Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/h5dpN_tZVVmWPrrMIQuaGQowHhQ.roa
File:                     h5dpN_tZVVmWPrrMIQuaGQowHhQ.roa (raw, json)
Hash identifier:          YmlUO3L+qJqOrgCptKBHCqrOp52j3GLhNfR5NnBlFPc=
Subject key identifier:   87:97:69:37:FB:59:55:59:96:3E:BA:CC:21:0B:9A:19:0A:30:1E:14
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019E2D8FD71B540C63F4416A88EC3F299A23
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/h5dpN_tZVVmWPrrMIQuaGQowHhQ.roa
Signing time:             Fri 15 May 2026 21:34:21 +0000
ROA not before:           Fri 15 May 2026 21:34:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198138
IP address blocks:        109.122.9.0/24 maxlen: 24
                          109.122.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2d:8f:d7:1b:54:0c:63:f4:41:6a:88:ec:3f:29:9a:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: May 15 21:34:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87976937fb595559963ebacc210b9a190a301e14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c6:bf:2d:da:ea:5a:25:53:1c:85:a1:fb:41:
                    93:87:5a:d7:d1:48:e7:54:65:b5:13:b8:00:86:c4:
                    78:52:df:a5:05:15:84:d4:d7:2c:dc:6f:fc:ef:3e:
                    e0:41:9c:c1:93:63:47:50:36:cf:89:ae:f3:55:b9:
                    3f:5e:c2:6e:6e:f7:10:18:ba:8d:fe:3e:b8:3b:d6:
                    b0:6d:d7:a7:43:85:59:93:7c:04:cf:18:64:5a:b2:
                    f6:f3:03:f7:f3:59:87:7f:a9:a0:9f:f0:3f:63:e9:
                    56:bc:52:1b:ea:01:1d:36:25:17:ab:ed:9e:ec:0b:
                    5d:0d:99:c0:7d:0b:45:a5:2f:ea:19:e4:be:db:95:
                    e2:f4:4a:4d:96:65:16:ed:78:74:a9:02:4e:4d:e5:
                    2d:8c:9e:f2:63:14:49:92:80:78:6b:4b:00:ca:b4:
                    7f:5a:01:20:a1:c5:43:11:2d:d3:0a:12:be:dd:e9:
                    d8:04:83:95:02:10:75:8b:d4:d6:75:c9:e1:dd:f6:
                    31:80:a3:bf:be:93:13:91:5c:b7:cc:69:4f:89:62:
                    83:e9:c5:64:1d:9a:17:db:30:2a:57:20:9c:7c:12:
                    3f:54:7d:2e:c0:dc:f4:cd:90:1d:49:5f:df:e1:ff:
                    b2:ef:bb:10:8e:ab:2e:9f:2e:5d:9e:34:71:63:42:
                    e1:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:97:69:37:FB:59:55:59:96:3E:BA:CC:21:0B:9A:19:0A:30:1E:14
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/h5dpN_tZVVmWPrrMIQuaGQowHhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.9.0/24
                  109.122.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:72:00:68:af:4d:55:bc:02:26:29:b3:98:04:0a:1d:4f:25:
         86:d8:7b:a6:3e:6a:7a:7d:77:47:69:87:6e:d4:7c:ba:b3:7d:
         7d:6f:d8:98:ce:e2:aa:1e:c1:f7:69:42:f2:96:0f:c7:0b:ec:
         e6:33:10:b0:e4:a6:c2:36:8a:19:0f:73:65:4f:95:14:e7:0a:
         2d:33:79:9a:78:58:bb:97:c2:1b:af:97:26:2d:4a:63:d4:d6:
         5d:e9:b6:45:7f:0b:db:94:01:66:37:5d:b9:29:1d:56:41:6e:
         45:62:bd:95:63:d1:06:09:2d:56:ec:9e:37:39:49:7a:87:25:
         c1:31:14:62:54:90:38:f5:9d:cf:82:1e:47:79:13:5d:17:56:
         52:f2:72:b9:5f:cf:fd:aa:3a:6f:bc:9c:5b:d2:d5:8f:e9:c7:
         05:b5:cb:0a:1e:b7:2f:ed:70:68:d3:16:b5:46:3b:35:75:0d:
         65:fc:41:9c:88:67:6a:57:30:58:cc:28:d2:fc:4b:4f:7a:4d:
         7e:b5:a5:5a:28:f0:47:2c:45:a7:8c:29:cf:ed:28:d6:fc:68:
         67:17:95:9c:6c:d3:fb:c7:f9:e0:53:aa:4b:30:5b:3f:d7:30:
         77:92:51:46:83:c8:95:3c:67:9c:93:26:2f:5c:54:1a:fb:31:
         67:af:80:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4tj9cbVAxj9EFqiOw/KZojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNTE1MjEzNDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzk3NjkzN2ZiNTk1NTU5OTYzZWJhY2MyMTBiOWExOTBhMzAxZTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMa/LdrqWiVTHIWh+0GTh1rX0Ujn
VGW1E7gAhsR4Ut+lBRWE1Ncs3G/87z7gQZzBk2NHUDbPia7zVbk/XsJubvcQGLqN
/j64O9awbdenQ4VZk3wEzxhkWrL28wP381mHf6mgn/A/Y+lWvFIb6gEdNiUXq+2e
7AtdDZnAfQtFpS/qGeS+25Xi9EpNlmUW7Xh0qQJOTeUtjJ7yYxRJkoB4a0sAyrR/
WgEgocVDES3TChK+3enYBIOVAhB1i9TWdcnh3fYxgKO/vpMTkVy3zGlPiWKD6cVk
HZoX2zAqVyCcfBI/VH0uwNz0zZAdSV/f4f+y77sQjqsuny5dnjRxY0LhgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIeXaTf7WVVZlj66zCELmhkKMB4UMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvaDVkcE5fdFpWVm1XUHJyTUlRdWFHUW93SGhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXoJAwQA
bXoWMA0GCSqGSIb3DQEBCwUAA4IBAQAWcgBor01VvAImKbOYBAodTyWG2HumPmp6
fXdHaYdu1Hy6s319b9iYzuKqHsH3aULylg/HC+zmMxCw5KbCNooZD3NlT5UU5wot
M3maeFi7l8Ibr5cmLUpj1NZd6bZFfwvblAFmN125KR1WQW5FYr2VY9EGCS1W7J43
OUl6hyXBMRRiVJA49Z3Pgh5HeRNdF1ZS8nK5X8/9qjpvvJxb0tWP6ccFtcsKHrcv
7XBo0xa1Rjs1dQ1l/EGciGdqVzBYzCjS/EtPek1+taVaKPBHLEWnjCnP7SjW/Ghn
F5WcbNP7x/ngU6pLMFs/1zB3klFGg8iVPGeckyYvXFQa+zFnr4A6
-----END CERTIFICATE-----