Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/3BuRgA8d-bVZ94RHjJWDyP66hAI.roa
File:                     3BuRgA8d-bVZ94RHjJWDyP66hAI.roa (raw, json)
Hash identifier:          JyObWKJemQ9DI1DqgPGHC9xny6jFhDNgmUcIOlrrZYw=
Subject key identifier:   DC:1B:91:80:0F:1D:F9:B5:59:F7:84:47:8C:95:83:C8:FE:BA:84:02
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       0199FD512AE8B3A80B36FD615921135FB03F
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/3BuRgA8d-bVZ94RHjJWDyP66hAI.roa
Signing time:             Sun 19 Oct 2025 16:32:59 +0000
ROA not before:           Sun 19 Oct 2025 16:32:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        109.205.193.0/24 maxlen: 24
                          2a01:fb01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 17:10:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fd:51:2a:e8:b3:a8:0b:36:fd:61:59:21:13:5f:b0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Oct 19 16:32:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc1b91800f1df9b559f784478c9583c8feba8402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ec:36:15:a1:d2:f7:e3:79:6f:07:92:d8:72:
                    2c:e0:2e:6c:39:9a:84:52:90:2d:dd:45:e4:57:29:
                    8b:fd:b2:06:87:89:98:00:0d:24:8f:35:35:7a:5e:
                    01:65:dc:89:96:32:ab:d8:1a:19:fb:09:9a:ed:aa:
                    dc:a2:07:30:e0:ae:ba:cb:55:7a:a4:7a:39:62:fc:
                    4d:35:9d:3f:e0:1a:d4:b7:52:07:ea:3f:8f:1a:ff:
                    e5:78:c6:e0:46:c7:98:4a:36:f2:62:19:ab:fa:77:
                    a3:a2:ae:76:11:79:7d:b8:d5:82:af:75:d4:fb:d3:
                    1c:a6:a7:d8:f3:85:30:c0:de:cf:1f:fe:d1:9e:97:
                    7a:78:ed:bb:cc:e3:35:11:36:08:f9:f2:c9:80:ed:
                    dd:01:b8:73:a7:e3:c1:21:23:ba:38:3f:81:0a:50:
                    ee:b8:82:c9:c1:35:88:48:2c:58:ed:07:00:c4:5a:
                    e2:b9:3b:0e:5b:7b:51:55:6b:e6:e7:9d:6c:dc:99:
                    9b:e4:4c:12:da:cc:16:0c:ae:a1:c5:5e:ea:3c:22:
                    68:86:40:b1:59:74:be:c2:7d:4d:26:62:54:77:86:
                    eb:ec:e9:55:84:65:1a:05:b0:b6:b9:7d:18:85:f8:
                    78:3e:88:24:62:9a:00:b0:21:af:de:c2:f9:d8:b3:
                    32:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:1B:91:80:0F:1D:F9:B5:59:F7:84:47:8C:95:83:C8:FE:BA:84:02
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/3BuRgA8d-bVZ94RHjJWDyP66hAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.193.0/24
                IPv6:
                  2a01:fb01::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:38:cd:20:0e:be:46:3a:2c:4b:08:e9:d1:68:70:94:7c:de:
         44:0a:e2:e6:a3:3c:5f:65:44:cb:f2:82:99:c6:74:73:08:ff:
         c6:c9:88:b5:47:1e:49:5f:f9:aa:da:e2:5c:0d:a0:0a:5b:20:
         1b:c6:83:34:22:e2:7a:4c:37:94:bf:e2:39:ec:91:ed:f7:0b:
         45:d7:c2:97:64:00:b0:72:0f:b6:75:38:b3:5f:e8:27:35:ac:
         3e:d2:63:50:e6:a5:2d:2f:1f:42:df:1c:db:53:46:5c:ce:40:
         73:5c:19:9b:ad:7f:6a:ac:a7:7e:af:bf:fc:18:a9:38:ac:29:
         13:e7:95:19:94:76:7e:15:40:96:71:ef:97:9b:66:8c:e4:fe:
         94:42:a1:f3:88:14:55:96:3a:a5:66:73:32:7a:87:5a:42:b8:
         c7:b9:09:28:b9:c2:60:47:6d:a0:6e:3c:3b:ad:39:6b:f0:01:
         d2:ec:fb:70:08:70:80:5f:51:40:12:b8:c0:6f:c9:ff:a6:a9:
         e1:dc:fe:07:66:db:ce:a7:4f:5c:d1:f9:29:7b:68:97:ec:a3:
         56:43:08:0b:20:e3:6a:02:85:eb:f6:09:50:35:d6:00:3e:9e:
         b2:c1:64:0a:0c:c7:c2:2b:3d:73:55:f1:91:d5:cd:2e:71:90:
         9f:06:1b:ab
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZn9USros6gLNv1hWSETX7A/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUxMDE5MTYzMjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzFiOTE4MDBmMWRmOWI1NTlmNzg0NDc4Yzk1ODNjOGZlYmE4NDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquw2FaHS9+N5bweS2HIs4C5sOZqE
UpAt3UXkVymL/bIGh4mYAA0kjzU1el4BZdyJljKr2BoZ+wma7arcogcw4K66y1V6
pHo5YvxNNZ0/4BrUt1IH6j+PGv/leMbgRseYSjbyYhmr+nejoq52EXl9uNWCr3XU
+9McpqfY84UwwN7PH/7Rnpd6eO27zOM1ETYI+fLJgO3dAbhzp+PBISO6OD+BClDu
uILJwTWISCxY7QcAxFriuTsOW3tRVWvm551s3Jmb5EwS2swWDK6hxV7qPCJohkCx
WXS+wn1NJmJUd4br7OlVhGUaBbC2uX0Yhfh4PogkYpoAsCGv3sL52LMyjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNwbkYAPHfm1WfeER4yVg8j+uoQCMB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvM0J1UmdBOGQtYlZaOTRSSGpKV0R5UDY2aEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbc3BMA0E
AgACMAcDBQAqAfsBMA0GCSqGSIb3DQEBCwUAA4IBAQBMOM0gDr5GOixLCOnRaHCU
fN5ECuLmozxfZUTL8oKZxnRzCP/GyYi1Rx5JX/mq2uJcDaAKWyAbxoM0IuJ6TDeU
v+I57JHt9wtF18KXZACwcg+2dTizX+gnNaw+0mNQ5qUtLx9C3xzbU0ZczkBzXBmb
rX9qrKd+r7/8GKk4rCkT55UZlHZ+FUCWce+Xm2aM5P6UQqHziBRVljqlZnMyeoda
QrjHuQkoucJgR22gbjw7rTlr8AHS7PtwCHCAX1FAErjAb8n/pqnh3P4HZtvOp09c
0fkpe2iX7KNWQwgLIONqAoXr9glQNdYAPp6ywWQKDMfCKz1zVfGR1c0ucZCfBhur
-----END CERTIFICATE-----