Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/WqefT10pVmAzT9NPiI-E6-xoweo.roa
File:                     WqefT10pVmAzT9NPiI-E6-xoweo.roa (raw, json)
Hash identifier:          Yt9QC5ziEpKUKvue5rFGz5ej/PwgyPEl9j2967Q5YLI=
Subject key identifier:   5A:A7:9F:4F:5D:29:56:60:33:4F:D3:4F:88:8F:84:EB:EC:68:C1:EA
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01994E3CDC8A2AED50D9F8C7729BBB200DA3
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/WqefT10pVmAzT9NPiI-E6-xoweo.roa
Signing time:             Mon 15 Sep 2025 16:37:15 +0000
ROA not before:           Mon 15 Sep 2025 16:37:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        109.122.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:3c:dc:8a:2a:ed:50:d9:f8:c7:72:9b:bb:20:0d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Sep 15 16:37:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5aa79f4f5d295660334fd34f888f84ebec68c1ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:54:62:98:f5:1a:10:6d:f0:ab:5f:56:3f:21:
                    ac:ce:49:4d:3c:5f:51:2c:a0:e7:a3:d1:2c:53:24:
                    e2:88:24:69:df:52:0c:23:a3:39:90:54:37:3a:a5:
                    2e:47:87:f5:61:d0:7f:d8:23:9d:57:e0:59:d1:5d:
                    69:db:01:74:da:77:70:46:74:4c:f6:31:f4:e5:f3:
                    10:9f:f3:dc:fb:fe:1e:4f:5f:cd:f4:9c:d3:51:91:
                    e0:34:6a:fc:39:86:b2:0c:64:3e:89:a3:e3:48:e3:
                    39:c3:55:53:e9:a4:51:d7:32:a7:56:0b:a8:32:bb:
                    24:bb:9d:1a:f0:7a:2a:b7:54:7d:d1:e1:d4:8b:8c:
                    52:00:4b:98:fe:94:6f:8e:30:2d:e4:6c:89:b0:11:
                    b5:26:b2:06:fd:f8:b4:85:86:0a:bb:f2:31:3e:5a:
                    26:6d:d7:95:02:cd:a2:9a:48:7b:1f:52:b4:f1:7b:
                    c8:d3:7c:53:9f:72:36:fe:7d:2c:82:50:b6:8c:47:
                    3d:29:79:54:33:6b:d3:95:f2:f7:64:07:48:72:9f:
                    e3:af:0c:f3:e9:cf:21:9e:c5:c5:55:3a:14:e0:c6:
                    e0:55:57:e6:4a:97:6b:03:39:ee:cd:8f:b4:1c:63:
                    eb:3f:40:d8:d6:bd:89:7a:73:8e:c5:9d:94:ff:18:
                    32:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:A7:9F:4F:5D:29:56:60:33:4F:D3:4F:88:8F:84:EB:EC:68:C1:EA
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/WqefT10pVmAzT9NPiI-E6-xoweo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:5d:86:69:02:a4:23:d8:4d:9e:79:23:7f:66:bd:07:65:52:
         50:52:d2:50:08:fd:97:08:8c:46:54:92:3f:fe:48:9f:7f:d1:
         5f:22:e1:8c:a8:c8:03:ac:63:f4:58:a5:a1:bd:56:c2:26:76:
         62:5d:e8:3c:4a:40:91:d3:79:ab:41:c7:1b:c9:e1:86:72:4f:
         ba:45:ff:e1:0f:dd:95:f0:fd:71:16:70:f2:4b:bc:e7:a1:48:
         8f:0b:e5:d7:60:e0:a2:2f:73:6d:79:e1:17:21:54:e8:0d:50:
         cf:3a:55:a0:fe:a1:fa:b5:a5:e4:d2:04:2e:8e:7f:f0:fe:79:
         d7:b9:66:c9:23:eb:60:84:a9:3b:69:93:80:e9:a0:89:86:b3:
         e7:6c:05:26:4f:20:c7:17:78:b2:28:c7:bb:aa:11:05:b0:ff:
         20:38:a9:ee:03:20:d1:0b:dd:dd:41:a8:28:80:7b:bd:d3:61:
         ee:78:49:ba:df:f3:1d:66:1c:0f:85:47:31:13:52:10:c2:07:
         41:d5:87:d8:9d:66:5c:d8:ed:0f:14:a8:0b:e9:56:06:93:25:
         32:ec:4f:87:dd:b7:74:70:3f:7f:7e:5d:d2:6c:0a:0c:5d:4c:
         15:ef:ff:f2:a1:12:b4:02:0b:8f:c1:c7:bc:d0:20:79:72:04:
         f8:8f:ae:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlOPNyKKu1Q2fjHcpu7IA2jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwOTE1MTYzNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWE3OWY0ZjVkMjk1NjYwMzM0ZmQzNGY4ODhmODRlYmVjNjhjMWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VRimPUaEG3wq19WPyGszklNPF9R
LKDno9EsUyTiiCRp31IMI6M5kFQ3OqUuR4f1YdB/2COdV+BZ0V1p2wF02ndwRnRM
9jH05fMQn/Pc+/4eT1/N9JzTUZHgNGr8OYayDGQ+iaPjSOM5w1VT6aRR1zKnVguo
Mrsku50a8Hoqt1R90eHUi4xSAEuY/pRvjjAt5GyJsBG1JrIG/fi0hYYKu/IxPlom
bdeVAs2imkh7H1K08XvI03xTn3I2/n0sglC2jEc9KXlUM2vTlfL3ZAdIcp/jrwzz
6c8hnsXFVToU4MbgVVfmSpdrAznuzY+0HGPrP0DY1r2JenOOxZ2U/xgyLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqnn09dKVZgM0/TT4iPhOvsaMHqMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvV3FlZlQxMHBWbUF6VDlOUGlJLUU2LXhvd2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXocMA0G
CSqGSIb3DQEBCwUAA4IBAQA6XYZpAqQj2E2eeSN/Zr0HZVJQUtJQCP2XCIxGVJI/
/kiff9FfIuGMqMgDrGP0WKWhvVbCJnZiXeg8SkCR03mrQccbyeGGck+6Rf/hD92V
8P1xFnDyS7znoUiPC+XXYOCiL3NteeEXIVToDVDPOlWg/qH6taXk0gQujn/w/nnX
uWbJI+tghKk7aZOA6aCJhrPnbAUmTyDHF3iyKMe7qhEFsP8gOKnuAyDRC93dQago
gHu902HueEm63/MdZhwPhUcxE1IQwgdB1YfYnWZc2O0PFKgL6VYGkyUy7E+H3bd0
cD9/fl3SbAoMXUwV7//yoRK0AguPwce80CB5cgT4j67n
-----END CERTIFICATE-----