Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/MdxXvYUX8k5RqO_aQOQ0V0PGoOg.roa
File:                     MdxXvYUX8k5RqO_aQOQ0V0PGoOg.roa (raw, json)
Hash identifier:          UnoSA1dkwj84rNvlkzUjSUbEJYyWUrNEj7jpKVJfbrQ=
Subject key identifier:   31:DC:57:BD:85:17:F2:4E:51:A8:EF:DA:40:E4:34:57:43:C6:A0:E8
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       0199097FD40303D146B3B4F1B725C60F27D7
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/MdxXvYUX8k5RqO_aQOQ0V0PGoOg.roa
Signing time:             Tue 02 Sep 2025 08:16:36 +0000
ROA not before:           Tue 02 Sep 2025 08:16:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        109.122.9.0/24 maxlen: 24
                          109.122.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:7f:d4:03:03:d1:46:b3:b4:f1:b7:25:c6:0f:27:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Sep  2 08:16:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31dc57bd8517f24e51a8efda40e4345743c6a0e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:af:9e:4d:13:59:c4:f9:d0:84:06:5b:d0:1b:
                    bc:f5:81:de:87:ff:91:d9:f0:56:54:91:31:ef:54:
                    0a:43:c7:92:38:7b:6c:6f:db:ca:57:71:f5:46:de:
                    0a:1c:64:5f:da:9f:8c:48:6e:4d:16:e1:04:e6:2e:
                    d1:ad:39:03:06:77:d0:d7:04:6b:2e:54:5d:5f:62:
                    07:8c:51:b6:5a:6c:f5:18:3f:71:61:1f:16:74:88:
                    55:98:7b:e1:ef:4c:14:37:ef:54:54:0b:b3:17:02:
                    9a:ff:f6:dc:be:7a:80:33:da:84:80:df:06:92:41:
                    6e:36:c3:1b:ad:24:a9:05:b6:09:c5:e7:7a:e0:13:
                    81:c9:18:08:f7:15:43:15:61:b9:d5:33:ef:11:31:
                    47:49:13:cb:4d:e6:06:8b:8e:4f:6c:85:9c:54:44:
                    e2:ca:91:ce:7d:fd:80:69:ff:b9:48:68:99:fd:f7:
                    2e:ca:9e:ab:ce:6a:86:11:86:85:a9:e5:bd:ed:c5:
                    53:75:e7:63:dc:35:90:bf:f0:d7:4c:a5:b3:b5:3b:
                    9d:94:52:f4:79:85:c4:89:73:31:aa:b2:f8:72:d7:
                    43:71:01:34:e2:d5:26:2a:7e:16:34:9f:1c:06:cf:
                    6f:43:76:d0:b3:15:10:34:b9:f5:b9:1e:1e:44:48:
                    63:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:DC:57:BD:85:17:F2:4E:51:A8:EF:DA:40:E4:34:57:43:C6:A0:E8
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/MdxXvYUX8k5RqO_aQOQ0V0PGoOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.9.0/24
                  109.122.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:eb:40:7c:6f:2a:13:4f:7e:ec:0a:22:0e:df:18:28:b4:b3:
         35:bd:fe:72:51:b0:5c:a0:5c:6f:14:85:48:49:f0:ff:92:0c:
         87:f1:ce:ee:62:df:9e:23:53:e1:e6:49:6b:3e:ab:67:f7:76:
         0c:a9:a4:89:56:55:bf:08:f2:f0:7e:96:be:1b:20:82:e8:37:
         cc:8b:5c:05:fc:90:43:6b:c7:db:1b:0e:88:54:aa:71:60:73:
         70:3d:e2:49:9b:0c:3b:d6:ab:a2:74:1c:c2:5a:9d:1c:e0:c2:
         a5:35:a5:56:79:40:41:58:53:38:7c:5d:19:c7:3d:c7:78:12:
         08:87:69:cf:3a:58:d1:61:81:9f:36:e7:dd:16:58:52:2b:af:
         0e:86:85:82:6a:a5:7b:29:6f:82:59:e0:31:7a:93:b5:4c:33:
         76:26:b4:09:00:06:73:16:0f:95:52:9e:67:cd:a5:46:4b:11:
         01:af:39:11:ff:3e:a9:4b:fc:00:79:18:e4:2c:3d:2f:79:8a:
         df:d4:36:2f:20:25:fd:30:e2:d4:f7:88:b9:4b:a5:b0:47:1a:
         17:bb:0a:65:0c:38:a9:62:f6:de:81:1f:64:dd:83:89:fc:74:
         ee:1d:8b:86:45:00:19:ff:e6:53:d4:3d:d7:f9:d4:69:65:65:
         19:e2:e9:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkJf9QDA9FGs7TxtyXGDyfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwOTAyMDgxNjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWRjNTdiZDg1MTdmMjRlNTFhOGVmZGE0MGU0MzQ1NzQzYzZhMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6+eTRNZxPnQhAZb0Bu89YHeh/+R
2fBWVJEx71QKQ8eSOHtsb9vKV3H1Rt4KHGRf2p+MSG5NFuEE5i7RrTkDBnfQ1wRr
LlRdX2IHjFG2Wmz1GD9xYR8WdIhVmHvh70wUN+9UVAuzFwKa//bcvnqAM9qEgN8G
kkFuNsMbrSSpBbYJxed64BOByRgI9xVDFWG51TPvETFHSRPLTeYGi45PbIWcVETi
ypHOff2Aaf+5SGiZ/fcuyp6rzmqGEYaFqeW97cVTdedj3DWQv/DXTKWztTudlFL0
eYXEiXMxqrL4ctdDcQE04tUmKn4WNJ8cBs9vQ3bQsxUQNLn1uR4eREhj7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDHcV72FF/JOUajv2kDkNFdDxqDoMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvTWR4WHZZVVg4azVScU9fYVFPUTBWMFBHb09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXoJAwQA
bXoOMA0GCSqGSIb3DQEBCwUAA4IBAQAg60B8byoTT37sCiIO3xgotLM1vf5yUbBc
oFxvFIVISfD/kgyH8c7uYt+eI1Ph5klrPqtn93YMqaSJVlW/CPLwfpa+GyCC6DfM
i1wF/JBDa8fbGw6IVKpxYHNwPeJJmww71quidBzCWp0c4MKlNaVWeUBBWFM4fF0Z
xz3HeBIIh2nPOljRYYGfNufdFlhSK68OhoWCaqV7KW+CWeAxepO1TDN2JrQJAAZz
Fg+VUp5nzaVGSxEBrzkR/z6pS/wAeRjkLD0veYrf1DYvICX9MOLU94i5S6WwRxoX
uwplDDipYvbegR9k3YOJ/HTuHYuGRQAZ/+ZT1D3X+dRpZWUZ4ul6
-----END CERTIFICATE-----