Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/r5zpnXZJQmGaucbT9nfnGqrAy_4.roa
File:                     r5zpnXZJQmGaucbT9nfnGqrAy_4.roa (raw, json)
Hash identifier:          uph5w+q62qy1pdp+wA0cbOL2VoqkZnTCgXDwY/KSZKQ=
Subject key identifier:   AF:9C:E9:9D:76:49:42:61:9A:B9:C6:D3:F6:77:E7:1A:AA:C0:CB:FE
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       0198D1F61E64721288CD81B383D7B21599EF
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/r5zpnXZJQmGaucbT9nfnGqrAy_4.roa
Signing time:             Fri 22 Aug 2025 13:27:04 +0000
ROA not before:           Fri 22 Aug 2025 13:27:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400909
IP address blocks:        109.122.0.0/24 maxlen: 24
                          109.122.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:f6:1e:64:72:12:88:cd:81:b3:83:d7:b2:15:99:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Aug 22 13:27:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af9ce99d764942619ab9c6d3f677e71aaac0cbfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a4:11:48:b7:b4:dd:2b:5c:af:b5:aa:0b:59:
                    86:0b:ee:03:c7:e9:fd:22:84:f1:4d:d2:a1:8b:7e:
                    74:7c:42:78:35:7d:75:5c:fe:01:69:16:f4:81:38:
                    59:47:fd:14:0c:58:64:17:bd:d3:56:a2:7a:01:3f:
                    e8:1d:14:18:66:48:af:df:8d:f8:92:6d:2f:36:f3:
                    8a:d8:82:28:a5:59:3d:a3:0c:23:36:7c:f6:b9:93:
                    aa:41:fb:0a:bd:0f:64:d9:60:75:25:d9:53:4c:c0:
                    44:7d:74:11:c7:a8:ba:bd:ae:6a:16:ca:60:e4:a5:
                    37:2c:25:dd:af:fc:db:3f:72:e0:c0:ef:99:9b:e9:
                    e4:d0:77:5c:0f:8a:4c:5c:b1:a2:b8:f7:61:6c:d1:
                    d0:76:77:d5:b8:ad:5f:ee:78:b7:02:92:2b:2b:ee:
                    30:c9:8b:bb:29:81:43:d9:de:fd:6d:29:f3:9b:8b:
                    07:5f:39:2e:af:0d:08:5f:a5:84:fe:52:7d:51:66:
                    74:d6:9a:76:6a:39:b9:c7:5a:84:15:18:8f:64:13:
                    3c:5b:b8:b5:d0:e3:6c:40:6c:dd:7b:a2:37:25:52:
                    ea:e4:16:ce:9b:dd:5f:b9:33:e9:11:bf:90:8f:b3:
                    05:41:d6:58:2c:20:80:f0:22:8b:cd:2c:e5:13:21:
                    70:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:9C:E9:9D:76:49:42:61:9A:B9:C6:D3:F6:77:E7:1A:AA:C0:CB:FE
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/r5zpnXZJQmGaucbT9nfnGqrAy_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.0.0/24
                  109.122.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:08:b5:de:da:87:4a:a8:31:f3:78:f1:5c:bc:7c:38:69:31:
         e5:df:56:08:03:ca:81:bc:47:f2:34:e6:d4:79:8f:ab:73:25:
         59:17:97:53:b6:8b:9e:1c:18:9e:07:d3:ee:18:16:a7:54:d3:
         b8:1e:44:9c:66:c0:39:a8:d9:7b:aa:e4:08:d3:f3:cd:e3:5e:
         c4:9b:10:a2:f4:c1:9e:de:a3:31:3c:3b:dc:2d:18:90:1b:66:
         89:66:a8:89:10:09:94:ec:07:60:7f:b7:90:b9:83:0c:18:10:
         52:2f:21:e2:ec:22:fb:99:bf:25:a0:aa:ef:33:d2:95:35:13:
         0a:4e:96:6b:2e:53:d9:09:8d:db:78:3e:be:c6:fb:13:47:67:
         16:4e:da:93:fb:4c:3d:80:39:9b:cf:8a:f8:93:27:88:eb:53:
         52:66:76:4f:5b:84:4c:04:98:c5:df:85:35:9e:27:05:2d:7a:
         d3:cc:6d:d9:0d:1e:0f:b1:a4:bf:30:39:88:77:94:4c:a2:88:
         81:16:f8:8c:80:de:93:4f:66:a3:d7:a2:5a:2d:ee:59:f1:ab:
         13:b1:36:d0:74:00:32:cf:52:cd:cd:22:2c:d3:e4:2b:0b:65:
         b7:f8:c7:6a:2a:fe:b1:6f:b4:c6:1c:1d:93:16:b0:2b:6f:18:
         2f:cc:6c:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjR9h5kchKIzYGzg9eyFZnvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwODIyMTMyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjljZTk5ZDc2NDk0MjYxOWFiOWM2ZDNmNjc3ZTcxYWFhYzBjYmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6QRSLe03Stcr7WqC1mGC+4Dx+n9
IoTxTdKhi350fEJ4NX11XP4BaRb0gThZR/0UDFhkF73TVqJ6AT/oHRQYZkiv3434
km0vNvOK2IIopVk9owwjNnz2uZOqQfsKvQ9k2WB1JdlTTMBEfXQRx6i6va5qFspg
5KU3LCXdr/zbP3LgwO+Zm+nk0HdcD4pMXLGiuPdhbNHQdnfVuK1f7ni3ApIrK+4w
yYu7KYFD2d79bSnzm4sHXzkurw0IX6WE/lJ9UWZ01pp2ajm5x1qEFRiPZBM8W7i1
0ONsQGzde6I3JVLq5BbOm91fuTPpEb+Qj7MFQdZYLCCA8CKLzSzlEyFwVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK+c6Z12SUJhmrnG0/Z35xqqwMv+MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvcjV6cG5YWkpRbUdhdWNiVDluZm5HcXJBeV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXoAAwQA
bXoOMA0GCSqGSIb3DQEBCwUAA4IBAQAgCLXe2odKqDHzePFcvHw4aTHl31YIA8qB
vEfyNObUeY+rcyVZF5dTtoueHBieB9PuGBanVNO4HkScZsA5qNl7quQI0/PN417E
mxCi9MGe3qMxPDvcLRiQG2aJZqiJEAmU7Adgf7eQuYMMGBBSLyHi7CL7mb8loKrv
M9KVNRMKTpZrLlPZCY3beD6+xvsTR2cWTtqT+0w9gDmbz4r4kyeI61NSZnZPW4RM
BJjF34U1nicFLXrTzG3ZDR4PsaS/MDmId5RMooiBFviMgN6TT2aj16JaLe5Z8asT
sTbQdAAyz1LNzSIs0+QrC2W3+MdqKv6xb7TGHB2TFrArbxgvzGze
-----END CERTIFICATE-----