Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/RKnIbaV6UL_9ANWtNqGZZQu3yts.roa
File:                     RKnIbaV6UL_9ANWtNqGZZQu3yts.roa (raw, json)
Hash identifier:          jyYhVILnHC5qMnxjfXjvdXIkELevKM9iXOHgHKyLBGQ=
Subject key identifier:   44:A9:C8:6D:A5:7A:50:BF:FD:00:D5:AD:36:A1:99:65:0B:B7:CA:DB
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0197BB87673416D83221AE725C13DA1F9A4B
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/RKnIbaV6UL_9ANWtNqGZZQu3yts.roa
Signing time:             Sun 29 Jun 2025 11:51:42 +0000
ROA not before:           Sun 29 Jun 2025 11:51:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208264
IP address blocks:        109.122.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bb:87:67:34:16:d8:32:21:ae:72:5c:13:da:1f:9a:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jun 29 11:51:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44a9c86da57a50bffd00d5ad36a199650bb7cadb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:90:df:37:5c:cd:99:83:4f:a3:9b:55:28:99:
                    9e:ff:34:86:41:d8:51:be:16:b9:a3:a1:ab:a1:16:
                    b1:0b:c6:46:b6:e7:ec:99:ff:1a:c4:01:d7:9e:b3:
                    37:29:27:05:30:ff:26:23:92:f5:e8:3d:35:c2:cd:
                    42:97:32:31:6a:1c:1a:11:14:fd:50:67:1e:23:40:
                    e6:d6:5a:1b:d9:57:c7:a7:a4:ce:8c:9e:d3:a0:d6:
                    58:2c:dd:4e:c8:bc:f9:02:14:75:3c:09:8f:e6:2b:
                    dd:8c:36:f1:fe:d7:a7:1e:c2:85:60:7e:8f:ea:76:
                    43:86:b6:e0:b9:27:0c:cc:71:7d:17:fe:17:14:74:
                    5d:9a:ff:c0:53:cf:a4:89:e1:a6:f7:34:5b:08:bf:
                    c3:d1:40:fa:4a:d8:80:f1:aa:57:f2:dc:77:66:87:
                    ca:59:2d:6d:4f:16:e9:ca:af:5b:38:53:85:68:3f:
                    9d:1a:c3:c5:55:b0:ee:c6:1a:43:f3:a3:f9:36:a1:
                    12:91:ff:9b:93:6e:59:26:72:78:43:ea:7a:99:98:
                    b7:3b:3f:7b:91:27:c2:c4:28:90:0d:f5:3b:fa:d6:
                    5c:93:8c:4b:ba:f8:7d:e6:49:2a:8f:17:2c:bd:9b:
                    7f:47:c6:42:ce:7e:52:f5:01:34:16:26:bd:20:e7:
                    e3:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A9:C8:6D:A5:7A:50:BF:FD:00:D5:AD:36:A1:99:65:0B:B7:CA:DB
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/RKnIbaV6UL_9ANWtNqGZZQu3yts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:da:d8:45:95:2c:7a:e9:30:ae:55:57:90:5a:2f:9c:b8:20:
         40:63:6a:07:9c:1b:25:b0:ad:2e:f2:1b:af:30:e3:58:99:43:
         58:f0:a4:d2:07:58:ae:94:90:87:5d:d1:7d:14:34:d9:5e:24:
         01:cd:c3:50:fc:83:f8:5e:e5:77:b0:de:a2:36:4f:50:2b:55:
         42:94:45:79:12:98:5c:93:22:dc:e1:d0:91:6a:49:d8:c6:dc:
         89:19:27:dd:d8:0c:c7:2b:69:51:d7:7b:88:5b:02:f9:71:c6:
         9f:af:65:0f:ed:f2:cd:ab:36:a0:54:e0:5b:c4:00:0b:76:df:
         f7:0a:e8:e1:00:b1:d8:24:e3:0c:f8:b4:6e:a4:63:a2:3c:85:
         f9:9d:91:ac:c5:8f:31:6b:b3:a9:70:a4:a3:5c:5a:fc:0b:94:
         76:da:0f:bb:7b:73:cb:28:a3:a5:c8:cf:79:05:0b:20:0d:22:
         7e:e1:c1:1c:0c:05:f5:19:35:00:27:53:ad:6b:c5:43:2a:42:
         de:b3:44:2b:fc:e8:e9:3f:ef:a4:98:bb:c8:3d:0b:09:0b:15:
         8b:73:34:0b:54:4a:d1:d4:40:b3:88:c5:d7:a9:00:5b:4c:11:
         20:89:d2:2a:0c:15:a5:e7:f4:b8:32:d7:16:fe:85:24:17:8d:
         a2:b1:19:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe7h2c0FtgyIa5yXBPaH5pLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNjI5MTE1MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGE5Yzg2ZGE1N2E1MGJmZmQwMGQ1YWQzNmExOTk2NTBiYjdjYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJDfN1zNmYNPo5tVKJme/zSGQdhR
vha5o6GroRaxC8ZGtufsmf8axAHXnrM3KScFMP8mI5L16D01ws1ClzIxahwaERT9
UGceI0Dm1lob2VfHp6TOjJ7ToNZYLN1OyLz5AhR1PAmP5ivdjDbx/tenHsKFYH6P
6nZDhrbguScMzHF9F/4XFHRdmv/AU8+kieGm9zRbCL/D0UD6StiA8apX8tx3ZofK
WS1tTxbpyq9bOFOFaD+dGsPFVbDuxhpD86P5NqESkf+bk25ZJnJ4Q+p6mZi3Oz97
kSfCxCiQDfU7+tZck4xLuvh95kkqjxcsvZt/R8ZCzn5S9QE0Fia9IOfjowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESpyG2lelC//QDVrTahmWULt8rbMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvUktuSWJhVjZVTF85QU5XdE5xR1paUXUzeXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXr1MA0G
CSqGSIb3DQEBCwUAA4IBAQBy2thFlSx66TCuVVeQWi+cuCBAY2oHnBslsK0u8huv
MONYmUNY8KTSB1iulJCHXdF9FDTZXiQBzcNQ/IP4XuV3sN6iNk9QK1VClEV5Ephc
kyLc4dCRaknYxtyJGSfd2AzHK2lR13uIWwL5ccafr2UP7fLNqzagVOBbxAALdt/3
CujhALHYJOMM+LRupGOiPIX5nZGsxY8xa7OpcKSjXFr8C5R22g+7e3PLKKOlyM95
BQsgDSJ+4cEcDAX1GTUAJ1Ota8VDKkLes0Qr/OjpP++kmLvIPQsJCxWLczQLVErR
1ECziMXXqQBbTBEgidIqDBWl5/S4MtcW/oUkF42isRmC
-----END CERTIFICATE-----