Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/3QvVaqKGvee6-wS2BoT7zyvE-1I.roa
File:                     3QvVaqKGvee6-wS2BoT7zyvE-1I.roa (raw, json)
Hash identifier:          yFg221GxFUlvuYgZd9SFrXg5WwnC/OuXLP2I5us4y3I=
Subject key identifier:   DD:0B:D5:6A:A2:86:BD:E7:BA:FB:04:B6:06:84:FB:CF:2B:C4:FB:52
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       0198FEC71363831A4A305E7EB7542F99546F
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/3QvVaqKGvee6-wS2BoT7zyvE-1I.roa
Signing time:             Sun 31 Aug 2025 06:18:36 +0000
ROA not before:           Sun 31 Aug 2025 06:18:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.238.160.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fe:c7:13:63:83:1a:4a:30:5e:7e:b7:54:2f:99:54:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Aug 31 06:18:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd0bd56aa286bde7bafb04b60684fbcf2bc4fb52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e7:e8:22:24:bd:10:bc:82:6f:f2:29:23:8e:
                    33:a2:90:00:ac:e4:b9:6d:fa:fb:6a:56:9f:85:6e:
                    aa:d4:d4:1e:40:37:04:76:46:ac:69:83:07:14:37:
                    d6:60:ed:79:51:58:3a:c5:71:ab:5c:4b:dd:79:bc:
                    ee:99:d9:47:ce:d8:91:97:7b:69:05:57:38:78:16:
                    15:38:49:bf:0c:c5:f3:19:d6:b0:7d:b9:f3:09:7a:
                    7f:1f:bb:37:9a:9d:4a:25:a9:ca:bf:f7:f4:f5:1b:
                    ee:d3:5a:98:6e:2d:1d:82:5c:ff:23:42:22:1a:e5:
                    a3:95:74:a9:8c:06:4d:3b:6f:db:09:e0:03:00:f6:
                    1c:cf:f6:5c:b2:39:46:f3:92:46:8b:a5:62:e9:d2:
                    71:2e:62:e4:36:99:6e:9d:0f:29:c4:d5:1e:d1:ca:
                    ba:4e:e3:f2:98:05:c2:2c:e4:53:da:d7:be:85:66:
                    15:aa:56:2b:36:e3:55:7d:5d:d8:be:8e:02:0d:2d:
                    7f:7e:bd:9b:d5:9e:32:52:12:65:2a:87:d6:95:0c:
                    f8:e1:08:8e:c5:f2:40:db:01:c6:ea:df:80:c4:dc:
                    0c:a8:3f:fd:8f:c6:6e:f9:2d:36:b2:d1:51:41:61:
                    45:86:33:e5:60:2d:05:51:60:7b:e9:1a:4d:03:65:
                    11:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:0B:D5:6A:A2:86:BD:E7:BA:FB:04:B6:06:84:FB:CF:2B:C4:FB:52
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/3QvVaqKGvee6-wS2BoT7zyvE-1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.238.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         02:53:71:40:92:4c:dd:0a:2c:27:a2:4d:dd:eb:78:fe:a5:12:
         db:20:fd:80:71:31:6a:e4:b0:d4:22:6f:45:f6:6b:4f:ac:6c:
         d3:22:ac:31:37:1c:8d:70:43:bd:46:7b:b1:66:be:26:66:c4:
         72:1d:22:59:d8:55:7f:95:21:d1:b4:c0:b9:dc:33:d1:f7:e1:
         52:82:95:8b:04:af:28:c0:28:9d:30:b8:57:eb:95:9a:e8:ec:
         de:51:4b:bf:6d:99:c2:3b:e4:73:76:e1:5a:fc:0f:f2:6c:32:
         bf:7e:b0:24:16:d3:a2:85:b9:88:2e:3d:8c:8f:ef:f5:2f:29:
         0a:92:4a:ad:57:77:27:6d:f3:83:53:bc:1d:84:cc:da:74:2c:
         be:46:b9:21:53:66:34:47:ce:aa:39:5a:9a:cd:ab:82:f6:48:
         0d:e4:4f:5f:0b:1c:3e:ad:42:95:42:df:61:b0:f1:cd:a2:27:
         8d:6f:8e:66:ba:39:f6:6f:f0:54:55:ba:15:d3:f1:e9:f5:1d:
         99:74:ca:c1:91:b3:46:65:b4:2f:c9:40:3d:dd:70:81:bc:80:
         9f:18:39:ac:d3:00:79:ff:09:f7:4c:aa:75:f9:fe:99:49:58:
         03:cf:b1:8a:9f:c8:dc:d4:7a:2c:6d:11:25:b7:b0:28:34:a2:
         98:c6:0f:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj+xxNjgxpKMF5+t1QvmVRvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjUwODMxMDYxODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDBiZDU2YWEyODZiZGU3YmFmYjA0YjYwNjg0ZmJjZjJiYzRmYjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkefoIiS9ELyCb/IpI44zopAArOS5
bfr7alafhW6q1NQeQDcEdkasaYMHFDfWYO15UVg6xXGrXEvdebzumdlHztiRl3tp
BVc4eBYVOEm/DMXzGdawfbnzCXp/H7s3mp1KJanKv/f09Rvu01qYbi0dglz/I0Ii
GuWjlXSpjAZNO2/bCeADAPYcz/ZcsjlG85JGi6Vi6dJxLmLkNplunQ8pxNUe0cq6
TuPymAXCLORT2te+hWYVqlYrNuNVfV3Yvo4CDS1/fr2b1Z4yUhJlKofWlQz44QiO
xfJA2wHG6t+AxNwMqD/9j8Zu+S02stFRQWFFhjPlYC0FUWB76RpNA2UR2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0L1Wqihr3nuvsEtgaE+88rxPtSMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvM1F2VmFxS0d2ZWU2LXdTMkJvVDd6eXZFLTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbe6gMA0G
CSqGSIb3DQEBCwUAA4IBAQACU3FAkkzdCiwnok3d63j+pRLbIP2AcTFq5LDUIm9F
9mtPrGzTIqwxNxyNcEO9RnuxZr4mZsRyHSJZ2FV/lSHRtMC53DPR9+FSgpWLBK8o
wCidMLhX65Wa6OzeUUu/bZnCO+RzduFa/A/ybDK/frAkFtOihbmILj2Mj+/1LykK
kkqtV3cnbfODU7wdhMzadCy+RrkhU2Y0R86qOVqazauC9kgN5E9fCxw+rUKVQt9h
sPHNoieNb45mujn2b/BUVboV0/Hp9R2ZdMrBkbNGZbQvyUA93XCBvICfGDms0wB5
/wn3TKp1+f6ZSVgDz7GKn8jc1HosbRElt7AoNKKYxg82
-----END CERTIFICATE-----