Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/kvMEYnyGd7qmGdzehXUEsgHOqqU.roa
File:                     kvMEYnyGd7qmGdzehXUEsgHOqqU.roa (raw, json)
Hash identifier:          dFNtRXx5X3t8wv/I/7NVMegvTyTKIWgSXRxdmNQlBQ0=
Subject key identifier:   92:F3:04:62:7C:86:77:BA:A6:19:DC:DE:85:75:04:B2:01:CE:AA:A5
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01994E3BF2837E96833321023B4F5635746B
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/kvMEYnyGd7qmGdzehXUEsgHOqqU.roa
Signing time:             Mon 15 Sep 2025 16:36:15 +0000
ROA not before:           Mon 15 Sep 2025 16:36:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 22:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:3b:f2:83:7e:96:83:33:21:02:3b:4f:56:35:74:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Sep 15 16:36:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92f304627c8677baa619dcde857504b201ceaaa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d6:0a:9a:db:3a:ab:14:0c:13:95:64:88:33:
                    a6:56:b6:87:97:6d:6c:4c:fe:eb:14:86:dd:81:22:
                    ee:a2:83:0b:01:ae:d6:5a:be:22:de:94:1f:30:1b:
                    2e:6f:cd:42:56:62:70:a4:fb:f0:e0:dc:98:1e:18:
                    b8:b4:f4:20:6f:69:4f:25:35:40:27:57:ba:00:80:
                    be:72:3e:7d:17:05:f3:82:7d:6a:10:d4:b6:81:07:
                    ea:2b:29:60:08:dc:5f:82:11:22:14:64:68:15:20:
                    63:17:7a:c2:14:14:a0:e0:b2:87:0f:90:6e:2b:cb:
                    bd:2b:25:e5:23:89:51:7b:53:de:5f:94:56:52:70:
                    dc:0a:8b:29:96:36:7e:30:7a:d7:aa:d3:79:96:b9:
                    2c:ee:84:ec:9d:93:c3:d6:de:7d:ed:44:b9:19:d0:
                    4d:a3:d7:7b:65:a0:df:ad:9c:5a:5c:4a:93:07:d1:
                    83:52:c5:fe:42:1a:05:e4:9f:2d:a8:f9:14:9a:be:
                    86:12:ce:7a:ca:c3:23:dd:95:72:db:09:84:ba:98:
                    8a:25:93:96:25:a9:e7:dc:73:1b:69:a1:ab:a7:db:
                    7e:10:98:6c:74:44:71:c0:5e:5e:f3:51:9a:41:28:
                    2c:b5:e3:af:dc:ba:70:17:ac:e4:f2:eb:eb:8d:0e:
                    7c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:F3:04:62:7C:86:77:BA:A6:19:DC:DE:85:75:04:B2:01:CE:AA:A5
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/kvMEYnyGd7qmGdzehXUEsgHOqqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:d4:d1:92:aa:68:22:dd:6c:6d:15:fd:22:c5:7c:96:7a:ea:
         99:ed:0c:8b:7e:8a:89:b8:d1:cb:e0:92:9a:55:4b:27:52:69:
         95:5d:3f:70:d3:0e:13:6e:e0:8e:8c:91:bb:c8:a6:ac:c4:86:
         81:0a:26:0f:36:89:06:8b:13:03:d0:fe:b5:14:5c:d1:d1:eb:
         5d:95:36:9b:d5:d5:f5:37:82:5f:64:58:b8:92:5d:ae:63:ba:
         4a:21:37:cc:48:c9:24:b5:5e:18:4f:c7:e4:6d:df:f4:cb:f5:
         0d:84:4d:50:95:b4:b6:8a:a6:9b:72:d2:69:bf:1f:93:58:6d:
         94:1d:77:c5:c5:0c:cd:15:48:ad:f8:54:a8:0e:e2:fa:be:0e:
         ad:1f:67:50:ca:16:72:24:ea:ea:02:be:c0:2f:c5:bf:82:0c:
         1c:ae:7c:95:c9:b2:d7:25:dc:21:01:f9:12:29:29:13:47:f6:
         5c:26:b0:8d:19:47:d5:b4:e4:19:01:fe:c6:be:f4:38:3b:d1:
         87:43:e0:52:75:30:b3:9d:4c:8b:a3:f1:3b:dd:75:de:9f:f6:
         bb:be:6d:c4:36:ae:24:15:0b:48:d3:85:cc:cd:fa:d8:f3:c2:
         05:ec:19:04:81:e1:e6:e9:bb:ad:2e:28:20:b4:d9:4c:1a:44:
         de:94:02:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlOO/KDfpaDMyECO09WNXRrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwOTE1MTYzNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmYzMDQ2MjdjODY3N2JhYTYxOWRjZGU4NTc1MDRiMjAxY2VhYWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tYKmts6qxQME5VkiDOmVraHl21s
TP7rFIbdgSLuooMLAa7WWr4i3pQfMBsub81CVmJwpPvw4NyYHhi4tPQgb2lPJTVA
J1e6AIC+cj59FwXzgn1qENS2gQfqKylgCNxfghEiFGRoFSBjF3rCFBSg4LKHD5Bu
K8u9KyXlI4lRe1PeX5RWUnDcCospljZ+MHrXqtN5lrks7oTsnZPD1t597US5GdBN
o9d7ZaDfrZxaXEqTB9GDUsX+QhoF5J8tqPkUmr6GEs56ysMj3ZVy2wmEupiKJZOW
Jann3HMbaaGrp9t+EJhsdERxwF5e81GaQSgsteOv3LpwF6zk8uvrjQ58aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLzBGJ8hne6phnc3oV1BLIBzqqlMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEva3ZNRVlueUdkN3FtR2R6ZWhYVUVzZ0hPcXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXodMA0G
CSqGSIb3DQEBCwUAA4IBAQC51NGSqmgi3WxtFf0ixXyWeuqZ7QyLfoqJuNHL4JKa
VUsnUmmVXT9w0w4TbuCOjJG7yKasxIaBCiYPNokGixMD0P61FFzR0etdlTab1dX1
N4JfZFi4kl2uY7pKITfMSMkktV4YT8fkbd/0y/UNhE1QlbS2iqabctJpvx+TWG2U
HXfFxQzNFUit+FSoDuL6vg6tH2dQyhZyJOrqAr7AL8W/ggwcrnyVybLXJdwhAfkS
KSkTR/ZcJrCNGUfVtOQZAf7GvvQ4O9GHQ+BSdTCznUyLo/E73XXen/a7vm3ENq4k
FQtI04XMzfrY88IF7BkEgeHm6butLiggtNlMGkTelAK6
-----END CERTIFICATE-----