Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/dx58yh-dSv2JgPIFomDm2gd-Re4.roa
File:                     dx58yh-dSv2JgPIFomDm2gd-Re4.roa (raw, json)
Hash identifier:          xlQAPIKpbZbxvxscJLu/dA02W65rF8gyeeFSGhxfjxo=
Subject key identifier:   77:1E:7C:CA:1F:9D:4A:FD:89:80:F2:05:A2:60:E6:DA:07:7E:45:EE
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019788CFF1B33FC8B7DB8F60F4215420CEA5
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/dx58yh-dSv2JgPIFomDm2gd-Re4.roa
Signing time:             Thu 19 Jun 2025 15:30:18 +0000
ROA not before:           Thu 19 Jun 2025 15:30:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208063
IP address blocks:        109.122.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:cf:f1:b3:3f:c8:b7:db:8f:60:f4:21:54:20:ce:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jun 19 15:30:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=771e7cca1f9d4afd8980f205a260e6da077e45ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:0a:e7:cb:b0:bf:18:51:0c:bd:09:79:1b:d9:
                    49:dc:32:7c:af:1f:7c:87:a6:7b:ab:d6:b4:37:ff:
                    e9:c9:61:65:d4:01:8c:c4:2e:37:d8:d8:02:1c:ba:
                    c6:1b:9b:5a:00:7c:e4:78:91:8f:d2:18:d9:e8:ca:
                    7c:0d:0b:02:09:d1:c3:12:b3:c8:44:0e:aa:fc:cd:
                    3f:67:c0:04:7e:02:bb:d1:57:ac:0d:81:92:c0:a3:
                    f5:94:a5:82:47:f1:f8:f0:22:6f:5e:68:4d:c4:ab:
                    01:e1:5d:65:0e:ce:57:c8:99:0b:c9:cb:da:91:44:
                    e8:67:d6:20:bc:20:17:0b:05:60:f5:c5:c5:82:61:
                    95:5c:93:66:89:b3:74:92:45:b8:a9:d5:2a:6c:c2:
                    3b:33:61:e7:01:61:4d:e8:b1:5e:6f:cc:2b:fa:cf:
                    25:b1:17:95:91:48:01:9d:47:04:f7:4b:01:2b:24:
                    d7:01:8b:13:61:89:27:7a:82:7c:92:5d:eb:e9:49:
                    b5:18:61:55:ab:a3:d2:8d:8a:62:a3:c3:4f:50:c7:
                    6d:0c:9f:7a:d5:68:34:cc:33:98:f3:8c:7d:0b:5f:
                    7f:ea:4b:d9:c1:a5:1f:30:d9:df:bb:fc:5f:d0:2f:
                    54:e5:3c:f9:dc:c6:04:10:53:f5:1b:bf:7f:74:2f:
                    3a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:1E:7C:CA:1F:9D:4A:FD:89:80:F2:05:A2:60:E6:DA:07:7E:45:EE
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/dx58yh-dSv2JgPIFomDm2gd-Re4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:3e:9d:0a:e3:01:4d:1e:8d:a5:84:f6:18:3f:0d:e9:92:48:
         49:07:27:b2:01:84:5a:a6:a5:e3:d4:51:ae:11:70:2d:5c:16:
         60:b3:e7:33:a4:1c:eb:d5:9c:ab:5d:22:d9:62:dd:a0:25:fc:
         5b:6f:a7:84:e2:0d:a8:36:56:48:70:4e:e9:57:04:3a:9f:6f:
         f2:bc:90:dc:59:ad:75:91:c0:76:bd:ab:30:86:8f:07:e0:ff:
         47:b6:6c:2e:06:c9:0c:8a:10:19:99:b0:3e:a5:c2:b4:c8:a5:
         da:f1:ea:22:f2:cf:a0:a0:7c:b9:59:d6:6a:c9:e0:ad:af:b4:
         9b:ab:07:7b:94:a3:92:12:c2:96:9b:4c:9e:d7:85:f9:5e:aa:
         82:6a:f8:c4:62:32:3e:25:c9:3d:2d:4a:33:3b:68:ee:d3:36:
         18:dc:a7:cf:65:28:d7:08:7b:8d:48:b7:61:24:3e:b9:d4:d8:
         bc:af:9b:a3:f3:b9:41:a1:83:e6:e8:c1:c6:2f:83:75:a6:7a:
         23:a2:aa:71:2c:84:cb:25:23:5a:88:6a:81:03:c5:ff:2b:77:
         d2:e1:16:ba:91:6a:f5:37:4e:76:57:94:50:c3:d9:2e:fc:57:
         44:9f:ee:13:a5:3d:22:8a:01:71:cd:b6:ad:30:79:0b:21:a2:
         ac:ef:9b:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeIz/GzP8i3249g9CFUIM6lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNjE5MTUzMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzFlN2NjYTFmOWQ0YWZkODk4MGYyMDVhMjYwZTZkYTA3N2U0NWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9grny7C/GFEMvQl5G9lJ3DJ8rx98
h6Z7q9a0N//pyWFl1AGMxC432NgCHLrGG5taAHzkeJGP0hjZ6Mp8DQsCCdHDErPI
RA6q/M0/Z8AEfgK70VesDYGSwKP1lKWCR/H48CJvXmhNxKsB4V1lDs5XyJkLycva
kUToZ9YgvCAXCwVg9cXFgmGVXJNmibN0kkW4qdUqbMI7M2HnAWFN6LFeb8wr+s8l
sReVkUgBnUcE90sBKyTXAYsTYYkneoJ8kl3r6Um1GGFVq6PSjYpio8NPUMdtDJ96
1Wg0zDOY84x9C19/6kvZwaUfMNnfu/xf0C9U5Tz53MYEEFP1G79/dC86dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcefMofnUr9iYDyBaJg5toHfkXuMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvZHg1OHloLWRTdjJKZ1BJRm9tRG0yZ2QtUmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo4MA0G
CSqGSIb3DQEBCwUAA4IBAQArPp0K4wFNHo2lhPYYPw3pkkhJByeyAYRapqXj1FGu
EXAtXBZgs+czpBzr1ZyrXSLZYt2gJfxbb6eE4g2oNlZIcE7pVwQ6n2/yvJDcWa11
kcB2vaswho8H4P9HtmwuBskMihAZmbA+pcK0yKXa8eoi8s+goHy5WdZqyeCtr7Sb
qwd7lKOSEsKWm0ye14X5XqqCavjEYjI+Jck9LUozO2ju0zYY3KfPZSjXCHuNSLdh
JD651Ni8r5uj87lBoYPm6MHGL4N1pnojoqpxLITLJSNaiGqBA8X/K3fS4Ra6kWr1
N052V5RQw9ku/FdEn+4TpT0iigFxzbatMHkLIaKs75uK
-----END CERTIFICATE-----