Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/LwsXsShfNaTUMaTD3d8LweOhsbY.roa
File:                     LwsXsShfNaTUMaTD3d8LweOhsbY.roa (raw, json)
Hash identifier:          6idSx9PZHrvFrf6f71TgyN5Nbwt47VoxtgQTjgThRm8=
Subject key identifier:   2F:0B:17:B1:28:5F:35:A4:D4:31:A4:C3:DD:DF:0B:C1:E3:A1:B1:B6
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019994FC8B82988069EC25000500D761D157
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/LwsXsShfNaTUMaTD3d8LweOhsbY.roa
Signing time:             Mon 29 Sep 2025 10:20:02 +0000
ROA not before:           Mon 29 Sep 2025 10:20:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        109.122.10.0/24 maxlen: 24
                          109.122.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Oct 2025 23:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:fc:8b:82:98:80:69:ec:25:00:05:00:d7:61:d1:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Sep 29 10:20:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f0b17b1285f35a4d431a4c3dddf0bc1e3a1b1b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fb:02:06:6f:45:14:3b:f9:87:21:05:6e:50:
                    e8:6a:6a:63:af:62:96:11:9d:b9:75:71:a2:b9:b2:
                    85:37:5c:d0:88:e7:42:fe:61:05:b5:fc:43:9e:76:
                    7e:fa:ed:a9:b7:ae:c9:19:75:83:86:d1:fc:d3:6b:
                    55:94:68:b9:82:19:e4:60:cd:5b:cb:05:e8:03:72:
                    1e:42:08:ad:a3:ad:67:28:0c:95:de:d9:32:69:e2:
                    d5:19:c6:05:32:61:f5:fd:23:67:52:bd:86:df:00:
                    d4:9b:03:56:78:89:e9:09:ff:4e:f2:6e:2d:12:45:
                    36:07:de:21:da:f5:f2:79:16:a0:9e:b2:45:97:cc:
                    40:5f:61:65:d4:13:9d:f0:b2:08:89:cd:32:9b:b0:
                    73:8d:0f:fe:ce:be:23:45:30:48:ba:2c:07:4e:71:
                    8e:2a:c8:00:1f:82:a0:7f:1c:8c:8a:78:b0:39:0c:
                    01:74:b3:8c:a9:d7:e9:d2:b5:bb:30:4a:de:2d:38:
                    fc:d8:0e:0a:b8:45:78:9e:71:83:25:1e:f6:7d:ec:
                    af:44:1e:26:9b:86:68:21:12:8e:59:3c:bf:92:b2:
                    41:3f:87:62:52:4d:fe:97:2f:5a:82:28:af:49:24:
                    0b:38:45:65:25:47:f3:f2:f1:3e:d5:54:14:6b:98:
                    6f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:0B:17:B1:28:5F:35:A4:D4:31:A4:C3:DD:DF:0B:C1:E3:A1:B1:B6
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/LwsXsShfNaTUMaTD3d8LweOhsbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.10.0/24
                  109.122.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:aa:1c:d9:65:71:d1:78:b1:93:a9:4d:58:41:51:a2:72:e9:
         43:cc:0c:d1:39:8e:2f:ba:df:45:1a:d0:9a:89:4a:e9:74:35:
         e2:a8:d0:1e:65:25:74:a7:70:3e:8f:7a:f1:2c:b5:ac:a4:d3:
         9f:2d:50:ca:dc:4e:30:a0:68:04:84:78:a9:4f:76:a7:9a:a6:
         4e:90:7f:9a:0d:a5:67:fc:dd:58:81:c9:3e:76:de:29:c3:27:
         67:b6:5c:37:3a:d6:02:11:bb:97:fd:13:c0:36:2b:36:79:f2:
         0b:f5:ae:b7:73:45:e2:3b:9d:ef:33:03:69:c5:52:7e:d6:65:
         8f:48:f9:7f:93:98:b9:2f:ae:88:cd:42:bd:b2:50:b5:b2:42:
         f8:2c:15:f8:81:cd:dd:ac:6f:b0:33:d8:98:2d:6b:43:1a:c4:
         06:b9:87:4b:b0:a5:7b:0e:58:32:0a:be:08:94:c1:a1:29:6b:
         5f:79:e0:c6:ec:06:3b:7a:9d:ca:9c:cd:64:78:73:e6:56:a7:
         65:4a:00:83:a3:2d:55:16:9f:61:84:00:e5:04:a3:80:76:13:
         24:11:c5:2b:96:52:93:09:13:1a:41:d9:bf:59:b3:8f:64:b7:
         3b:b8:e7:f8:d8:ab:80:2a:b9:28:70:33:6c:02:45:3e:b8:7a:
         d2:20:e5:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmU/IuCmIBp7CUABQDXYdFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwOTI5MTAyMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjBiMTdiMTI4NWYzNWE0ZDQzMWE0YzNkZGRmMGJjMWUzYTFiMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPsCBm9FFDv5hyEFblDoampjr2KW
EZ25dXGiubKFN1zQiOdC/mEFtfxDnnZ++u2pt67JGXWDhtH802tVlGi5ghnkYM1b
ywXoA3IeQgito61nKAyV3tkyaeLVGcYFMmH1/SNnUr2G3wDUmwNWeInpCf9O8m4t
EkU2B94h2vXyeRagnrJFl8xAX2Fl1BOd8LIIic0ym7BzjQ/+zr4jRTBIuiwHTnGO
KsgAH4KgfxyMiniwOQwBdLOMqdfp0rW7MEreLTj82A4KuEV4nnGDJR72feyvRB4m
m4ZoIRKOWTy/krJBP4diUk3+ly9agiivSSQLOEVlJUfz8vE+1VQUa5hv8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC8LF7EoXzWk1DGkw93fC8HjobG2MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvTHdzWHNTaGZOYVRVTWFURDNkOEx3ZU9oc2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXoKAwQA
bXobMA0GCSqGSIb3DQEBCwUAA4IBAQCIqhzZZXHReLGTqU1YQVGiculDzAzROY4v
ut9FGtCaiUrpdDXiqNAeZSV0p3A+j3rxLLWspNOfLVDK3E4woGgEhHipT3anmqZO
kH+aDaVn/N1Ygck+dt4pwydntlw3OtYCEbuX/RPANis2efIL9a63c0XiO53vMwNp
xVJ+1mWPSPl/k5i5L66IzUK9slC1skL4LBX4gc3drG+wM9iYLWtDGsQGuYdLsKV7
DlgyCr4IlMGhKWtfeeDG7AY7ep3KnM1keHPmVqdlSgCDoy1VFp9hhADlBKOAdhMk
EcUrllKTCRMaQdm/WbOPZLc7uOf42KuAKrkocDNsAkU+uHrSIOUZ
-----END CERTIFICATE-----