Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/bShbPcU0S5FZ8a49RMPG5RqfwPo.roa
File:                     bShbPcU0S5FZ8a49RMPG5RqfwPo.roa (raw, json)
Hash identifier:          jl9y5L8H4nSGGOmubkaz06W5b26tyF4CUGaUjcx3Zd8=
Subject key identifier:   6D:28:5B:3D:C5:34:4B:91:59:F1:AE:3D:44:C3:C6:E5:1A:9F:C0:FA
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019E5F07A499114614917278EE591A5D0B01
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/bShbPcU0S5FZ8a49RMPG5RqfwPo.roa
Signing time:             Mon 25 May 2026 12:06:36 +0000
ROA not before:           Mon 25 May 2026 12:06:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20860
IP address blocks:        109.122.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:07:a4:99:11:46:14:91:72:78:ee:59:1a:5d:0b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: May 25 12:06:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d285b3dc5344b9159f1ae3d44c3c6e51a9fc0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ac:c1:0f:ec:5c:6b:5f:84:59:3d:85:40:26:
                    e2:d6:5f:5e:19:93:96:c2:06:d9:d4:56:98:45:59:
                    a5:0c:22:31:92:2c:35:fa:71:ca:b4:08:a9:e3:9e:
                    62:2a:3e:b6:e4:76:4b:f5:5e:f4:38:5b:7e:b4:70:
                    d9:17:5a:62:49:72:29:58:bd:76:34:78:13:8a:d4:
                    84:d9:27:ce:43:8d:ae:d3:f1:0f:4a:f7:42:43:8e:
                    10:c7:7c:e7:ee:3c:55:e3:8b:81:cd:04:0c:7c:bc:
                    7b:27:f4:0d:c0:79:11:67:1d:4a:db:fd:d3:7a:bc:
                    cf:d0:64:5e:e1:24:a2:06:32:f7:ac:d2:2e:c4:14:
                    46:93:bd:91:77:96:44:a7:de:c9:ad:02:89:0a:de:
                    9f:df:0c:72:70:c5:bc:c1:47:72:87:57:4d:02:19:
                    0c:da:ab:85:fb:9d:3e:22:a8:65:b6:20:42:01:31:
                    20:0f:a3:df:c9:f9:ad:29:22:fd:33:2f:47:1a:bf:
                    f1:28:bf:cd:41:cf:7d:75:6a:b9:08:94:a2:51:23:
                    e5:23:64:61:4c:94:26:f1:51:44:83:6a:01:b7:95:
                    73:6a:f7:d2:1d:0c:59:10:4d:df:28:f8:81:14:a2:
                    4c:80:42:b3:d0:81:41:47:b9:3c:e9:8a:c1:f6:4b:
                    e2:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:28:5B:3D:C5:34:4B:91:59:F1:AE:3D:44:C3:C6:E5:1A:9F:C0:FA
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/bShbPcU0S5FZ8a49RMPG5RqfwPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:6e:2c:64:15:83:e2:14:20:66:ab:d9:ec:ba:f5:2b:f8:23:
         11:b9:55:1b:5b:38:bb:f5:7e:48:68:d1:0c:13:4a:9d:45:f9:
         3c:db:df:ec:f0:48:5d:8f:ed:84:c3:40:f6:ae:d3:39:c6:8f:
         79:6a:88:5a:df:5c:b4:b7:6c:79:ce:5d:3d:30:0a:e4:6c:3a:
         e2:2f:7c:5f:b2:2a:d6:ab:ee:fb:07:8e:66:6e:36:d8:ab:be:
         a7:e3:ec:bc:84:12:3c:b5:b7:0d:69:8b:b9:8a:6e:30:1a:63:
         7f:96:e1:05:f3:d0:7a:51:54:7a:58:0a:21:84:b2:66:3b:b3:
         88:9c:7a:27:7e:fc:27:94:60:7c:ec:1f:e7:e8:70:36:ea:d0:
         29:fe:59:7c:44:85:10:b5:6c:60:77:2a:6a:22:0d:ba:a7:82:
         a1:4d:83:d0:02:a4:07:f4:74:4e:22:51:2a:1c:68:d3:20:51:
         19:5b:71:eb:08:eb:0b:c4:f7:f9:ff:42:95:34:60:66:70:09:
         00:98:2d:60:57:6b:88:e2:b4:2e:24:5d:73:60:3f:b1:ba:d4:
         40:c6:6f:90:aa:d4:d3:68:8f:3b:7d:85:fb:a7:fc:74:42:8c:
         71:07:b6:a9:e4:5a:9f:ca:fb:d0:7e:d9:6a:4b:94:78:e1:84:
         62:2a:22:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5fB6SZEUYUkXJ47lkaXQsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNTI1MTIwNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDI4NWIzZGM1MzQ0YjkxNTlmMWFlM2Q0NGMzYzZlNTFhOWZjMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqzBD+xca1+EWT2FQCbi1l9eGZOW
wgbZ1FaYRVmlDCIxkiw1+nHKtAip455iKj625HZL9V70OFt+tHDZF1piSXIpWL12
NHgTitSE2SfOQ42u0/EPSvdCQ44Qx3zn7jxV44uBzQQMfLx7J/QNwHkRZx1K2/3T
erzP0GRe4SSiBjL3rNIuxBRGk72Rd5ZEp97JrQKJCt6f3wxycMW8wUdyh1dNAhkM
2quF+50+IqhltiBCATEgD6PfyfmtKSL9My9HGr/xKL/NQc99dWq5CJSiUSPlI2Rh
TJQm8VFEg2oBt5VzavfSHQxZEE3fKPiBFKJMgEKz0IFBR7k86YrB9kvibwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0oWz3FNEuRWfGuPUTDxuUan8D6MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvYlNoYlBjVTBTNUZaOGE0OVJNUEc1UnFmd1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoBMA0G
CSqGSIb3DQEBCwUAA4IBAQBDbixkFYPiFCBmq9nsuvUr+CMRuVUbWzi79X5IaNEM
E0qdRfk829/s8Ehdj+2Ew0D2rtM5xo95aoha31y0t2x5zl09MArkbDriL3xfsirW
q+77B45mbjbYq76n4+y8hBI8tbcNaYu5im4wGmN/luEF89B6UVR6WAohhLJmO7OI
nHonfvwnlGB87B/n6HA26tAp/ll8RIUQtWxgdypqIg26p4KhTYPQAqQH9HROIlEq
HGjTIFEZW3HrCOsLxPf5/0KVNGBmcAkAmC1gV2uI4rQuJF1zYD+xutRAxm+QqtTT
aI87fYX7p/x0QoxxB7ap5FqfyvvQftlqS5R44YRiKiKS
-----END CERTIFICATE-----