Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/h7Nf1qSwsQyYMT9IVxfe4SUPYNQ.roa
File:                     h7Nf1qSwsQyYMT9IVxfe4SUPYNQ.roa (raw, json)
Hash identifier:          d/arS0MLZA1nCg+OWYh1wjNGYXmdM8BI33649IgkuIA=
Subject key identifier:   87:B3:5F:D6:A4:B0:B1:0C:98:31:3F:48:57:17:DE:E1:25:0F:60:D4
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019A08649ED56C9CEDD12D8BBB7006BA87F8
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/h7Nf1qSwsQyYMT9IVxfe4SUPYNQ.roa
Signing time:             Tue 21 Oct 2025 20:10:03 +0000
ROA not before:           Tue 21 Oct 2025 20:10:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        109.122.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 19:12:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:08:64:9e:d5:6c:9c:ed:d1:2d:8b:bb:70:06:ba:87:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Oct 21 20:10:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87b35fd6a4b0b10c98313f485717dee1250f60d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ca:55:ad:7b:7d:06:2c:a5:e7:01:06:e1:60:
                    5f:fa:de:08:6f:77:1f:6d:e0:24:0e:4e:3d:c8:19:
                    82:90:7c:57:19:95:0a:7c:2c:e7:f6:3e:be:4d:09:
                    2b:a6:2b:81:a9:aa:2b:44:f2:a7:a4:20:a3:50:f5:
                    29:04:e5:cb:43:77:f2:38:ff:99:c6:f5:50:dc:21:
                    21:73:4a:41:2f:ee:ab:b2:55:c8:b4:bd:05:d4:f5:
                    3e:31:0e:98:d1:2f:07:fd:5e:91:68:d4:a8:26:b0:
                    a5:1f:73:65:c3:e6:ff:1a:a3:9a:7f:7e:06:3e:5b:
                    a0:22:c1:7c:2d:6a:d2:74:4a:97:06:16:47:3b:7b:
                    87:2a:a5:b3:6b:25:32:9f:96:db:1a:f9:a7:2a:17:
                    53:a2:65:71:01:31:d1:c0:b9:5a:e0:9b:75:a8:41:
                    21:0d:d1:69:86:ad:79:97:fc:81:b5:c7:bf:ef:56:
                    3e:a0:8d:d8:e1:b5:7e:5d:fc:7f:b8:ac:5b:a6:52:
                    f7:5c:cb:37:d5:25:29:21:23:2e:d3:c1:b4:6d:9a:
                    45:a9:e2:7d:d7:de:51:7b:4a:29:7c:ed:4c:81:82:
                    3a:2e:20:9d:53:4a:dc:8a:89:80:63:fd:2b:af:6f:
                    ae:41:bb:27:8f:08:91:70:a3:57:35:d9:f0:99:41:
                    37:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B3:5F:D6:A4:B0:B1:0C:98:31:3F:48:57:17:DE:E1:25:0F:60:D4
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/h7Nf1qSwsQyYMT9IVxfe4SUPYNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:f4:09:15:f7:23:f5:9d:88:40:1d:94:71:72:8d:dd:5e:49:
         27:e2:1c:1a:2f:41:5a:32:b6:db:3f:23:b7:23:9f:b3:b9:26:
         ec:7d:36:32:ba:4c:17:1b:3c:7a:1b:b2:44:aa:4a:10:e9:78:
         95:2f:0f:03:78:66:bd:ed:90:a5:5b:31:5a:0b:86:06:b6:81:
         94:dd:0e:d6:3e:47:3e:eb:af:5f:ef:21:0e:ac:18:0f:c0:b0:
         10:e7:64:be:12:9e:d7:3d:24:fd:8e:dd:a4:5b:11:f9:57:01:
         18:ae:ed:2d:ae:d7:76:82:38:35:a5:f0:c9:fc:56:74:48:13:
         ca:96:25:ea:a2:34:2e:51:17:6f:ab:18:93:0c:b2:86:37:12:
         5b:38:78:34:7b:9a:05:5f:97:a7:0c:0c:c6:ff:2d:02:71:36:
         40:b1:05:0a:3d:10:cf:14:7d:c6:0f:b8:84:bf:68:45:3d:f3:
         43:93:60:81:3b:74:c4:17:64:80:3e:e6:6a:56:63:1b:de:0c:
         73:d8:82:a8:3e:7f:13:6a:39:7f:fb:ff:18:9e:e4:9e:18:14:
         d4:14:a0:d4:14:91:5a:b7:d4:1f:b7:a7:a5:91:42:59:89:70:
         ba:a5:30:d8:14:95:69:5c:52:fc:40:12:a9:32:e2:38:c7:99:
         4d:3e:ec:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoIZJ7VbJzt0S2Lu3AGuof4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUxMDIxMjAxMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2IzNWZkNmE0YjBiMTBjOTgzMTNmNDg1NzE3ZGVlMTI1MGY2MGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmspVrXt9Biyl5wEG4WBf+t4Ib3cf
beAkDk49yBmCkHxXGZUKfCzn9j6+TQkrpiuBqaorRPKnpCCjUPUpBOXLQ3fyOP+Z
xvVQ3CEhc0pBL+6rslXItL0F1PU+MQ6Y0S8H/V6RaNSoJrClH3Nlw+b/GqOaf34G
PlugIsF8LWrSdEqXBhZHO3uHKqWzayUyn5bbGvmnKhdTomVxATHRwLla4Jt1qEEh
DdFphq15l/yBtce/71Y+oI3Y4bV+Xfx/uKxbplL3XMs31SUpISMu08G0bZpFqeJ9
195Re0opfO1MgYI6LiCdU0rciomAY/0rr2+uQbsnjwiRcKNXNdnwmUE3JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIezX9aksLEMmDE/SFcX3uElD2DUMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvaDdOZjFxU3dzUXlZTVQ5SVZ4ZmU0U1VQWU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoaMA0G
CSqGSIb3DQEBCwUAA4IBAQC+9AkV9yP1nYhAHZRxco3dXkkn4hwaL0FaMrbbPyO3
I5+zuSbsfTYyukwXGzx6G7JEqkoQ6XiVLw8DeGa97ZClWzFaC4YGtoGU3Q7WPkc+
669f7yEOrBgPwLAQ52S+Ep7XPST9jt2kWxH5VwEYru0trtd2gjg1pfDJ/FZ0SBPK
liXqojQuURdvqxiTDLKGNxJbOHg0e5oFX5enDAzG/y0CcTZAsQUKPRDPFH3GD7iE
v2hFPfNDk2CBO3TEF2SAPuZqVmMb3gxz2IKoPn8Tajl/+/8YnuSeGBTUFKDUFJFa
t9Qft6elkUJZiXC6pTDYFJVpXFL8QBKpMuI4x5lNPuw0
-----END CERTIFICATE-----