Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/iN8iGmO4CUNsbBhQHu3VPVJZ8Os.roa
File:                     iN8iGmO4CUNsbBhQHu3VPVJZ8Os.roa (raw, json)
Hash identifier:          Y3/Eyl4m4tujfRwZvVCkNud1HcodiucVo0kO5nOkMj0=
Subject key identifier:   88:DF:22:1A:63:B8:09:43:6C:6C:18:50:1E:ED:D5:3D:52:59:F0:EB
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       0197F4DACD1785BED7B61C65E13841D4FC52
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/iN8iGmO4CUNsbBhQHu3VPVJZ8Os.roa
Signing time:             Thu 10 Jul 2025 15:01:09 +0000
ROA not before:           Thu 10 Jul 2025 15:01:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25693
IP address blocks:        109.122.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:da:cd:17:85:be:d7:b6:1c:65:e1:38:41:d4:fc:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 10 15:01:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88df221a63b809436c6c18501eedd53d5259f0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:78:86:87:1f:81:84:d3:ea:25:e6:f6:c8:36:
                    e0:df:60:33:9f:76:59:bc:59:90:dd:17:32:9f:8c:
                    30:f1:47:8a:41:59:b0:3d:4a:cf:4d:36:46:e1:3c:
                    c4:17:83:f9:d1:83:d9:54:b2:26:c7:df:77:8a:23:
                    73:d3:48:aa:cf:bf:7b:43:26:f8:9b:16:82:1d:3b:
                    bd:69:e4:6b:db:21:99:aa:a1:a0:d8:a0:31:3d:5a:
                    e6:97:97:7d:d5:2d:81:63:b7:8e:17:ce:66:28:fa:
                    31:37:dc:90:0f:00:12:73:79:d9:53:d9:a7:aa:c6:
                    77:b2:1c:e1:04:49:ae:df:ee:7c:11:a3:ca:ba:64:
                    10:66:2e:15:bc:4f:da:09:0d:2a:02:ac:49:d8:8f:
                    47:e0:65:48:60:3a:24:5b:b9:60:b1:6b:88:51:01:
                    8e:b3:6f:2b:b6:1a:7d:e6:f5:09:39:7b:3d:9a:c2:
                    02:82:0c:3f:cd:89:be:57:c7:c6:1b:ed:50:60:49:
                    ff:c9:32:cb:90:db:1a:ce:58:76:8f:86:b2:c5:36:
                    92:4c:60:9e:18:46:d5:2c:0c:f7:12:d9:32:c2:00:
                    27:b9:90:36:5d:7e:c4:aa:d9:2d:56:c9:a9:7d:ff:
                    3c:73:20:68:73:fd:ad:f6:12:99:d9:e6:74:9c:5d:
                    b8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:DF:22:1A:63:B8:09:43:6C:6C:18:50:1E:ED:D5:3D:52:59:F0:EB
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/iN8iGmO4CUNsbBhQHu3VPVJZ8Os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:75:95:42:07:10:18:15:6e:49:f0:3a:32:93:31:3f:ea:81:
         9f:12:20:70:17:2a:e5:ff:f7:a4:46:6a:8b:16:41:1a:18:44:
         d3:e5:7c:6c:89:4d:fb:20:f0:33:89:1b:1d:ad:83:20:51:ce:
         f3:32:a0:3f:72:51:43:44:f4:93:fa:08:08:1d:f9:bc:e2:7b:
         82:45:24:46:ce:3e:d5:b3:01:5f:69:de:04:a1:c7:d4:c3:d9:
         bd:d4:d1:f4:70:d4:c1:af:2e:9e:de:6c:97:d9:a7:b1:64:e4:
         53:a4:58:03:a9:ab:31:62:72:ae:c4:05:90:5e:f8:03:ab:a4:
         4f:a0:39:41:89:8e:0b:22:b0:26:17:1f:cb:6d:5b:4c:48:86:
         08:53:d2:b1:39:69:da:cb:cd:d9:b0:be:99:6c:51:60:b8:01:
         f5:ef:5a:16:20:ec:f4:cc:77:ad:f4:27:5d:6e:3b:ab:39:9e:
         79:72:37:7e:b5:a9:d4:ca:6f:1f:2b:35:20:e0:38:f5:91:a9:
         4c:88:09:9c:51:41:11:f3:65:75:94:84:cb:1e:61:1d:c5:b3:
         3f:f6:78:8b:53:bf:bb:24:68:a4:4c:95:3d:50:40:4b:a0:54:
         aa:98:a7:db:a3:9f:32:f1:56:43:a9:77:77:ec:ac:25:0d:ba:
         0e:da:95:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf02s0Xhb7Xthxl4ThB1PxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzEwMTUwMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGRmMjIxYTYzYjgwOTQzNmM2YzE4NTAxZWVkZDUzZDUyNTlmMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXiGhx+BhNPqJeb2yDbg32Azn3ZZ
vFmQ3Rcyn4ww8UeKQVmwPUrPTTZG4TzEF4P50YPZVLImx993iiNz00iqz797Qyb4
mxaCHTu9aeRr2yGZqqGg2KAxPVrml5d91S2BY7eOF85mKPoxN9yQDwASc3nZU9mn
qsZ3shzhBEmu3+58EaPKumQQZi4VvE/aCQ0qAqxJ2I9H4GVIYDokW7lgsWuIUQGO
s28rthp95vUJOXs9msICggw/zYm+V8fGG+1QYEn/yTLLkNsazlh2j4ayxTaSTGCe
GEbVLAz3EtkywgAnuZA2XX7EqtktVsmpff88cyBoc/2t9hKZ2eZ0nF24TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjfIhpjuAlDbGwYUB7t1T1SWfDrMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvaU44aUdtTzRDVU5zYkJoUUh1M1ZQVkpaOE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoWMA0G
CSqGSIb3DQEBCwUAA4IBAQCGdZVCBxAYFW5J8DoykzE/6oGfEiBwFyrl//ekRmqL
FkEaGETT5XxsiU37IPAziRsdrYMgUc7zMqA/clFDRPST+ggIHfm84nuCRSRGzj7V
swFfad4EocfUw9m91NH0cNTBry6e3myX2aexZORTpFgDqasxYnKuxAWQXvgDq6RP
oDlBiY4LIrAmFx/LbVtMSIYIU9KxOWnay83ZsL6ZbFFguAH171oWIOz0zHet9Cdd
bjurOZ55cjd+tanUym8fKzUg4Dj1kalMiAmcUUER82V1lITLHmEdxbM/9niLU7+7
JGikTJU9UEBLoFSqmKfbo58y8VZDqXd37KwlDboO2pX1
-----END CERTIFICATE-----