Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/PsmRSosaJeQmzFSK3qy4_ABXXTU.roa
File:                     PsmRSosaJeQmzFSK3qy4_ABXXTU.roa (raw, json)
Hash identifier:          Y7apUM55LCHcQ0UAKmKLhKFwZ/5OJTrUlZSSaxMEOws=
Subject key identifier:   3E:C9:91:4A:8B:1A:25:E4:26:CC:54:8A:DE:AC:B8:FC:00:57:5D:35
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0196C497959239C8824619216074CF5E984C
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/PsmRSosaJeQmzFSK3qy4_ABXXTU.roa
Signing time:             Mon 12 May 2025 13:03:10 +0000
ROA not before:           Mon 12 May 2025 13:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215567
IP address blocks:        109.122.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c4:97:95:92:39:c8:82:46:19:21:60:74:cf:5e:98:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: May 12 13:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ec9914a8b1a25e426cc548adeacb8fc00575d35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1f:b6:2d:b3:85:ef:32:d0:4b:9d:62:00:3e:
                    d3:c5:87:12:cb:26:f4:8a:83:6e:52:2d:22:81:d4:
                    45:5d:98:fa:d2:c8:39:f4:a2:de:3d:27:7c:a7:c3:
                    04:a8:f0:ca:13:2c:67:58:b8:79:7c:99:64:8e:2f:
                    35:45:38:40:93:26:f3:98:bc:16:46:79:16:17:a2:
                    a1:45:c0:e9:e1:32:e2:9a:d4:63:6f:b6:5d:31:27:
                    ce:2e:0f:b0:93:95:c4:e2:e1:84:92:5b:3b:88:d2:
                    71:53:15:f8:93:29:74:0c:52:c4:ce:ad:a3:fb:2a:
                    c0:d8:80:de:f1:e8:22:3b:e2:c1:1e:87:a6:5a:ac:
                    b8:5b:30:f6:4c:43:fc:00:3e:0d:a8:c4:3e:61:1c:
                    86:21:79:21:5d:b4:d5:b1:65:56:22:60:61:0b:09:
                    83:7c:c1:b3:1d:58:f8:5b:54:52:38:65:d6:c4:1d:
                    d1:52:4b:59:8a:8e:c1:6d:0e:60:d7:e7:95:fa:4f:
                    1e:dc:10:ad:5c:7a:ed:d5:91:93:e9:02:5b:53:95:
                    dc:a4:b2:fa:68:1d:fd:97:6e:0f:89:9e:33:ca:54:
                    9e:2c:5a:fc:c8:60:c1:cf:73:15:b1:fb:ec:8b:ff:
                    28:c6:cb:d1:c1:24:8b:d6:d7:54:01:e8:4c:bc:c7:
                    34:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C9:91:4A:8B:1A:25:E4:26:CC:54:8A:DE:AC:B8:FC:00:57:5D:35
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/PsmRSosaJeQmzFSK3qy4_ABXXTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:36:27:55:11:fe:83:0d:35:7c:44:95:71:d7:c3:83:5c:47:
         8e:cd:c1:c2:a2:8b:c3:b6:ae:cd:bf:06:e8:98:23:bd:e4:0c:
         52:8a:2a:fc:bb:d3:24:f1:8f:72:7f:7f:8d:11:38:10:ee:1e:
         de:7a:91:02:a1:54:00:cc:b3:0b:c8:df:5f:87:30:9c:48:bc:
         a7:5b:64:30:d8:c6:96:6a:43:cb:85:4e:b1:69:ff:a5:01:6d:
         8e:9d:94:b9:76:16:ee:1a:6c:f3:c7:a4:e2:30:08:85:c5:51:
         57:53:6b:ca:80:74:1e:7a:ba:08:8e:ee:67:10:d9:8b:03:85:
         ab:cb:91:b2:f8:ff:e2:60:91:db:2a:90:ef:52:82:40:94:91:
         b7:b9:40:e2:0e:45:ec:60:49:28:1b:e5:f7:ba:9a:8c:58:ef:
         32:51:5b:b8:57:28:32:12:79:9f:26:0e:13:6f:de:33:b3:62:
         e9:07:ed:bd:2b:97:cf:33:3c:be:2f:ec:1b:bd:d1:cc:6b:61:
         b4:7a:5e:c0:65:b5:b9:df:19:11:f7:67:50:0a:39:e8:9e:78:
         e5:cd:6d:6f:ec:b4:5d:c7:a1:50:18:31:ca:95:27:a3:f8:27:
         16:be:df:89:5a:df:4e:32:10:7b:23:d4:3a:d3:6f:3f:ed:44:
         25:d0:29:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbEl5WSOciCRhkhYHTPXphMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNTEyMTMwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWM5OTE0YThiMWEyNWU0MjZjYzU0OGFkZWFjYjhmYzAwNTc1ZDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnx+2LbOF7zLQS51iAD7TxYcSyyb0
ioNuUi0igdRFXZj60sg59KLePSd8p8MEqPDKEyxnWLh5fJlkji81RThAkybzmLwW
RnkWF6KhRcDp4TLimtRjb7ZdMSfOLg+wk5XE4uGEkls7iNJxUxX4kyl0DFLEzq2j
+yrA2IDe8egiO+LBHoemWqy4WzD2TEP8AD4NqMQ+YRyGIXkhXbTVsWVWImBhCwmD
fMGzHVj4W1RSOGXWxB3RUktZio7BbQ5g1+eV+k8e3BCtXHrt1ZGT6QJbU5XcpLL6
aB39l24PiZ4zylSeLFr8yGDBz3MVsfvsi/8oxsvRwSSL1tdUAehMvMc0XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7JkUqLGiXkJsxUit6suPwAV101MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvUHNtUlNvc2FKZVFtekZTSzNxeTRfQUJYWFRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo/MA0G
CSqGSIb3DQEBCwUAA4IBAQC0NidVEf6DDTV8RJVx18ODXEeOzcHCoovDtq7Nvwbo
mCO95AxSiir8u9Mk8Y9yf3+NETgQ7h7eepECoVQAzLMLyN9fhzCcSLynW2Qw2MaW
akPLhU6xaf+lAW2OnZS5dhbuGmzzx6TiMAiFxVFXU2vKgHQeeroIju5nENmLA4Wr
y5Gy+P/iYJHbKpDvUoJAlJG3uUDiDkXsYEkoG+X3upqMWO8yUVu4VygyEnmfJg4T
b94zs2LpB+29K5fPMzy+L+wbvdHMa2G0el7AZbW53xkR92dQCjnonnjlzW1v7LRd
x6FQGDHKlSej+CcWvt+JWt9OMhB7I9Q6028/7UQl0Cml
-----END CERTIFICATE-----