Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/X6xPCrsCRLv8UOVS5VxXAE6UASo.roa
File:                     X6xPCrsCRLv8UOVS5VxXAE6UASo.roa (raw, json)
Hash identifier:          5O8R+cyaD02PpvW0wsU6knZYGeeWEYH6jAmBJ7+mB2w=
Subject key identifier:   5F:AC:4F:0A:BB:02:44:BB:FC:50:E5:52:E5:5C:57:00:4E:94:01:2A
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01981EEF245AC497A1FD72EC538A445F3531
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/X6xPCrsCRLv8UOVS5VxXAE6UASo.roa
Signing time:             Fri 18 Jul 2025 19:07:25 +0000
ROA not before:           Fri 18 Jul 2025 19:07:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206286
IP address blocks:        109.122.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1e:ef:24:5a:c4:97:a1:fd:72:ec:53:8a:44:5f:35:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 18 19:07:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fac4f0abb0244bbfc50e552e55c57004e94012a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:1a:6b:42:9f:f4:8e:ab:fc:d2:6c:85:b4:54:
                    13:35:57:43:d9:a6:62:3f:7f:2d:cf:40:f0:c3:5a:
                    a2:b5:c8:ed:4f:22:a1:f6:1b:da:96:24:5f:34:94:
                    b4:ec:0c:ff:44:d5:f3:ae:12:a9:9f:6a:07:e3:fb:
                    4a:68:3c:5e:e7:69:f1:5a:50:50:27:85:e1:3a:9e:
                    63:6d:f5:9a:4a:2a:a5:ca:02:09:97:62:58:c2:38:
                    8f:40:0d:fb:c5:e6:62:5b:0c:54:53:6a:a2:c0:38:
                    05:11:ec:ae:88:51:50:a8:d1:ff:4b:69:55:66:17:
                    d4:ff:21:cf:a2:3c:70:9c:f5:93:30:fa:1c:5e:3e:
                    30:12:5e:7e:06:76:00:b1:0a:a6:51:11:ac:7f:6e:
                    01:6e:ba:92:ec:2a:16:13:b4:6b:d3:85:2b:fc:32:
                    64:f3:30:d8:ad:28:e0:34:27:f8:f2:ee:26:e5:3e:
                    6b:6d:14:1d:bb:d3:43:51:16:11:53:10:04:4e:64:
                    32:30:a9:e9:ab:38:f6:35:33:c5:51:3e:4c:ad:c5:
                    1a:f2:9c:de:a6:77:a6:4b:c9:f9:74:29:4e:aa:b4:
                    93:f4:7d:4d:79:28:64:4d:04:cf:e7:1e:1f:2c:85:
                    28:7f:87:da:49:34:82:7f:a1:8c:5c:34:9b:2a:db:
                    ba:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:AC:4F:0A:BB:02:44:BB:FC:50:E5:52:E5:5C:57:00:4E:94:01:2A
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/X6xPCrsCRLv8UOVS5VxXAE6UASo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:c1:b9:be:f9:ff:9d:33:fb:27:b2:11:8d:ad:13:04:7d:2e:
         75:39:d1:f5:f4:36:a5:09:f4:07:be:dc:d9:48:a5:63:60:1e:
         37:1f:ec:cd:a6:e9:30:5a:26:df:fb:41:03:e9:a5:85:94:6b:
         81:86:fe:2c:08:33:f1:2c:3e:c5:59:b4:82:51:5c:36:53:c6:
         2e:ae:1d:31:92:1a:5d:3b:69:bb:9a:a7:d6:12:27:a4:a7:e6:
         46:04:c3:07:dd:98:65:c6:66:58:3a:46:39:90:a0:17:4f:48:
         27:8c:41:23:e1:c5:c0:81:e5:01:24:54:ed:c2:e2:cc:43:34:
         9c:7c:e6:8f:1e:76:02:70:c9:ec:4e:42:9a:69:3a:bb:12:3e:
         10:6c:c8:45:e0:ab:31:4b:d4:2b:64:76:7c:98:53:e3:7b:8c:
         87:a3:3c:4b:f1:c5:cc:99:d8:39:fe:53:03:1d:a2:86:29:0a:
         e6:c3:f5:fd:f5:ef:c5:99:d8:1f:0c:8f:c0:e5:f6:0e:32:05:
         84:7a:7b:8d:be:cc:dd:af:cf:f6:3d:d5:5c:33:00:e6:8b:46:
         9c:d2:b1:ef:61:a8:4d:ee:28:08:63:b0:2d:a0:6c:02:70:87:
         cb:5d:00:2f:4a:30:48:92:17:6e:c1:b5:6d:a3:18:96:7d:26:
         b5:b9:bf:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZge7yRaxJeh/XLsU4pEXzUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzE4MTkwNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmFjNGYwYWJiMDI0NGJiZmM1MGU1NTJlNTVjNTcwMDRlOTQwMTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BprQp/0jqv80myFtFQTNVdD2aZi
P38tz0Dww1qitcjtTyKh9hvaliRfNJS07Az/RNXzrhKpn2oH4/tKaDxe52nxWlBQ
J4XhOp5jbfWaSiqlygIJl2JYwjiPQA37xeZiWwxUU2qiwDgFEeyuiFFQqNH/S2lV
ZhfU/yHPojxwnPWTMPocXj4wEl5+BnYAsQqmURGsf24BbrqS7CoWE7Rr04Ur/DJk
8zDYrSjgNCf48u4m5T5rbRQdu9NDURYRUxAETmQyMKnpqzj2NTPFUT5MrcUa8pze
pnemS8n5dClOqrST9H1NeShkTQTP5x4fLIUof4faSTSCf6GMXDSbKtu6AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+sTwq7AkS7/FDlUuVcVwBOlAEqMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvWDZ4UENyc0NSTHY4VU9WUzVWeFhBRTZVQVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoQMA0G
CSqGSIb3DQEBCwUAA4IBAQB+wbm++f+dM/snshGNrRMEfS51OdH19DalCfQHvtzZ
SKVjYB43H+zNpukwWibf+0ED6aWFlGuBhv4sCDPxLD7FWbSCUVw2U8Yurh0xkhpd
O2m7mqfWEiekp+ZGBMMH3ZhlxmZYOkY5kKAXT0gnjEEj4cXAgeUBJFTtwuLMQzSc
fOaPHnYCcMnsTkKaaTq7Ej4QbMhF4KsxS9QrZHZ8mFPje4yHozxL8cXMmdg5/lMD
HaKGKQrmw/X99e/FmdgfDI/A5fYOMgWEenuNvszdr8/2PdVcMwDmi0ac0rHvYahN
7igIY7AtoGwCcIfLXQAvSjBIkhduwbVtoxiWfSa1ub/I
-----END CERTIFICATE-----