Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/jhs0ukHjicosOVgf31uuTU9gbxc.roa
File:                     jhs0ukHjicosOVgf31uuTU9gbxc.roa (raw, json)
Hash identifier:          mUk/CVQyAEuXdFvHSx/RFONZCHo1Whn/2ez9uZFSp6c=
Subject key identifier:   8E:1B:34:BA:41:E3:89:CA:2C:39:58:1F:DF:5B:AE:4D:4F:60:6F:17
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019A36C8D70F9B0F33C4D084E464983B13BF
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/jhs0ukHjicosOVgf31uuTU9gbxc.roa
Signing time:             Thu 30 Oct 2025 20:22:03 +0000
ROA not before:           Thu 30 Oct 2025 20:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.7.0/24 maxlen: 24
                          109.122.12.0/24 maxlen: 24
                          109.122.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 19:55:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:36:c8:d7:0f:9b:0f:33:c4:d0:84:e4:64:98:3b:13:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Oct 30 20:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e1b34ba41e389ca2c39581fdf5bae4d4f606f17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:00:61:84:8c:06:7d:34:90:14:f0:95:4e:14:
                    3f:e5:6a:4b:03:23:c3:0c:a5:6c:cf:a6:2d:31:81:
                    4d:35:7a:ea:2e:ac:8d:65:7b:fb:8e:43:07:ba:39:
                    57:a9:12:de:d5:ea:1b:37:a7:b0:4b:3a:1d:d3:40:
                    89:f8:ab:3a:2c:75:f1:4d:ab:90:ee:f0:e7:b9:4e:
                    5f:fb:5d:8e:e1:dd:4c:3e:64:ce:90:72:36:75:e4:
                    97:10:2b:ed:76:85:79:c4:df:35:e7:fd:2a:53:a3:
                    2c:db:21:0b:a2:a6:48:e5:8b:38:19:df:c8:35:63:
                    c8:0e:b2:f5:d2:9a:77:22:f5:73:20:53:8a:19:50:
                    f6:49:1b:46:6b:6b:e7:dd:51:ce:d0:46:2f:4c:bc:
                    cb:cd:9c:79:09:a5:84:51:30:39:cb:8b:ef:dd:42:
                    7b:9e:ef:d5:54:b9:a4:1e:14:b1:70:71:6c:e3:36:
                    96:c0:9b:b9:67:3e:c1:90:87:51:97:e1:c0:59:55:
                    1a:05:55:1a:70:55:b6:3c:39:e6:1c:d5:ee:4e:13:
                    08:1e:4b:e6:d5:d5:20:a9:9c:7e:92:8f:16:dc:ae:
                    c1:d0:39:8d:14:63:36:09:da:20:c6:22:50:e3:44:
                    fe:ea:2b:f8:5a:95:fd:8b:16:f0:51:e9:e4:8e:32:
                    a9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:1B:34:BA:41:E3:89:CA:2C:39:58:1F:DF:5B:AE:4D:4F:60:6F:17
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/jhs0ukHjicosOVgf31uuTU9gbxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.7.0/24
                  109.122.12.0/24
                  109.122.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:af:a1:c5:7a:1b:cf:c5:fc:11:0b:3f:4e:5b:9b:38:94:3d:
         56:40:bb:e2:47:1e:be:a0:96:bd:6c:81:44:d9:25:22:86:f4:
         4f:56:26:70:5f:19:71:a4:6e:48:a0:86:17:bc:c9:dc:e0:88:
         b9:45:70:ef:8d:3e:e4:88:b0:2f:0c:b5:16:d9:a0:46:cc:cb:
         ec:4b:c3:a5:42:b8:03:f7:11:5b:f9:de:a5:fe:8f:08:a4:aa:
         d6:e6:51:e6:da:de:5b:44:4c:ef:33:6d:82:d4:c6:bd:d8:c4:
         fd:a6:4e:4a:c8:a8:a0:88:12:ed:18:51:a4:5e:c0:99:5f:17:
         93:ad:f5:22:0f:4f:16:3d:3a:4f:b9:72:4c:ad:02:72:2d:d2:
         07:49:b6:f3:e8:7e:cf:f6:f7:8d:ad:a8:06:73:87:d2:8c:2e:
         88:37:dd:67:43:bb:0f:94:b9:52:56:0d:c3:52:42:44:76:03:
         fb:b1:30:8e:e1:f6:0d:d8:a9:21:24:ba:e8:a5:47:f2:47:7f:
         9e:fb:82:76:17:93:23:c4:64:05:6e:ed:78:c8:81:6a:6d:12:
         db:5b:3c:39:26:d6:85:48:59:04:43:c7:35:6c:73:8a:1c:76:
         3a:b9:69:1b:f4:0f:72:b8:60:ca:34:af:c9:45:06:58:e5:2d:
         fd:d5:4c:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZo2yNcPmw8zxNCE5GSYOxO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUxMDMwMjAyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTFiMzRiYTQxZTM4OWNhMmMzOTU4MWZkZjViYWU0ZDRmNjA2ZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4QBhhIwGfTSQFPCVThQ/5WpLAyPD
DKVsz6YtMYFNNXrqLqyNZXv7jkMHujlXqRLe1eobN6ewSzod00CJ+Ks6LHXxTauQ
7vDnuU5f+12O4d1MPmTOkHI2deSXECvtdoV5xN815/0qU6Ms2yELoqZI5Ys4Gd/I
NWPIDrL10pp3IvVzIFOKGVD2SRtGa2vn3VHO0EYvTLzLzZx5CaWEUTA5y4vv3UJ7
nu/VVLmkHhSxcHFs4zaWwJu5Zz7BkIdRl+HAWVUaBVUacFW2PDnmHNXuThMIHkvm
1dUgqZx+ko8W3K7B0DmNFGM2CdogxiJQ40T+6iv4WpX9ixbwUenkjjKpmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI4bNLpB44nKLDlYH99brk1PYG8XMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvamhzMHVrSGppY29zT1ZnZjMxdXVUVTlnYnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbXoHAwQA
bXoMAwQAbXodMA0GCSqGSIb3DQEBCwUAA4IBAQChr6HFehvPxfwRCz9OW5s4lD1W
QLviRx6+oJa9bIFE2SUihvRPViZwXxlxpG5IoIYXvMnc4Ii5RXDvjT7kiLAvDLUW
2aBGzMvsS8OlQrgD9xFb+d6l/o8IpKrW5lHm2t5bREzvM22C1Ma92MT9pk5KyKig
iBLtGFGkXsCZXxeTrfUiD08WPTpPuXJMrQJyLdIHSbbz6H7P9veNragGc4fSjC6I
N91nQ7sPlLlSVg3DUkJEdgP7sTCO4fYN2KkhJLropUfyR3+e+4J2F5MjxGQFbu14
yIFqbRLbWzw5JtaFSFkEQ8c1bHOKHHY6uWkb9A9yuGDKNK/JRQZY5S391UzR
-----END CERTIFICATE-----