Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/3oSu6eCg_8a-o7Kvfe8hwX6kMDY.roa
File:                     3oSu6eCg_8a-o7Kvfe8hwX6kMDY.roa (raw, json)
Hash identifier:          jkxPNGcm73VVDRR6I7sdqsFo9UCZEQU70B3yRTSmexE=
Subject key identifier:   DE:84:AE:E9:E0:A0:FF:C6:BE:A3:B2:AF:7D:EF:21:C1:7E:A4:30:36
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0196BA682882091482AE750628D74AF21D49
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/3oSu6eCg_8a-o7Kvfe8hwX6kMDY.roa
Signing time:             Sat 10 May 2025 13:35:10 +0000
ROA not before:           Sat 10 May 2025 13:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18811
IP address blocks:        109.122.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ba:68:28:82:09:14:82:ae:75:06:28:d7:4a:f2:1d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: May 10 13:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de84aee9e0a0ffc6bea3b2af7def21c17ea43036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:27:5b:55:36:4d:db:66:c2:01:2c:53:e1:2a:
                    c5:a3:a5:b5:9d:c0:b1:81:f9:de:c1:93:65:82:ba:
                    f6:92:23:f6:3c:1a:21:42:94:c9:73:54:b0:3e:49:
                    fb:f1:80:4a:da:ae:55:cb:3b:62:50:26:ca:4e:94:
                    97:6c:8a:8b:30:a2:e9:0b:e8:cd:90:6e:f1:75:bd:
                    87:79:29:90:25:1d:5b:43:89:69:3d:b7:75:ab:2a:
                    fe:a6:1a:41:83:e1:26:d0:4c:bc:06:94:0d:97:59:
                    31:f4:69:89:c4:43:d2:7b:4e:7c:64:6b:5a:e2:f4:
                    e1:f8:4f:cd:34:55:d9:e1:06:86:7b:86:a8:eb:d7:
                    82:d3:7e:fe:a9:db:44:60:8c:de:24:b2:1c:b8:1d:
                    03:cd:be:60:35:56:cb:50:d6:a5:20:12:b3:b0:07:
                    b9:8f:6d:45:a9:5f:bd:48:35:1b:2e:f8:ec:be:e3:
                    1c:55:93:59:9c:5e:02:3c:88:ad:8d:23:43:63:ed:
                    5e:20:6a:66:da:a7:27:b2:68:50:cb:08:94:0b:32:
                    07:79:67:fb:c2:f1:71:56:41:0e:34:a0:53:eb:6d:
                    3c:92:f0:06:cc:eb:68:41:45:c0:be:2b:cd:51:2a:
                    b6:d1:ca:a8:2d:b0:c5:d6:89:35:60:d1:9a:74:b2:
                    67:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:84:AE:E9:E0:A0:FF:C6:BE:A3:B2:AF:7D:EF:21:C1:7E:A4:30:36
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/3oSu6eCg_8a-o7Kvfe8hwX6kMDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:34:86:4c:74:d6:dd:76:de:62:76:09:09:d3:ac:77:16:0f:
         6a:e1:3c:f8:eb:1d:63:e0:d9:e4:61:e3:99:91:95:0f:ae:10:
         53:aa:7d:fc:bf:78:ff:ac:1b:f2:8f:a1:86:53:ad:21:24:04:
         dd:a1:e2:1a:cd:25:b3:a8:38:34:e0:23:a8:25:cc:6f:5c:5b:
         3c:a9:7d:2d:7c:47:cb:9d:dc:57:1f:f5:21:d7:6c:0d:c4:18:
         41:bc:66:d0:b9:bd:44:ee:7b:dc:51:d6:5b:d7:56:59:b0:b6:
         8f:f3:9b:40:fc:c4:4d:70:c6:8f:fc:86:7c:b0:f7:ec:b4:c8:
         93:1b:e6:80:08:1a:71:05:9f:fa:1f:7f:56:30:d1:a1:34:df:
         61:a2:fe:26:40:d3:d4:6e:03:fd:bc:1c:d5:1b:b6:77:24:25:
         d2:1a:60:a7:89:8d:3c:7a:c9:b1:ff:e1:d4:42:4e:be:2a:1f:
         4f:4a:b3:32:68:6c:c3:f4:f4:0d:30:5f:2a:7b:b7:37:10:cd:
         f8:60:d4:4c:f2:41:b6:45:ce:de:93:0e:b3:ca:73:2e:7e:ab:
         a7:4d:22:92:ae:14:5e:10:eb:ec:7b:0b:88:e3:f4:16:9b:2b:
         f8:eb:17:86:45:bb:f3:6d:7c:98:8f:a0:70:a1:49:1e:cf:41:
         d1:75:0f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa6aCiCCRSCrnUGKNdK8h1JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNTEwMTMzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTg0YWVlOWUwYTBmZmM2YmVhM2IyYWY3ZGVmMjFjMTdlYTQzMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSdbVTZN22bCASxT4SrFo6W1ncCx
gfnewZNlgrr2kiP2PBohQpTJc1SwPkn78YBK2q5VyztiUCbKTpSXbIqLMKLpC+jN
kG7xdb2HeSmQJR1bQ4lpPbd1qyr+phpBg+Em0Ey8BpQNl1kx9GmJxEPSe058ZGta
4vTh+E/NNFXZ4QaGe4ao69eC037+qdtEYIzeJLIcuB0Dzb5gNVbLUNalIBKzsAe5
j21FqV+9SDUbLvjsvuMcVZNZnF4CPIitjSNDY+1eIGpm2qcnsmhQywiUCzIHeWf7
wvFxVkEONKBT6208kvAGzOtoQUXAvivNUSq20cqoLbDF1ok1YNGadLJnGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6ErungoP/GvqOyr33vIcF+pDA2MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvM29TdTZlQ2dfOGEtbzdLdmZlOGh3WDZrTURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo6MA0G
CSqGSIb3DQEBCwUAA4IBAQCuNIZMdNbddt5idgkJ06x3Fg9q4Tz46x1j4NnkYeOZ
kZUPrhBTqn38v3j/rBvyj6GGU60hJATdoeIazSWzqDg04COoJcxvXFs8qX0tfEfL
ndxXH/Uh12wNxBhBvGbQub1E7nvcUdZb11ZZsLaP85tA/MRNcMaP/IZ8sPfstMiT
G+aACBpxBZ/6H39WMNGhNN9hov4mQNPUbgP9vBzVG7Z3JCXSGmCniY08esmx/+HU
Qk6+Kh9PSrMyaGzD9PQNMF8qe7c3EM34YNRM8kG2Rc7ekw6zynMufqunTSKSrhRe
EOvsewuI4/QWmyv46xeGRbvzbXyYj6BwoUkez0HRdQ+w
-----END CERTIFICATE-----