Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/ACVIepD657jPiW_u6k67KbAK8b8.roa
File:                     ACVIepD657jPiW_u6k67KbAK8b8.roa (raw, json)
Hash identifier:          FWhx57UCBz2/FNlRNx7bjOwL3VTN/tnnpA3Jw8wiIVk=
Subject key identifier:   00:25:48:7A:90:FA:E7:B8:CF:89:6F:EE:EA:4E:BB:29:B0:0A:F1:BF
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01993A1D3060DA6257AD87907257C77CA9A1
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/ACVIepD657jPiW_u6k67KbAK8b8.roa
Signing time:             Thu 11 Sep 2025 18:50:15 +0000
ROA not before:           Thu 11 Sep 2025 18:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        109.122.1.0/24 maxlen: 24
                          109.122.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 21:38:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3a:1d:30:60:da:62:57:ad:87:90:72:57:c7:7c:a9:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Sep 11 18:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0025487a90fae7b8cf896feeea4ebb29b00af1bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:07:1d:ec:a5:d5:e5:f6:0c:76:e9:dd:ad:ca:
                    48:10:51:ac:ae:a4:a0:17:ad:a2:e1:0a:7b:4b:29:
                    9d:e4:a0:73:b1:8c:2b:22:d2:e8:23:74:cb:f4:45:
                    77:8b:ec:12:ee:f4:84:ab:e5:bf:55:af:4e:ba:d0:
                    50:fb:a0:5e:13:cc:84:e5:81:1a:21:64:bf:fe:c0:
                    2a:8a:7a:94:e0:5d:14:9d:96:c2:04:c3:e8:c9:96:
                    96:16:71:5d:e0:c4:f5:2d:fb:bc:29:82:da:e5:24:
                    8d:12:d4:92:5a:8d:cc:55:ad:5e:c6:0c:86:28:29:
                    f4:b3:88:1e:1d:7b:a3:05:7e:d7:5c:d0:5d:e8:7f:
                    2b:fa:fe:8c:35:71:40:2d:93:d3:10:0f:1b:5a:9f:
                    67:a4:c5:c5:6f:e5:ed:05:cb:e3:4a:e4:fe:80:c7:
                    83:f5:ed:26:1c:79:13:38:8a:9c:b4:b9:5d:b3:d0:
                    a2:ee:12:44:13:0c:37:c8:e6:76:2c:47:05:39:a1:
                    e7:45:cc:26:82:fd:98:9a:8c:1c:5d:70:56:e1:ab:
                    41:c9:eb:1d:f0:02:95:53:01:d7:46:2e:9e:39:f8:
                    e4:1d:a3:78:4f:61:f2:93:77:fa:ab:25:4e:b6:7d:
                    0f:72:0a:fa:5c:22:37:10:8f:21:1b:b1:fd:23:bc:
                    dc:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:25:48:7A:90:FA:E7:B8:CF:89:6F:EE:EA:4E:BB:29:B0:0A:F1:BF
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/ACVIepD657jPiW_u6k67KbAK8b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.1.0/24
                  109.122.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:07:92:17:74:c9:1e:a4:9f:69:1c:4b:fb:a2:8a:36:80:0e:
         5a:ca:0d:7b:50:6d:2c:7e:4b:3b:88:e6:26:04:f7:8a:2e:bd:
         fc:fd:90:75:34:28:ff:8e:85:ba:14:c3:bd:15:14:a7:82:6d:
         9c:60:4e:63:32:eb:05:71:af:bd:fd:1b:b4:f5:49:f3:9e:75:
         e3:59:85:4c:0e:56:39:ea:6d:16:3a:ac:3c:42:de:90:32:52:
         71:ed:0b:00:c5:89:4e:81:79:00:3a:8c:40:af:88:68:68:ba:
         07:9e:30:44:08:5a:de:6e:43:b6:fc:ef:5d:88:f4:af:1a:a7:
         e7:f0:4b:a6:ec:1c:5c:93:6d:81:6d:cc:58:0a:3c:14:54:7c:
         0e:c5:23:e3:94:a6:1d:40:00:1f:44:be:e8:b3:3a:98:bc:75:
         9a:4b:c7:e3:b6:e9:87:bf:98:e3:9a:52:0a:3c:bf:7a:ba:2f:
         3e:e2:12:5d:4f:ac:f0:76:06:7d:e9:38:d7:d9:ec:aa:48:5b:
         08:66:75:f5:26:b7:31:78:d0:75:1e:85:d9:9f:cb:d6:43:71:
         6f:34:c8:53:9f:96:84:75:b6:16:eb:53:af:0c:b9:36:30:8a:
         f7:26:0f:81:d7:8b:02:e9:b2:16:3d:af:69:4a:10:21:c3:91:
         f0:0b:f4:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZk6HTBg2mJXrYeQclfHfKmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwOTExMTg1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDI1NDg3YTkwZmFlN2I4Y2Y4OTZmZWVlYTRlYmIyOWIwMGFmMWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgcd7KXV5fYMdundrcpIEFGsrqSg
F62i4Qp7Symd5KBzsYwrItLoI3TL9EV3i+wS7vSEq+W/Va9OutBQ+6BeE8yE5YEa
IWS//sAqinqU4F0UnZbCBMPoyZaWFnFd4MT1Lfu8KYLa5SSNEtSSWo3MVa1exgyG
KCn0s4geHXujBX7XXNBd6H8r+v6MNXFALZPTEA8bWp9npMXFb+XtBcvjSuT+gMeD
9e0mHHkTOIqctLlds9Ci7hJEEww3yOZ2LEcFOaHnRcwmgv2YmowcXXBW4atByesd
8AKVUwHXRi6eOfjkHaN4T2Hyk3f6qyVOtn0Pcgr6XCI3EI8hG7H9I7zc+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAAlSHqQ+ue4z4lv7upOuymwCvG/MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvQUNWSWVwRDY1N2pQaVdfdTZrNjdLYkFLOGI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXoBAwQA
bXoHMA0GCSqGSIb3DQEBCwUAA4IBAQBgB5IXdMkepJ9pHEv7ooo2gA5ayg17UG0s
fks7iOYmBPeKLr38/ZB1NCj/joW6FMO9FRSngm2cYE5jMusFca+9/Ru09UnznnXj
WYVMDlY56m0WOqw8Qt6QMlJx7QsAxYlOgXkAOoxAr4hoaLoHnjBECFrebkO2/O9d
iPSvGqfn8Eum7Bxck22BbcxYCjwUVHwOxSPjlKYdQAAfRL7oszqYvHWaS8fjtumH
v5jjmlIKPL96ui8+4hJdT6zwdgZ96TjX2eyqSFsIZnX1JrcxeNB1HoXZn8vWQ3Fv
NMhTn5aEdbYW61OvDLk2MIr3Jg+B14sC6bIWPa9pShAhw5HwC/TF
-----END CERTIFICATE-----