3:9e:3e:89:f4:84:
         d0:60:f2:fd:94:35:67:0d:72:58:8f:c7:bb:7c:dc:2b:c0:90:
         25:fe:5e:96:0d:70:0f:83:25:b7:5e:a0:1d:6c:f7:12:d5:b4:
         25:b9:87:70:c4:f0:cb:fd:82:c1:31:72:16:c3:5b:90:a8:7d:
         9a:e0:30:5a:78:e3:05:4e:f4:04:38:e3:cd:8d:91:4e:89:8d:
         8d:61:7f:72
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZkqMHnlgVUiOOmTeRA+tZMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1Zjk0Nzg2ZDAzNjY4NTQ0MDkwMWEzZGNlNWEzMzRjZjEz
MjcyYTAwHhcNMjUwOTA4MTYzNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmQyYWEzMTMwMjRiMGQzYjY4OGUyODBjMmU5NTk5MTEwOGJlMDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIqdH5Trov6N26KNtgx0hU3CjNH3
tmrDYabTlT9Rhq9Wf/2ZT1sYw5J9uPaV6vT4FBGngeZ9dbtAb8RtLaacn644bXmy
ljz/eS7wKqWsoknkr4sU/2zdTpplRf1XvOKLnM/o1A3YroRcWtprwR20Uulf9Q8H
RMfkY7eKW2eJSvi7gdw+qK6jDKLyob8pHedX3NJXfZ3trUMw9CCrzob2SZ9C5Paj
Q8BDdIu/FQl674vpfa1t+xg0WGdN7Yr4nL8wMgjdjhtX5049y5LiR6G8S9WkBG9+
bU8FKCulKcu8AzQU4Hm1vsCwr6hUGRPFS7LhxWg/0nSX7z/YHXT8zNj+iQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA/SqjEwJLDTtojigMLpWZEQi+BcMB8GA1UdIwQY
MBaAFNX5R4bQNmhUQJAaPc5aM0zxMnKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZsSGh0QTJhRlJBa0JvOXpsb3pUUEV5Y3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy83MDQ5NmMtNjNiOC00N2M4LWE3Njkt
YzlhNjk2ODNhOGU4LzEvRDlLcU1UQWtzTk8yaU9LQXd1bFprUkNMNEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy83MDQ5NmMtNjNiOC00N2M4LWE3NjktYzlhNjk2ODNhOGU4
LzEvMWZsSGh0QTJhRlJBa0JvOXpsb3pUUEV5Y3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAqxbTAwQC
uW4UMA0EAgACMAcDBQMqAsVAMA0GCSqGSIb3DQEBCwUAA4IBAQAKUoTYXJUNIBQR
7TbceXGeGS5eZE2WuuG0MonjNEJF+9EU8Md7GBMxWQpvITH2iLLcC9nJbv598kuW
2r695XVI+o0wkvHQ81D6vFNDE7QQkulLWxfT5yGvXi/aYZqvoSgpUQRNUGcLT+FR
SYXXG1xrU3usTdOGVIIE7/tTakqv+tinNOo/ARwCQJDyjADaXMA6GHE0O25TJJKJ
WzJ3q8NMt1iVSmH9+eDv/8Fikk/znj6J9ITQYPL9lDVnDXJYj8e7fNwrwJAl/l6W
DXAPgyW3XqAdbPcS1bQluYdwxPDL/YLBMXIWw1uQqH2a4DBaeOMFTvQEOOPNjZFO
iY2NYX9y
-----END CERTIFICATE-----