Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/68M2owrwonGUKTmptsMxSICxvzc.roa
File:                     68M2owrwonGUKTmptsMxSICxvzc.roa (raw, json)
Hash identifier:          Oa0fedQajgDxkwDeccQyxl6+5J3W6s2tK5cH8eMToVk=
Subject key identifier:   EB:C3:36:A3:0A:F0:A2:71:94:29:39:A9:B6:C3:31:48:80:B1:BF:37
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0196C498804359A38F8587C06456D3E4B00E
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/68M2owrwonGUKTmptsMxSICxvzc.roa
Signing time:             Mon 12 May 2025 13:04:10 +0000
ROA not before:           Mon 12 May 2025 13:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214140
IP address blocks:        109.122.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c4:98:80:43:59:a3:8f:85:87:c0:64:56:d3:e4:b0:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: May 12 13:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebc336a30af0a271942939a9b6c3314880b1bf37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8d:6d:0f:0f:dc:c1:f5:6b:19:e8:c1:20:3a:
                    6c:00:75:62:e3:56:c0:2e:e8:b6:cb:a7:21:1a:ed:
                    82:8d:34:e2:d6:91:4c:7e:7b:f4:69:59:75:50:fb:
                    a6:0f:69:72:ca:78:35:f8:25:30:4c:fe:d9:28:fe:
                    ce:2f:f5:86:64:5a:2a:92:ab:e6:cb:be:99:ee:87:
                    0e:af:d2:6f:af:cb:43:78:29:2c:39:97:93:f3:2c:
                    6e:e5:dc:de:83:1b:68:53:ec:ca:4b:54:3a:1c:43:
                    94:ea:79:3d:0f:9c:f8:db:6b:42:30:67:21:a1:2a:
                    08:f2:ef:36:96:f7:61:f7:17:7c:2e:43:57:c7:b1:
                    4d:a4:1a:bc:66:4a:84:e7:32:e9:95:3a:c5:f2:0c:
                    5f:cb:3b:3a:ab:dd:4c:96:60:30:2d:95:dc:3a:43:
                    63:5e:62:fa:0a:95:0f:9f:ef:7a:9d:af:b7:ca:d4:
                    78:db:60:e9:26:f7:43:d5:8d:13:bb:90:9b:d5:ec:
                    8a:9a:18:a4:78:5b:e2:d2:4b:35:01:86:a4:b7:8d:
                    02:32:04:4d:1f:6f:bd:88:81:95:23:d9:86:43:29:
                    39:4b:5d:da:54:c6:12:e4:68:5a:2f:31:00:73:d7:
                    21:8e:66:11:44:86:cf:4d:77:d8:54:94:df:3d:b2:
                    6e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C3:36:A3:0A:F0:A2:71:94:29:39:A9:B6:C3:31:48:80:B1:BF:37
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/68M2owrwonGUKTmptsMxSICxvzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:d5:b3:ef:e3:6e:a3:1c:4b:a5:a6:02:40:bb:16:3a:57:e7:
         e6:fd:f9:6f:d4:9f:57:f1:e3:f8:79:4c:63:fd:f9:27:67:bd:
         c2:cc:0a:1a:b4:1b:c8:4b:af:7e:cf:c5:4d:06:16:8c:e7:0f:
         f2:61:5e:96:35:ad:db:6d:11:e8:bc:e3:cc:ee:c1:57:1c:04:
         79:f2:c0:35:fb:16:03:51:5a:a9:4d:32:e2:76:4b:23:c5:ca:
         b3:52:95:4b:f1:94:1e:5d:56:7e:94:e3:d4:05:6f:9f:39:32:
         73:69:34:fb:94:5c:9c:18:59:1e:59:65:7f:2f:e4:86:04:c3:
         fc:9d:bb:ca:e3:24:ef:2b:2d:da:db:03:52:90:d9:68:12:6b:
         e4:fb:93:58:ea:35:55:f7:b4:a6:f1:cd:a7:be:09:80:23:98:
         28:a8:01:a6:e2:56:53:50:80:b7:b6:ea:9a:10:b7:46:ff:20:
         c6:42:02:23:5a:cd:e3:2d:b8:a4:af:36:56:c0:7c:14:af:3b:
         eb:c3:06:94:42:6d:d2:70:c1:11:34:3b:73:5e:fb:ad:f1:ed:
         31:83:52:b6:f1:62:66:43:10:49:44:7f:02:f1:06:36:a4:8e:
         a2:3c:80:03:37:ca:6f:06:f1:09:a0:85:78:22:33:04:d2:11:
         a2:af:33:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbEmIBDWaOPhYfAZFbT5LAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNTEyMTMwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmMzMzZhMzBhZjBhMjcxOTQyOTM5YTliNmMzMzE0ODgwYjFiZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo1tDw/cwfVrGejBIDpsAHVi41bA
Lui2y6chGu2CjTTi1pFMfnv0aVl1UPumD2lyyng1+CUwTP7ZKP7OL/WGZFoqkqvm
y76Z7ocOr9Jvr8tDeCksOZeT8yxu5dzegxtoU+zKS1Q6HEOU6nk9D5z422tCMGch
oSoI8u82lvdh9xd8LkNXx7FNpBq8ZkqE5zLplTrF8gxfyzs6q91MlmAwLZXcOkNj
XmL6CpUPn+96na+3ytR422DpJvdD1Y0Tu5Cb1eyKmhikeFvi0ks1AYakt40CMgRN
H2+9iIGVI9mGQyk5S13aVMYS5GhaLzEAc9chjmYRRIbPTXfYVJTfPbJuPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvDNqMK8KJxlCk5qbbDMUiAsb83MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvNjhNMm93cndvbkdVS1RtcHRzTXhTSUN4dnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo/MA0G
CSqGSIb3DQEBCwUAA4IBAQDD1bPv426jHEulpgJAuxY6V+fm/flv1J9X8eP4eUxj
/fknZ73CzAoatBvIS69+z8VNBhaM5w/yYV6WNa3bbRHovOPM7sFXHAR58sA1+xYD
UVqpTTLidksjxcqzUpVL8ZQeXVZ+lOPUBW+fOTJzaTT7lFycGFkeWWV/L+SGBMP8
nbvK4yTvKy3a2wNSkNloEmvk+5NY6jVV97Sm8c2nvgmAI5goqAGm4lZTUIC3tuqa
ELdG/yDGQgIjWs3jLbikrzZWwHwUrzvrwwaUQm3ScMERNDtzXvut8e0xg1K28WJm
QxBJRH8C8QY2pI6iPIADN8pvBvEJoIV4IjME0hGirzNK
-----END CERTIFICATE-----