Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/c1QEBkwZJTZgFKUcbn3xIA8pdjo.roa
File:                     c1QEBkwZJTZgFKUcbn3xIA8pdjo.roa (raw, json)
Hash identifier:          8kaxbWHuGnNv7ua7OOOvONsEfTPpavIlvOAV4+e3Mqw=
Subject key identifier:   73:54:04:06:4C:19:25:36:60:14:A5:1C:6E:7D:F1:20:0F:29:76:3A
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01987DB102A7329648093501DC9169D813C6
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/c1QEBkwZJTZgFKUcbn3xIA8pdjo.roa
Signing time:             Wed 06 Aug 2025 04:43:29 +0000
ROA not before:           Wed 06 Aug 2025 04:43:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22439
IP address blocks:        109.122.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 06:55:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7d:b1:02:a7:32:96:48:09:35:01:dc:91:69:d8:13:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Aug  6 04:43:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=735404064c1925366014a51c6e7df1200f29763a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1f:47:ac:1b:6d:e9:03:93:a0:00:f5:cc:46:
                    21:1c:f1:9d:db:49:10:15:6a:7c:d2:d7:db:cb:65:
                    b4:ff:d3:b5:75:2a:13:82:95:cd:c0:72:f5:90:99:
                    ac:97:5f:dd:15:1f:7c:a8:0f:0d:6b:e3:d7:e2:b7:
                    5b:22:15:31:97:ab:d9:df:5c:69:dc:d0:98:b9:19:
                    ed:1d:2c:d1:a9:c3:00:08:26:11:83:09:4e:d1:e5:
                    e4:6d:67:41:a9:33:a7:0d:a0:d1:87:b9:36:42:fd:
                    7d:b9:47:bf:a9:69:44:2b:d2:c9:db:35:a7:ee:d2:
                    52:70:c3:7f:e5:d8:52:1e:85:31:b2:6c:ef:44:90:
                    2b:4b:73:f2:65:a2:d6:53:d4:bf:a8:5a:fc:d4:6c:
                    bd:75:9c:3f:8f:53:20:d0:80:a2:e9:d1:4c:05:11:
                    38:b1:d7:56:ed:6e:f0:a7:29:fc:94:9e:09:90:1a:
                    01:49:76:9f:19:1d:f5:f3:83:ef:17:8f:ef:e7:ca:
                    72:0e:4f:3a:c5:2e:61:75:63:05:32:7d:44:9d:10:
                    05:a4:a5:8a:6c:1a:a6:f9:61:67:b1:bd:9a:87:6b:
                    02:66:18:46:2b:cc:63:07:00:7e:24:3e:af:6d:bf:
                    13:9f:c1:ff:df:11:c1:96:f9:ea:a0:93:55:0e:ce:
                    11:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:54:04:06:4C:19:25:36:60:14:A5:1C:6E:7D:F1:20:0F:29:76:3A
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/c1QEBkwZJTZgFKUcbn3xIA8pdjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:1c:f3:79:d1:39:31:d1:f7:a1:0a:0c:80:7c:79:fe:65:0d:
         b8:19:1f:c6:6d:09:a2:52:88:67:80:6a:e4:1e:4f:86:53:68:
         23:f7:d2:ce:6f:d1:c9:06:7f:0f:2b:69:76:1d:ac:e5:0d:02:
         26:85:13:b6:64:a9:18:30:e0:f5:3a:78:b4:51:ce:b0:c3:04:
         f1:45:b1:49:27:00:6f:7e:a1:fd:26:75:6f:44:2d:e7:e1:3d:
         3e:7c:26:99:da:25:a6:66:a6:35:7f:d2:19:b0:9a:a7:a7:7b:
         36:14:86:8b:53:a1:0c:2a:6f:c4:b4:39:8a:c8:f8:ee:b9:de:
         a5:85:a6:96:fb:c9:9d:a6:a9:68:96:09:b6:2a:bc:18:f8:72:
         9a:02:58:5d:46:a2:50:90:fe:4e:df:da:a0:95:c7:ac:b7:2c:
         95:18:4a:a9:8b:00:6c:33:ff:4b:51:dd:7a:91:c6:d7:be:a9:
         ec:70:d9:18:ff:cd:10:5b:1f:3f:7e:2f:59:d3:96:43:9e:7b:
         16:e6:fa:3e:f3:d3:3d:0f:61:3c:2b:75:8a:ef:f3:d0:b6:51:
         7d:a3:59:62:3d:fd:9c:cb:36:0f:66:8b:3d:d9:29:6f:3d:5d:
         c2:04:b9:8c:d3:e7:13:2d:7e:05:04:2e:4d:c4:83:a6:a0:5f:
         2c:51:21:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh9sQKnMpZICTUB3JFp2BPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwODA2MDQ0MzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzU0MDQwNjRjMTkyNTM2NjAxNGE1MWM2ZTdkZjEyMDBmMjk3NjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh9HrBtt6QOToAD1zEYhHPGd20kQ
FWp80tfby2W0/9O1dSoTgpXNwHL1kJmsl1/dFR98qA8Na+PX4rdbIhUxl6vZ31xp
3NCYuRntHSzRqcMACCYRgwlO0eXkbWdBqTOnDaDRh7k2Qv19uUe/qWlEK9LJ2zWn
7tJScMN/5dhSHoUxsmzvRJArS3PyZaLWU9S/qFr81Gy9dZw/j1Mg0ICi6dFMBRE4
sddW7W7wpyn8lJ4JkBoBSXafGR3184PvF4/v58pyDk86xS5hdWMFMn1EnRAFpKWK
bBqm+WFnsb2ah2sCZhhGK8xjBwB+JD6vbb8Tn8H/3xHBlvnqoJNVDs4RPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNUBAZMGSU2YBSlHG598SAPKXY6MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvYzFRRUJrd1pKVFpnRktVY2JuM3hJQThwZGpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoSMA0G
CSqGSIb3DQEBCwUAA4IBAQAmHPN50Tkx0fehCgyAfHn+ZQ24GR/GbQmiUohngGrk
Hk+GU2gj99LOb9HJBn8PK2l2HazlDQImhRO2ZKkYMOD1Oni0Uc6wwwTxRbFJJwBv
fqH9JnVvRC3n4T0+fCaZ2iWmZqY1f9IZsJqnp3s2FIaLU6EMKm/EtDmKyPjuud6l
haaW+8mdpqlolgm2KrwY+HKaAlhdRqJQkP5O39qglcestyyVGEqpiwBsM/9LUd16
kcbXvqnscNkY/80QWx8/fi9Z05ZDnnsW5vo+89M9D2E8K3WK7/PQtlF9o1liPf2c
yzYPZos92SlvPV3CBLmM0+cTLX4FBC5NxIOmoF8sUSHZ
-----END CERTIFICATE-----