Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/9IyIXdCtqhwkrbWE9WPF7glG1-E.roa
File:                     9IyIXdCtqhwkrbWE9WPF7glG1-E.roa (raw, json)
Hash identifier:          OALmr5wP798VcfVXTqFGaDeGq4wIVZd+quls6gLJenA=
Subject key identifier:   F4:8C:88:5D:D0:AD:AA:1C:24:AD:B5:84:F5:63:C5:EE:09:46:D7:E1
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0198D0E8F3DA04D88BA9702EA44F8A36314A
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/9IyIXdCtqhwkrbWE9WPF7glG1-E.roa
Signing time:             Fri 22 Aug 2025 08:33:04 +0000
ROA not before:           Fri 22 Aug 2025 08:33:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        109.122.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d0:e8:f3:da:04:d8:8b:a9:70:2e:a4:4f:8a:36:31:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Aug 22 08:33:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f48c885dd0adaa1c24adb584f563c5ee0946d7e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fc:d1:20:07:bb:9b:d1:ad:7a:6e:89:24:b6:
                    f7:58:44:c4:bd:19:e6:c0:55:e2:c5:70:83:84:a2:
                    b1:2d:20:e7:ea:ba:6f:bc:cf:e5:ca:cb:7c:56:40:
                    6d:cc:4a:85:f4:d5:5a:89:eb:d5:fe:cf:e9:8a:2c:
                    af:1a:9c:b2:76:52:9a:20:f9:52:91:93:e8:d5:dc:
                    4b:ec:63:ef:6d:fe:f7:44:37:b8:9c:54:15:6b:25:
                    1a:49:d8:2d:3d:2c:d4:ce:29:23:c4:99:e9:5d:d2:
                    d3:a3:a8:1b:d8:96:6c:ca:76:34:06:71:8c:fc:18:
                    38:71:88:41:64:21:ff:c4:9d:db:ae:e2:1b:44:12:
                    b9:55:b4:52:cc:49:5a:e4:8a:fa:7b:9d:da:0f:66:
                    8b:91:12:7a:3c:52:f2:64:f4:ae:55:fb:cf:6a:94:
                    72:7a:12:83:bd:2f:e0:81:0b:83:d3:49:5e:46:3b:
                    3d:0f:c5:1d:da:7c:e5:2a:86:1b:f2:16:9f:4b:41:
                    80:bf:19:5a:ce:ca:88:9b:13:fa:a9:f0:fe:a4:fb:
                    a1:aa:81:f0:c2:f6:d4:c8:c0:a5:85:5a:30:47:13:
                    85:2f:c7:af:9d:54:73:e2:67:97:4e:fd:53:c1:38:
                    3a:c3:d7:5c:84:61:1a:33:5a:c8:b7:f1:a8:8a:72:
                    79:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8C:88:5D:D0:AD:AA:1C:24:AD:B5:84:F5:63:C5:EE:09:46:D7:E1
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/9IyIXdCtqhwkrbWE9WPF7glG1-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:4e:31:d5:37:c8:34:0c:55:6d:3a:21:78:99:3b:c7:60:1a:
         72:05:e4:5b:47:39:65:b7:4e:b9:eb:7a:85:87:21:33:91:07:
         47:e5:93:55:53:a6:c0:29:a3:85:6f:0d:c5:6f:ad:3e:13:ec:
         92:d8:d0:1a:52:0c:da:d1:03:61:11:1d:35:ac:8d:16:03:95:
         b0:79:d9:26:97:05:b4:f5:ed:d8:2c:eb:68:03:b2:06:45:2e:
         5e:6f:b4:f3:39:d9:ee:5a:29:cf:0a:69:08:1f:ee:ff:38:ed:
         43:d9:f4:69:85:51:e1:e6:cd:06:e2:5c:fd:ba:36:a2:59:f1:
         cd:8d:87:e8:82:07:5e:02:90:dd:2f:a9:af:f3:d2:64:c4:4d:
         67:24:d4:37:0e:60:02:17:58:f0:2e:e2:44:03:e0:86:d9:bd:
         e1:27:11:83:27:28:1b:33:f4:ef:30:ba:c4:27:6e:06:37:ef:
         eb:a1:e9:32:1a:b8:4e:a4:4e:e7:58:14:ab:dd:32:56:5f:54:
         fd:7a:99:e8:fe:97:20:0d:a7:a0:07:17:cc:77:a9:df:0e:0c:
         bd:2d:72:55:ca:ae:b1:b0:78:bc:c5:ec:90:ab:80:fa:eb:9f:
         64:5f:47:3d:aa:17:94:88:d8:84:1f:46:12:d3:c3:a5:a9:7c:
         ef:49:1a:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjQ6PPaBNiLqXAupE+KNjFKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwODIyMDgzMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDhjODg1ZGQwYWRhYTFjMjRhZGI1ODRmNTYzYzVlZTA5NDZkN2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfzRIAe7m9Gtem6JJLb3WETEvRnm
wFXixXCDhKKxLSDn6rpvvM/lyst8VkBtzEqF9NVaievV/s/piiyvGpyydlKaIPlS
kZPo1dxL7GPvbf73RDe4nFQVayUaSdgtPSzUzikjxJnpXdLTo6gb2JZsynY0BnGM
/Bg4cYhBZCH/xJ3bruIbRBK5VbRSzEla5Ir6e53aD2aLkRJ6PFLyZPSuVfvPapRy
ehKDvS/ggQuD00leRjs9D8Ud2nzlKoYb8hafS0GAvxlazsqImxP6qfD+pPuhqoHw
wvbUyMClhVowRxOFL8evnVRz4meXTv1TwTg6w9dchGEaM1rIt/GoinJ5DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSMiF3QraocJK21hPVjxe4JRtfhMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvOUl5SVhkQ3RxaHdrcmJXRTlXUEY3Z2xHMS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo6MA0G
CSqGSIb3DQEBCwUAA4IBAQCVTjHVN8g0DFVtOiF4mTvHYBpyBeRbRzllt06563qF
hyEzkQdH5ZNVU6bAKaOFbw3Fb60+E+yS2NAaUgza0QNhER01rI0WA5WwedkmlwW0
9e3YLOtoA7IGRS5eb7TzOdnuWinPCmkIH+7/OO1D2fRphVHh5s0G4lz9ujaiWfHN
jYfoggdeApDdL6mv89JkxE1nJNQ3DmACF1jwLuJEA+CG2b3hJxGDJygbM/TvMLrE
J24GN+/roekyGrhOpE7nWBSr3TJWX1T9epno/pcgDaegBxfMd6nfDgy9LXJVyq6x
sHi8xeyQq4D6659kX0c9qheUiNiEH0YS08OlqXzvSRoJ
-----END CERTIFICATE-----