Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/Oba4hAuny97Df31bzJxNlnurA_w.roa
File:                     Oba4hAuny97Df31bzJxNlnurA_w.roa (raw, json)
Hash identifier:          WjTbH7N/7i/jWBH2Y87xRLmKDBJ26EI2hFXcl5JIA+0=
Subject key identifier:   39:B6:B8:84:0B:A7:CB:DE:C3:7F:7D:5B:CC:9C:4D:96:7B:AB:03:FC
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       0198D1FAB24F9B86F2F0B7746E30E44A6FE8
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/Oba4hAuny97Df31bzJxNlnurA_w.roa
Signing time:             Fri 22 Aug 2025 13:32:04 +0000
ROA not before:           Fri 22 Aug 2025 13:32:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14061
IP address blocks:        109.122.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 06:55:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:fa:b2:4f:9b:86:f2:f0:b7:74:6e:30:e4:4a:6f:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Aug 22 13:32:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39b6b8840ba7cbdec37f7d5bcc9c4d967bab03fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:9c:78:d8:4f:36:d8:f5:d2:4c:5f:50:0b:ad:
                    1d:14:e8:c1:12:17:c4:a0:0e:d7:21:1b:cb:ce:13:
                    5a:d5:c7:0b:34:1f:0b:5a:d3:26:c9:81:ad:9f:96:
                    95:51:c0:c6:eb:3e:47:aa:6a:82:ca:c4:fc:12:e3:
                    6d:ba:a8:4d:dc:3d:7d:59:2b:0f:51:e4:cc:20:a1:
                    74:f9:c3:e6:e4:e0:a6:17:e1:c0:9b:3b:29:f0:57:
                    c8:7c:7e:9a:3c:bf:d3:e3:84:77:74:58:00:05:36:
                    2d:12:5e:41:f7:b0:54:e6:ce:d5:f7:e9:ea:d7:66:
                    54:b8:60:99:93:99:18:6e:e1:41:91:1d:e2:36:44:
                    3a:57:e0:eb:9f:4d:1f:68:b3:32:23:c6:bc:bb:2e:
                    c0:3c:9a:59:78:9e:40:6c:25:e8:4a:d2:fb:2a:68:
                    73:63:38:8f:4e:bd:aa:99:d3:1a:fd:1e:3d:79:27:
                    7a:bf:d0:fc:4c:e3:c4:4c:25:0d:5f:51:a9:73:fe:
                    d6:45:17:e5:f5:d8:20:3c:db:02:e8:62:ea:45:0f:
                    cc:ac:26:66:4f:43:df:d9:4a:03:3c:48:71:69:54:
                    e3:89:e0:a3:76:af:35:8f:37:6b:e5:c6:49:5c:7d:
                    3f:d6:5f:b9:1b:54:c8:2e:01:42:04:80:4d:89:92:
                    97:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B6:B8:84:0B:A7:CB:DE:C3:7F:7D:5B:CC:9C:4D:96:7B:AB:03:FC
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/Oba4hAuny97Df31bzJxNlnurA_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:92:ee:81:3d:e2:c2:71:70:98:03:3e:f4:33:ea:d9:e2:b9:
         35:27:91:07:26:cf:79:4c:81:6a:b9:29:b6:1c:5b:d9:a3:d2:
         ba:d6:bd:52:e4:38:96:aa:49:6a:cb:36:64:e9:df:f7:2b:f6:
         80:6c:07:b3:1d:09:a5:f5:4b:c7:d9:b2:e1:a3:3b:8a:d3:43:
         10:80:26:11:97:d6:49:69:16:56:46:5e:69:41:7d:49:80:94:
         86:a5:97:3b:5a:72:9c:6e:60:0d:b4:c6:73:fb:c4:c9:da:72:
         51:d2:76:34:a9:dc:04:64:ef:cb:34:a1:e0:2b:19:cb:b8:87:
         98:01:64:b1:a6:b0:9d:be:33:7a:d6:a9:95:65:4b:82:46:bc:
         ef:d5:bc:77:72:a3:cf:28:0e:ac:92:0e:df:02:b6:e7:87:fe:
         a6:7a:98:ae:6f:69:fa:92:cf:24:fe:ef:b5:2d:fc:8b:6c:44:
         63:c7:cc:be:db:fd:e9:d9:61:d8:d1:ed:96:fd:32:d5:a4:91:
         25:b1:ac:79:a9:75:36:21:f4:4a:c4:be:8d:69:96:de:36:55:
         00:41:ef:75:02:b9:45:98:91:f8:f8:c4:b0:92:ae:cb:eb:eb:
         ed:6a:70:61:2e:34:9e:fd:d0:9b:dd:28:ad:dd:95:37:9b:b7:
         a6:31:a1:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjR+rJPm4by8Ld0bjDkSm/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwODIyMTMzMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWI2Yjg4NDBiYTdjYmRlYzM3ZjdkNWJjYzljNGQ5NjdiYWIwM2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Zx42E822PXSTF9QC60dFOjBEhfE
oA7XIRvLzhNa1ccLNB8LWtMmyYGtn5aVUcDG6z5HqmqCysT8EuNtuqhN3D19WSsP
UeTMIKF0+cPm5OCmF+HAmzsp8FfIfH6aPL/T44R3dFgABTYtEl5B97BU5s7V9+nq
12ZUuGCZk5kYbuFBkR3iNkQ6V+Drn00faLMyI8a8uy7APJpZeJ5AbCXoStL7Kmhz
YziPTr2qmdMa/R49eSd6v9D8TOPETCUNX1Gpc/7WRRfl9dggPNsC6GLqRQ/MrCZm
T0Pf2UoDPEhxaVTjieCjdq81jzdr5cZJXH0/1l+5G1TILgFCBIBNiZKXBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDm2uIQLp8vew399W8ycTZZ7qwP8MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvT2JhNGhBdW55OTdEZjMxYnpKeE5sbnVyQV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoCMA0G
CSqGSIb3DQEBCwUAA4IBAQAiku6BPeLCcXCYAz70M+rZ4rk1J5EHJs95TIFquSm2
HFvZo9K61r1S5DiWqklqyzZk6d/3K/aAbAezHQml9UvH2bLhozuK00MQgCYRl9ZJ
aRZWRl5pQX1JgJSGpZc7WnKcbmANtMZz+8TJ2nJR0nY0qdwEZO/LNKHgKxnLuIeY
AWSxprCdvjN61qmVZUuCRrzv1bx3cqPPKA6skg7fArbnh/6mepiub2n6ks8k/u+1
LfyLbERjx8y+2/3p2WHY0e2W/TLVpJElsax5qXU2IfRKxL6NaZbeNlUAQe91ArlF
mJH4+MSwkq7L6+vtanBhLjSe/dCb3Sit3ZU3m7emMaGc
-----END CERTIFICATE-----