Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/2BvTXjgUGBdVazBl9R0rI8aVXH8.roa
File:                     2BvTXjgUGBdVazBl9R0rI8aVXH8.roa (raw, json)
Hash identifier:          LwQNYNCiZ0elUuLsbCnZidi2QzQA6CyvxS0RU9ud07I=
Subject key identifier:   D8:1B:D3:5E:38:14:18:17:55:6B:30:65:F5:1D:2B:23:C6:95:5C:7F
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       0197F4DBB41CD30F9E348DC29FCFBCF5DA97
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/2BvTXjgUGBdVazBl9R0rI8aVXH8.roa
Signing time:             Thu 10 Jul 2025 15:02:08 +0000
ROA not before:           Thu 10 Jul 2025 15:02:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     272073
IP address blocks:        109.122.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:db:b4:1c:d3:0f:9e:34:8d:c2:9f:cf:bc:f5:da:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 10 15:02:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d81bd35e38141817556b3065f51d2b23c6955c7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b5:e9:27:40:37:c8:21:d2:c0:c1:6e:1d:1a:
                    a5:39:49:0f:e5:a3:eb:3f:9d:f4:95:4d:49:9a:a4:
                    21:b8:58:cc:f8:ba:24:f4:98:9f:58:43:2b:ba:e9:
                    06:8a:6f:84:4a:8f:46:9d:c3:e7:1a:ff:70:c7:6e:
                    65:da:2e:ba:a9:af:b2:7d:0d:1a:18:84:f2:06:09:
                    dc:6e:c1:f2:85:53:97:c6:96:27:f3:95:d0:77:18:
                    78:35:9d:aa:db:9f:5a:dc:44:70:3a:68:07:bf:7f:
                    cd:4c:8d:ce:00:99:29:4c:18:65:44:98:53:89:33:
                    52:a6:e7:e4:b7:1f:24:f4:eb:ce:e8:52:65:11:5d:
                    76:1d:fd:91:82:43:8a:aa:b4:0e:6f:ef:ea:d6:22:
                    26:18:e5:b6:0e:49:bd:ed:eb:ff:ef:c4:c0:c0:3a:
                    e9:f1:55:a1:ef:55:dc:da:68:59:66:bd:4d:db:82:
                    ef:2b:57:42:ce:93:d6:d0:3b:1c:f2:b3:a3:e5:9a:
                    8b:38:42:5d:7b:a8:ad:7c:c5:48:97:c0:cd:80:7a:
                    30:48:96:28:b1:46:8a:7c:aa:e6:18:17:4c:97:b3:
                    72:19:ab:e4:f4:cd:59:60:f8:25:3a:38:48:52:ee:
                    7e:2d:97:a4:c9:30:c9:71:79:e0:23:d8:60:c2:4b:
                    76:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:1B:D3:5E:38:14:18:17:55:6B:30:65:F5:1D:2B:23:C6:95:5C:7F
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/2BvTXjgUGBdVazBl9R0rI8aVXH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:31:94:fa:bb:58:b9:16:0c:fc:e6:5c:be:96:80:60:7b:7e:
         51:14:d2:01:f8:09:69:27:47:7a:84:d9:d2:e6:80:5e:35:0e:
         76:08:c5:20:01:b7:45:c9:03:ec:6d:5a:71:4a:00:ab:64:71:
         66:85:dd:c2:49:2c:92:07:49:9d:cf:7d:ee:2d:ec:06:b1:68:
         3d:00:de:b9:d7:37:b7:22:f7:b8:a0:97:f7:65:02:04:79:57:
         e3:31:fb:d5:6b:6d:9a:d7:23:5d:31:60:c7:c3:ff:45:0d:22:
         51:df:d6:1f:14:94:a2:d5:87:1f:c6:b1:53:32:03:75:94:ed:
         c7:ed:b4:a1:1c:81:44:c3:2d:f0:30:a2:ac:e8:ef:bf:9d:31:
         f8:4b:1d:11:29:a6:55:72:a7:28:df:86:6a:e0:51:04:43:58:
         ac:0c:a7:9e:aa:d6:f5:f9:33:bd:ce:c1:6b:4e:00:03:9e:fa:
         76:5c:14:89:af:24:c9:6d:d2:50:f2:d0:05:8e:3d:66:53:c5:
         d9:35:dc:78:54:45:b3:53:3e:46:6e:b0:8c:e9:c9:db:70:72:
         a5:d5:17:aa:3e:59:43:a5:e2:8a:9e:9a:01:44:b3:94:f4:85:
         f8:30:45:1b:d8:24:69:30:2e:08:62:02:0a:de:c1:b4:18:29:
         0c:4c:ca:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf027Qc0w+eNI3Cn8+89dqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzEwMTUwMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODFiZDM1ZTM4MTQxODE3NTU2YjMwNjVmNTFkMmIyM2M2OTU1YzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLXpJ0A3yCHSwMFuHRqlOUkP5aPr
P530lU1JmqQhuFjM+Lok9JifWEMruukGim+ESo9GncPnGv9wx25l2i66qa+yfQ0a
GITyBgncbsHyhVOXxpYn85XQdxh4NZ2q259a3ERwOmgHv3/NTI3OAJkpTBhlRJhT
iTNSpufktx8k9OvO6FJlEV12Hf2RgkOKqrQOb+/q1iImGOW2Dkm97ev/78TAwDrp
8VWh71Xc2mhZZr1N24LvK1dCzpPW0Dsc8rOj5ZqLOEJde6itfMVIl8DNgHowSJYo
sUaKfKrmGBdMl7NyGavk9M1ZYPglOjhIUu5+LZekyTDJcXngI9hgwkt23wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgb0144FBgXVWswZfUdKyPGlVx/MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvMkJ2VFhqZ1VHQmRWYXpCbDlSMHJJOGFWWEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoRMA0G
CSqGSIb3DQEBCwUAA4IBAQBUMZT6u1i5Fgz85ly+loBge35RFNIB+AlpJ0d6hNnS
5oBeNQ52CMUgAbdFyQPsbVpxSgCrZHFmhd3CSSySB0mdz33uLewGsWg9AN651ze3
Ive4oJf3ZQIEeVfjMfvVa22a1yNdMWDHw/9FDSJR39YfFJSi1YcfxrFTMgN1lO3H
7bShHIFEwy3wMKKs6O+/nTH4Sx0RKaZVcqco34Zq4FEEQ1isDKeeqtb1+TO9zsFr
TgADnvp2XBSJryTJbdJQ8tAFjj1mU8XZNdx4VEWzUz5GbrCM6cnbcHKl1ReqPllD
peKKnpoBRLOU9IX4MEUb2CRpMC4IYgIK3sG0GCkMTMoi
-----END CERTIFICATE-----