Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/uozs4ngjvNeuDrk-axlCEwq9x7w.roa
File:                     uozs4ngjvNeuDrk-axlCEwq9x7w.roa (raw, json)
Hash identifier:          Q85GKO8O48qQEmeitk6qwIS7JR8Gk2WL9HRgrlh03P4=
Subject key identifier:   BA:8C:EC:E2:78:23:BC:D7:AE:0E:B9:3E:6B:19:42:13:0A:BD:C7:BC
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       0198EF6E100848F59A9CB922B97739892D2C
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/uozs4ngjvNeuDrk-axlCEwq9x7w.roa
Signing time:             Thu 28 Aug 2025 06:47:04 +0000
ROA not before:           Thu 28 Aug 2025 06:47:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400909
IP address blocks:        109.122.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 06:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ef:6e:10:08:48:f5:9a:9c:b9:22:b9:77:39:89:2d:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Aug 28 06:47:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba8cece27823bcd7ae0eb93e6b1942130abdc7bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7f:4f:2f:17:3b:f5:0e:59:6d:9a:6d:a9:89:
                    fb:28:d3:45:54:8c:3a:25:d2:8a:b3:59:79:87:f9:
                    7f:29:7b:e7:30:07:3b:a2:ab:bc:75:62:3d:88:73:
                    ab:29:09:b4:d7:06:61:fe:33:45:2f:f1:d5:b5:ca:
                    ab:3b:9b:ee:55:9f:cb:d8:27:42:19:6d:56:53:bc:
                    09:c9:f7:ee:b8:fa:f6:08:7d:c7:12:73:cb:e2:a3:
                    c3:9d:81:c1:1e:01:2a:f1:be:a2:a2:ef:22:21:62:
                    3f:1e:b6:00:e1:8f:59:3a:8c:89:47:66:d6:9b:b5:
                    b5:4f:7e:f9:1e:d0:04:91:aa:6a:37:2c:37:81:ae:
                    05:cc:57:2b:bd:ac:9a:ee:af:cc:2f:ff:f8:69:44:
                    f7:8d:8c:82:f6:81:a7:1d:df:8b:fa:36:e1:b6:dd:
                    49:bb:f9:a6:53:cc:12:0c:d4:57:93:d4:1a:d7:71:
                    15:8d:79:2e:7d:9e:bc:0e:76:1d:16:c8:42:f7:e5:
                    b1:d8:3e:66:52:4b:6b:46:f8:99:fc:43:3f:7e:be:
                    b1:7d:9f:f3:b1:08:05:8e:68:5e:e8:e1:66:3c:75:
                    2a:c5:02:a6:ca:b4:61:ab:70:12:c1:27:6f:49:c6:
                    ae:39:29:12:a4:c0:9f:97:36:fd:8e:b4:f7:91:12:
                    a3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:8C:EC:E2:78:23:BC:D7:AE:0E:B9:3E:6B:19:42:13:0A:BD:C7:BC
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/uozs4ngjvNeuDrk-axlCEwq9x7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:06:33:94:92:27:2c:a9:f1:ec:cd:49:b3:12:1c:6b:4e:4c:
         f0:2d:22:8e:b3:20:08:65:3f:60:4a:ca:05:bc:fc:e6:5e:82:
         61:d5:f1:67:5f:74:ad:4f:7e:6a:c6:d3:18:f1:2d:f6:90:c8:
         f3:af:3f:5b:db:9b:de:b6:41:0f:3f:ca:27:dd:49:46:65:54:
         14:02:31:14:3d:a8:40:3c:ae:00:5d:b7:5c:2c:6d:7a:27:17:
         a3:cc:53:3b:38:bd:77:5e:75:fe:76:f4:ad:5a:45:14:be:26:
         39:78:16:28:d5:cd:34:d3:ba:b8:09:b0:8b:c0:96:55:c9:e8:
         b5:de:cc:00:5f:15:9e:07:91:33:7f:9f:e6:b7:89:9e:e0:c3:
         17:e8:d5:d6:86:64:c2:ea:92:c2:6c:de:8b:4f:6f:e1:b0:eb:
         52:83:02:17:93:98:7f:b8:f2:d2:a6:65:42:1f:65:0b:7d:4c:
         61:db:2e:ad:23:b9:1f:51:96:55:c8:0b:99:f5:07:ce:33:0e:
         c8:e2:bd:30:27:e8:6c:b8:ce:bd:e6:c6:0f:68:49:c7:9e:73:
         89:50:56:99:06:d8:77:52:99:98:c9:6a:84:6a:b5:81:11:62:
         7b:a6:2a:e7:96:91:d8:e5:46:92:dd:75:f7:59:77:32:7b:7f:
         fe:53:ee:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjvbhAISPWanLkiuXc5iS0sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwODI4MDY0NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYThjZWNlMjc4MjNiY2Q3YWUwZWI5M2U2YjE5NDIxMzBhYmRjN2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjH9PLxc79Q5ZbZptqYn7KNNFVIw6
JdKKs1l5h/l/KXvnMAc7oqu8dWI9iHOrKQm01wZh/jNFL/HVtcqrO5vuVZ/L2CdC
GW1WU7wJyffuuPr2CH3HEnPL4qPDnYHBHgEq8b6iou8iIWI/HrYA4Y9ZOoyJR2bW
m7W1T375HtAEkapqNyw3ga4FzFcrvaya7q/ML//4aUT3jYyC9oGnHd+L+jbhtt1J
u/mmU8wSDNRXk9Qa13EVjXkufZ68DnYdFshC9+Wx2D5mUktrRviZ/EM/fr6xfZ/z
sQgFjmhe6OFmPHUqxQKmyrRhq3ASwSdvScauOSkSpMCflzb9jrT3kRKjEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqM7OJ4I7zXrg65PmsZQhMKvce8MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvdW96czRuZ2p2TmV1RHJrLWF4bENFd3E5eDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoAMA0G
CSqGSIb3DQEBCwUAA4IBAQAmBjOUkicsqfHszUmzEhxrTkzwLSKOsyAIZT9gSsoF
vPzmXoJh1fFnX3StT35qxtMY8S32kMjzrz9b25vetkEPP8on3UlGZVQUAjEUPahA
PK4AXbdcLG16JxejzFM7OL13XnX+dvStWkUUviY5eBYo1c0007q4CbCLwJZVyei1
3swAXxWeB5Ezf5/mt4me4MMX6NXWhmTC6pLCbN6LT2/hsOtSgwIXk5h/uPLSpmVC
H2ULfUxh2y6tI7kfUZZVyAuZ9QfOMw7I4r0wJ+hsuM695sYPaEnHnnOJUFaZBth3
UpmYyWqEarWBEWJ7pirnlpHY5UaS3XX3WXcye3/+U+64
-----END CERTIFICATE-----