Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/z8P1aSUD-8CCy_x39bwJInblB3I.roa
File:                     z8P1aSUD-8CCy_x39bwJInblB3I.roa (raw, json)
Hash identifier:          T6VzwEPPqMA6A+XZvWuNF1jq9plop17DK01t3MpdIRU=
Subject key identifier:   CF:C3:F5:69:25:03:FB:C0:82:CB:FC:77:F5:BC:09:22:76:E5:07:72
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       01993D1C66A7F921C2A3E0181C0AECB4194B
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/z8P1aSUD-8CCy_x39bwJInblB3I.roa
Signing time:             Fri 12 Sep 2025 08:48:15 +0000
ROA not before:           Fri 12 Sep 2025 08:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 08:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:1c:66:a7:f9:21:c2:a3:e0:18:1c:0a:ec:b4:19:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Sep 12 08:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfc3f5692503fbc082cbfc77f5bc092276e50772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5b:b1:2a:09:ac:d7:94:77:c9:1c:c5:00:94:
                    74:5c:38:53:ee:2f:70:a8:4c:63:c4:82:56:18:01:
                    cc:a1:27:23:23:23:a1:85:6d:af:f8:af:f9:70:6e:
                    c4:ab:68:73:49:35:c5:be:0a:1a:68:0e:62:d2:1a:
                    33:72:97:0a:8e:b1:39:6d:9d:04:ab:b6:89:59:0c:
                    8a:45:b2:86:4f:4c:18:21:10:ed:ad:48:0f:29:dc:
                    a9:20:ce:64:15:68:a0:42:66:e4:87:93:d9:45:80:
                    a2:58:50:12:57:45:b5:b0:41:5d:ab:b9:55:66:b2:
                    2c:a7:78:84:06:d7:9d:4c:02:d9:c6:8f:31:25:49:
                    e4:b0:78:3e:c3:82:2b:45:0a:c5:e6:54:c7:42:35:
                    2c:bc:63:ee:ac:4d:94:b4:e5:9b:1c:fd:1b:b6:5b:
                    fe:f0:44:80:c4:17:87:85:c2:3e:89:69:da:cb:91:
                    aa:6b:c4:df:a9:e3:7d:d2:8d:41:10:20:17:d0:31:
                    02:34:95:15:83:42:c1:67:37:f9:a7:cb:d4:b3:b0:
                    93:c6:bd:b7:86:52:2b:96:e6:12:62:44:89:4d:6e:
                    79:b2:04:b7:9d:15:b3:c5:ca:7b:e0:25:cf:f5:88:
                    c9:df:cb:0a:e7:c3:e3:f4:ab:d9:64:5a:3b:e0:fc:
                    97:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C3:F5:69:25:03:FB:C0:82:CB:FC:77:F5:BC:09:22:76:E5:07:72
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/z8P1aSUD-8CCy_x39bwJInblB3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:a3:32:5e:b2:45:3b:a1:98:6e:ea:7a:bb:8d:04:97:99:fe:
         a8:b2:f9:5f:a0:a7:b8:07:90:f5:06:34:ce:85:b4:0f:c7:25:
         8c:54:e3:f1:60:d4:4f:0e:9a:3d:57:7a:c4:4b:73:e1:83:3e:
         ad:5e:b4:96:65:1b:18:72:0d:70:75:fc:0f:8e:b0:37:ba:e1:
         36:80:de:93:31:7e:43:4b:98:66:b1:4e:f9:c6:36:b1:8d:8c:
         84:7e:89:eb:44:1a:7f:c7:79:f6:4d:b9:fa:6b:12:b1:01:e4:
         a1:42:32:0c:34:4a:41:45:6e:ce:0b:14:64:d4:04:8b:45:04:
         2e:bb:d5:ed:e1:29:ad:2c:18:36:a5:fd:8e:c8:14:85:fd:90:
         b5:09:4d:67:d9:29:1e:89:3d:80:85:b7:97:68:16:f2:67:dc:
         c6:83:48:1e:12:75:f6:e5:80:32:77:e4:71:98:60:d4:e9:51:
         65:3c:fb:56:95:84:54:ab:a3:ef:32:b7:47:df:df:42:97:e8:
         c8:46:5a:80:11:cb:74:92:bd:22:57:4a:72:f8:92:7b:7a:17:
         a4:64:e5:5d:40:22:5c:e2:f2:c2:95:c9:77:aa:35:14:5e:ee:
         d0:fa:b0:7d:a5:68:a2:2e:b5:8e:53:e6:38:3f:10:17:e2:5d:
         09:f7:d8:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk9HGan+SHCo+AYHArstBlLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwOTEyMDg0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmMzZjU2OTI1MDNmYmMwODJjYmZjNzdmNWJjMDkyMjc2ZTUwNzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1uxKgms15R3yRzFAJR0XDhT7i9w
qExjxIJWGAHMoScjIyOhhW2v+K/5cG7Eq2hzSTXFvgoaaA5i0hozcpcKjrE5bZ0E
q7aJWQyKRbKGT0wYIRDtrUgPKdypIM5kFWigQmbkh5PZRYCiWFASV0W1sEFdq7lV
ZrIsp3iEBtedTALZxo8xJUnksHg+w4IrRQrF5lTHQjUsvGPurE2UtOWbHP0btlv+
8ESAxBeHhcI+iWnay5Gqa8TfqeN90o1BECAX0DECNJUVg0LBZzf5p8vUs7CTxr23
hlIrluYSYkSJTW55sgS3nRWzxcp74CXP9YjJ38sK58Pj9KvZZFo74PyXtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/D9WklA/vAgsv8d/W8CSJ25QdyMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvejhQMWFTVUQtOENDeV94Mzlid0pJbmJsQjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo9MA0G
CSqGSIb3DQEBCwUAA4IBAQA7ozJeskU7oZhu6nq7jQSXmf6osvlfoKe4B5D1BjTO
hbQPxyWMVOPxYNRPDpo9V3rES3Phgz6tXrSWZRsYcg1wdfwPjrA3uuE2gN6TMX5D
S5hmsU75xjaxjYyEfonrRBp/x3n2Tbn6axKxAeShQjIMNEpBRW7OCxRk1ASLRQQu
u9Xt4SmtLBg2pf2OyBSF/ZC1CU1n2SkeiT2AhbeXaBbyZ9zGg0geEnX25YAyd+Rx
mGDU6VFlPPtWlYRUq6PvMrdH399Cl+jIRlqAEct0kr0iV0py+JJ7ehekZOVdQCJc
4vLClcl3qjUUXu7Q+rB9pWiiLrWOU+Y4PxAX4l0J99gM
-----END CERTIFICATE-----