Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/eB3_FWyuaRlwtC-fwomSg1pW2SU.roa
File:                     eB3_FWyuaRlwtC-fwomSg1pW2SU.roa (raw, json)
Hash identifier:          81tvY6XHAuPGw+5Mmzs5VCzNJy5IiOHv4ARyzixXWMU=
Subject key identifier:   78:1D:FF:15:6C:AE:69:19:70:B4:2F:9F:C2:89:92:83:5A:56:D9:25
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       0197EF1436AA0B10D2F228010F7C6B699F24
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/eB3_FWyuaRlwtC-fwomSg1pW2SU.roa
Signing time:             Wed 09 Jul 2025 12:06:08 +0000
ROA not before:           Wed 09 Jul 2025 12:06:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214546
IP address blocks:        109.122.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ef:14:36:aa:0b:10:d2:f2:28:01:0f:7c:6b:69:9f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul  9 12:06:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=781dff156cae691970b42f9fc28992835a56d925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2e:e3:89:e9:2c:8d:27:57:2b:e3:83:77:10:
                    fb:aa:36:d2:f5:ca:84:ee:57:0d:7e:ab:75:ba:21:
                    f3:75:f3:c6:32:18:09:c2:41:69:46:09:b5:7a:8f:
                    10:af:31:08:8c:24:78:d6:17:49:fa:25:c2:b9:54:
                    cf:06:d9:14:20:7a:b7:11:40:1c:35:97:37:87:0b:
                    6f:a0:49:6e:ef:54:43:ee:e5:2a:f8:07:50:47:86:
                    eb:00:84:0c:95:bf:47:71:32:8e:20:8f:69:65:0d:
                    71:64:17:41:c1:e0:85:b0:0e:0b:3e:88:f9:cb:ef:
                    ed:a4:fa:91:8e:16:84:f3:34:f1:91:fb:e2:2b:29:
                    27:3c:6b:c2:61:07:67:e3:6c:c9:3d:2f:b0:d4:c3:
                    3b:d1:83:92:ea:51:2f:66:0a:de:ff:c4:d0:c0:3e:
                    e1:98:84:f5:cc:56:8e:82:ab:5b:b6:dd:1b:7e:46:
                    51:d2:4e:6d:3c:39:a3:3b:81:22:8d:53:74:ef:df:
                    94:83:bf:d4:09:8e:5f:b3:5d:c6:b6:be:51:36:db:
                    80:bf:ce:a4:40:bb:1b:ab:80:49:03:d5:c1:99:94:
                    92:48:68:e4:5a:2e:04:7f:e3:9a:98:0b:1e:5a:31:
                    84:3e:1e:ab:20:cf:9c:b2:91:8e:d0:24:19:37:32:
                    fb:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:1D:FF:15:6C:AE:69:19:70:B4:2F:9F:C2:89:92:83:5A:56:D9:25
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/eB3_FWyuaRlwtC-fwomSg1pW2SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:2f:f3:3a:fb:dc:b4:d7:ed:71:44:06:1d:e8:5c:3e:c9:c7:
         18:e3:8d:f3:a7:fc:bc:69:37:92:8e:84:a1:98:53:ce:60:08:
         dc:9e:2a:62:d1:8c:6c:a8:27:6a:6a:b2:a2:79:e2:3f:d3:57:
         fc:e0:8a:d4:7a:09:42:53:c4:ba:7f:e6:5b:d6:ee:31:4b:fd:
         2b:c6:c6:d3:cb:02:c4:a6:50:1e:a6:66:d0:d2:6b:26:43:0f:
         8e:97:11:41:37:62:04:2e:ab:7c:92:fe:8a:43:28:7d:1e:49:
         9e:42:b2:4a:7b:0a:99:6a:44:cc:f0:b7:ec:1b:c4:e3:e4:7f:
         39:c9:64:d2:f1:09:bb:6f:51:d6:b7:00:af:e7:c5:5a:b9:84:
         c0:06:ed:85:d3:55:fb:a4:99:df:28:35:8e:2b:bb:d8:e7:51:
         0b:a4:26:7f:15:23:57:e8:b4:09:bf:64:b2:17:36:e7:dc:27:
         d9:3d:23:a6:67:72:75:e0:c2:1d:21:d0:0c:77:9a:72:66:b7:
         be:bd:4c:1f:a8:1e:2b:72:3a:3c:e9:04:3a:da:50:24:82:96:
         c4:df:8a:a3:75:cd:c6:ad:4e:6c:5e:e6:2c:08:f3:c9:0d:b6:
         bc:83:ba:a8:3c:ac:bd:a1:4e:86:51:8d:1f:f2:73:cf:17:4e:
         47:46:c6:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfvFDaqCxDS8igBD3xraZ8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzA5MTIwNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODFkZmYxNTZjYWU2OTE5NzBiNDJmOWZjMjg5OTI4MzVhNTZkOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvC7jieksjSdXK+ODdxD7qjbS9cqE
7lcNfqt1uiHzdfPGMhgJwkFpRgm1eo8QrzEIjCR41hdJ+iXCuVTPBtkUIHq3EUAc
NZc3hwtvoElu71RD7uUq+AdQR4brAIQMlb9HcTKOII9pZQ1xZBdBweCFsA4LPoj5
y+/tpPqRjhaE8zTxkfviKyknPGvCYQdn42zJPS+w1MM70YOS6lEvZgre/8TQwD7h
mIT1zFaOgqtbtt0bfkZR0k5tPDmjO4EijVN079+Ug7/UCY5fs13Gtr5RNtuAv86k
QLsbq4BJA9XBmZSSSGjkWi4Ef+OamAseWjGEPh6rIM+cspGO0CQZNzL77wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgd/xVsrmkZcLQvn8KJkoNaVtklMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvZUIzX0ZXeXVhUmx3dEMtZndvbVNnMXBXMlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXocMA0G
CSqGSIb3DQEBCwUAA4IBAQBoL/M6+9y01+1xRAYd6Fw+yccY443zp/y8aTeSjoSh
mFPOYAjcnipi0YxsqCdqarKieeI/01f84IrUeglCU8S6f+Zb1u4xS/0rxsbTywLE
plAepmbQ0msmQw+OlxFBN2IELqt8kv6KQyh9HkmeQrJKewqZakTM8LfsG8Tj5H85
yWTS8Qm7b1HWtwCv58VauYTABu2F01X7pJnfKDWOK7vY51ELpCZ/FSNX6LQJv2Sy
Fzbn3CfZPSOmZ3J14MIdIdAMd5pyZre+vUwfqB4rcjo86QQ62lAkgpbE34qjdc3G
rU5sXuYsCPPJDba8g7qoPKy9oU6GUY0f8nPPF05HRsbJ
-----END CERTIFICATE-----