Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/eipG1cFfCbtcmyeYg-afk6QQXCc.roa
File:                     eipG1cFfCbtcmyeYg-afk6QQXCc.roa (raw, json)
Hash identifier:          wzLWtbuK9fwc8okwovVPLb0fDJAOFKSCTS0vnEi6LYU=
Subject key identifier:   7A:2A:46:D5:C1:5F:09:BB:5C:9B:27:98:83:E6:9F:93:A4:10:5C:27
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01980A4B60872CE5153E74FB84222DA2E483
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/eipG1cFfCbtcmyeYg-afk6QQXCc.roa
Signing time:             Mon 14 Jul 2025 18:56:08 +0000
ROA not before:           Mon 14 Jul 2025 18:56:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214208
IP address blocks:        109.122.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 18:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0a:4b:60:87:2c:e5:15:3e:74:fb:84:22:2d:a2:e4:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 14 18:56:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a2a46d5c15f09bb5c9b279883e69f93a4105c27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:95:ae:22:29:57:f6:e6:d0:6d:ba:32:cb:46:
                    7a:8b:91:aa:a0:87:37:57:9c:e7:b4:c1:44:2f:f0:
                    62:61:ba:6a:cd:6f:e6:42:d4:68:a7:03:11:e1:f6:
                    73:79:e8:e1:fa:2a:21:99:02:d0:ca:29:1d:1b:d3:
                    88:39:93:b0:cd:de:b7:d6:46:97:6a:bd:f2:98:fc:
                    2f:51:3f:8f:f9:48:38:bd:d1:1f:3b:e6:52:cd:c8:
                    c3:6e:0b:02:bc:37:61:50:ae:1b:fa:46:67:2d:26:
                    d1:07:34:6c:7a:45:33:8a:c6:61:61:a5:37:99:17:
                    ab:21:fc:4e:e0:9e:de:01:c7:4a:aa:22:d5:f8:e9:
                    c3:c4:2f:f5:c2:38:4c:85:91:c8:b8:aa:91:c4:8a:
                    5d:f6:82:77:cc:5d:ea:bf:b4:8e:68:62:58:51:4a:
                    8e:79:89:e0:e5:d9:2e:ec:a6:25:22:42:f4:bd:f1:
                    21:1c:1b:9b:23:9f:88:24:b5:f9:54:7a:c0:b7:1c:
                    2e:24:48:ff:44:e2:72:06:f1:3b:9a:8e:20:b8:3d:
                    41:cf:81:71:d5:d8:0d:2c:65:b3:64:44:72:8a:54:
                    94:62:4f:ff:4d:58:64:5d:6b:a9:a6:da:a1:a4:af:
                    f6:5d:61:dd:e2:b6:d3:36:c5:78:9a:97:18:f7:b7:
                    71:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:2A:46:D5:C1:5F:09:BB:5C:9B:27:98:83:E6:9F:93:A4:10:5C:27
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/eipG1cFfCbtcmyeYg-afk6QQXCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:38:63:f4:30:57:a1:ec:f1:26:71:82:4c:e3:fd:56:2e:7f:
         78:a6:c5:98:d2:b7:b4:01:c5:4b:45:3a:bf:49:f2:dd:f1:20:
         19:13:92:6a:ed:85:e9:26:73:74:47:46:6f:70:6b:50:5c:13:
         4b:98:8d:fb:9c:37:c2:ec:f8:b6:9c:92:a6:f9:f4:36:44:7e:
         64:a3:bd:31:2c:e2:9b:56:8e:45:63:7a:ba:f2:57:5d:a3:90:
         02:66:50:3a:81:be:1d:2a:b0:a6:e5:bc:49:4b:18:38:d1:70:
         ec:21:12:df:fb:db:73:77:4a:c9:62:70:2c:52:5c:a9:9f:36:
         64:58:7a:44:97:a3:5c:b1:2e:d1:35:7c:e0:02:7c:94:61:f3:
         28:7f:7a:6b:9c:9e:74:b2:4a:35:2b:74:4a:e1:42:a6:0b:6a:
         ff:60:7e:13:d7:1b:03:56:9c:02:03:0f:ff:a4:27:12:45:6e:
         56:33:c7:f0:eb:23:e4:e4:1e:0e:fb:5c:12:63:5d:a8:59:1d:
         d4:72:1a:bb:e8:a0:8d:36:28:85:8f:ac:1e:ff:d9:ee:53:58:
         8c:3e:b1:67:4a:11:4c:48:53:ae:f7:c4:e7:89:5b:41:88:db:
         99:ee:21:68:81:c1:26:17:74:18:dd:fa:4a:35:66:4a:1f:69:
         0d:aa:b4:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgKS2CHLOUVPnT7hCItouSDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzE0MTg1NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTJhNDZkNWMxNWYwOWJiNWM5YjI3OTg4M2U2OWY5M2E0MTA1YzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJWuIilX9ubQbboyy0Z6i5GqoIc3
V5zntMFEL/BiYbpqzW/mQtRopwMR4fZzeejh+iohmQLQyikdG9OIOZOwzd631kaX
ar3ymPwvUT+P+Ug4vdEfO+ZSzcjDbgsCvDdhUK4b+kZnLSbRBzRsekUzisZhYaU3
mRerIfxO4J7eAcdKqiLV+OnDxC/1wjhMhZHIuKqRxIpd9oJ3zF3qv7SOaGJYUUqO
eYng5dku7KYlIkL0vfEhHBubI5+IJLX5VHrAtxwuJEj/ROJyBvE7mo4guD1Bz4Fx
1dgNLGWzZERyilSUYk//TVhkXWupptqhpK/2XWHd4rbTNsV4mpcY97dxbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoqRtXBXwm7XJsnmIPmn5OkEFwnMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvZWlwRzFjRmZDYnRjbXllWWctYWZrNlFRWENjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoTMA0G
CSqGSIb3DQEBCwUAA4IBAQB0OGP0MFeh7PEmcYJM4/1WLn94psWY0re0AcVLRTq/
SfLd8SAZE5Jq7YXpJnN0R0ZvcGtQXBNLmI37nDfC7Pi2nJKm+fQ2RH5ko70xLOKb
Vo5FY3q68lddo5ACZlA6gb4dKrCm5bxJSxg40XDsIRLf+9tzd0rJYnAsUlypnzZk
WHpEl6NcsS7RNXzgAnyUYfMof3prnJ50sko1K3RK4UKmC2r/YH4T1xsDVpwCAw//
pCcSRW5WM8fw6yPk5B4O+1wSY12oWR3Uchq76KCNNiiFj6we/9nuU1iMPrFnShFM
SFOu98TniVtBiNuZ7iFogcEmF3QY3fpKNWZKH2kNqrRM
-----END CERTIFICATE-----