Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/yX1sbCVdFjPpqTp8mkNVakF6Ly8.roa
File:                     yX1sbCVdFjPpqTp8mkNVakF6Ly8.roa (raw, json)
Hash identifier:          jROq5LjYcq2OudxxTCANqK3Z4E27qiJg9iDaHdo0bgo=
Subject key identifier:   C9:7D:6C:6C:25:5D:16:33:E9:A9:3A:7C:9A:43:55:6A:41:7A:2F:2F
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01991B3CA869FB22F839BFA5E677B3BB63EA
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/yX1sbCVdFjPpqTp8mkNVakF6Ly8.roa
Signing time:             Fri 05 Sep 2025 18:56:24 +0000
ROA not before:           Fri 05 Sep 2025 18:56:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29491
IP address blocks:        109.122.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1b:3c:a8:69:fb:22:f8:39:bf:a5:e6:77:b3:bb:63:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Sep  5 18:56:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c97d6c6c255d1633e9a93a7c9a43556a417a2f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c3:72:f9:3a:ad:43:88:0d:ec:33:92:6d:ca:
                    b0:0b:04:86:f0:d3:d1:14:de:dd:26:0a:02:d6:c9:
                    99:38:68:d2:df:01:92:49:79:96:e2:b0:63:2f:fb:
                    32:45:66:76:6c:2e:dc:85:8b:60:ae:e1:ad:e5:71:
                    a1:28:8d:a5:15:fd:99:1a:cc:72:42:0c:1e:4b:ea:
                    15:cd:dc:22:e0:ef:0c:a2:15:3c:ba:f0:47:fc:ab:
                    ff:82:88:ce:f8:5e:a9:23:9d:c3:35:0b:76:c9:37:
                    ba:3a:78:ea:6b:23:e8:f2:9e:96:2f:69:6d:f5:00:
                    a3:cd:42:0e:f9:91:f7:ed:8a:a0:33:2d:da:cd:a1:
                    71:27:1a:ff:3e:1d:27:bf:41:c8:b9:59:b9:c3:83:
                    8b:61:96:85:a9:5a:23:22:4a:39:a9:db:76:ea:4f:
                    23:6a:2e:6c:c7:c3:da:de:a9:43:e8:ea:e8:84:c7:
                    65:bc:eb:38:fe:01:2b:95:03:28:fb:4c:fa:8e:0d:
                    8d:fe:0e:70:48:97:77:a2:22:17:cf:8c:e4:91:a9:
                    86:6a:83:dc:dc:48:83:b6:2b:3b:17:d6:21:db:3c:
                    89:20:dd:5f:e5:9b:98:a0:3b:69:52:de:cd:c2:16:
                    f2:10:fc:ae:dc:13:b3:ad:58:45:ee:02:09:f1:69:
                    4a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:7D:6C:6C:25:5D:16:33:E9:A9:3A:7C:9A:43:55:6A:41:7A:2F:2F
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/yX1sbCVdFjPpqTp8mkNVakF6Ly8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:bc:fc:59:9e:16:9b:79:6e:2e:cc:d2:42:8c:e8:60:d3:f6:
         fb:aa:3b:23:5e:a0:d9:b4:5b:c9:f7:39:3f:b4:34:61:f9:4a:
         70:42:f9:59:fc:33:e8:55:9e:b2:a7:16:b1:66:73:73:2d:57:
         04:f4:e3:2d:76:b1:bf:98:67:9f:1f:ab:4c:ea:7c:d5:b4:12:
         0e:42:dd:25:5d:92:d0:ac:5b:cc:ae:af:d3:52:da:87:b8:06:
         21:b0:dc:ad:93:42:3c:58:b8:6f:8d:03:86:e5:23:f4:89:3c:
         8d:ae:be:34:d7:ea:e7:b9:b4:bb:a1:7e:45:e7:80:c4:09:70:
         f0:4f:6e:6c:60:7e:45:a0:3b:cd:03:7b:d1:7f:a0:4f:2a:10:
         3a:37:1f:85:93:1d:6d:d8:81:9f:8c:f9:a6:80:84:c0:4a:53:
         47:ec:c4:1d:57:a7:41:d1:dc:e1:07:dd:c0:ec:64:78:fb:cb:
         b7:a6:1e:12:f9:2c:f6:2b:10:ab:93:2b:4d:47:ca:a2:e9:96:
         f7:98:1a:47:42:15:c8:f7:8e:03:b3:37:34:36:dc:21:5a:38:
         2a:80:f4:91:c9:af:ea:e3:60:43:0f:45:bb:2a:0e:13:c2:8b:
         4c:d3:f9:23:e6:bc:5e:c0:34:4d:f0:09:a9:3f:7e:e6:44:45:
         f1:08:2f:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkbPKhp+yL4Ob+l5nezu2PqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwOTA1MTg1NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTdkNmM2YzI1NWQxNjMzZTlhOTNhN2M5YTQzNTU2YTQxN2EyZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8Ny+TqtQ4gN7DOSbcqwCwSG8NPR
FN7dJgoC1smZOGjS3wGSSXmW4rBjL/syRWZ2bC7chYtgruGt5XGhKI2lFf2ZGsxy
QgweS+oVzdwi4O8MohU8uvBH/Kv/gojO+F6pI53DNQt2yTe6OnjqayPo8p6WL2lt
9QCjzUIO+ZH37YqgMy3azaFxJxr/Ph0nv0HIuVm5w4OLYZaFqVojIko5qdt26k8j
ai5sx8Pa3qlD6OrohMdlvOs4/gErlQMo+0z6jg2N/g5wSJd3oiIXz4zkkamGaoPc
3EiDtis7F9Yh2zyJIN1f5ZuYoDtpUt7NwhbyEPyu3BOzrVhF7gIJ8WlKvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMl9bGwlXRYz6ak6fJpDVWpBei8vMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEveVgxc2JDVmRGalBwcVRwOG1rTlZha0Y2THk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXobMA0G
CSqGSIb3DQEBCwUAA4IBAQA4vPxZnhabeW4uzNJCjOhg0/b7qjsjXqDZtFvJ9zk/
tDRh+UpwQvlZ/DPoVZ6ypxaxZnNzLVcE9OMtdrG/mGefH6tM6nzVtBIOQt0lXZLQ
rFvMrq/TUtqHuAYhsNytk0I8WLhvjQOG5SP0iTyNrr401+rnubS7oX5F54DECXDw
T25sYH5FoDvNA3vRf6BPKhA6Nx+Fkx1t2IGfjPmmgITASlNH7MQdV6dB0dzhB93A
7GR4+8u3ph4S+Sz2KxCrkytNR8qi6Zb3mBpHQhXI944Dszc0NtwhWjgqgPSRya/q
42BDD0W7Kg4TwotM0/kj5rxewDRN8AmpP37mREXxCC9D
-----END CERTIFICATE-----