Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/0sxJKFusGN5dgL-oP_ENOCrKlWA.roa
File:                     0sxJKFusGN5dgL-oP_ENOCrKlWA.roa (raw, json)
Hash identifier:          WsVzwsSwQ65zgo4JNFkr7QbpSPaAP0HBoR3RpBaz/yI=
Subject key identifier:   D2:CC:49:28:5B:AC:18:DE:5D:80:BF:A8:3F:F1:0D:38:2A:CA:95:60
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019A4A4F9F0BE1DFE85A62B52173FBBB78C9
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/0sxJKFusGN5dgL-oP_ENOCrKlWA.roa
Signing time:             Mon 03 Nov 2025 15:22:03 +0000
ROA not before:           Mon 03 Nov 2025 15:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:4f:9f:0b:e1:df:e8:5a:62:b5:21:73:fb:bb:78:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Nov  3 15:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2cc49285bac18de5d80bfa83ff10d382aca9560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9e:1d:ac:5e:cc:84:c8:ea:9d:27:f6:04:22:
                    1b:57:ea:97:05:11:04:c5:ad:03:4d:7c:b3:cc:10:
                    c9:4b:6c:6c:b1:a9:d1:ca:26:46:54:52:b6:0a:94:
                    83:3a:52:74:f5:13:2d:08:75:37:88:06:80:d9:fd:
                    70:52:2a:d3:0d:c8:d5:e5:07:dc:e5:de:ea:5d:74:
                    24:04:94:6f:72:f0:2b:13:1f:4c:41:61:04:2b:ae:
                    6a:af:17:1c:c9:97:11:2e:09:43:a0:97:85:cd:ce:
                    15:d6:08:39:e1:73:cb:98:c8:52:f3:54:ad:e1:e2:
                    5a:d0:68:49:42:14:16:3f:c3:f3:7e:5c:b2:98:33:
                    e3:bb:db:2d:d6:c1:9a:32:2f:67:c9:b7:f8:23:2b:
                    5e:3d:4b:b5:2f:bf:f7:ca:16:e5:19:d7:33:27:38:
                    fc:ad:e0:21:0c:29:48:86:bd:d1:dc:30:67:1d:7a:
                    90:23:10:dd:25:13:03:17:39:25:6f:7f:5c:f6:22:
                    52:a0:af:48:a1:96:28:52:dc:9e:a6:3d:c6:d3:c9:
                    f8:5d:17:d8:cc:5e:3c:61:3f:ef:30:35:0a:ec:87:
                    5b:00:17:63:2c:c6:e0:31:cd:71:a7:fb:8b:da:eb:
                    b0:ec:6c:02:4e:94:22:20:f9:fa:29:3a:91:62:40:
                    aa:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:CC:49:28:5B:AC:18:DE:5D:80:BF:A8:3F:F1:0D:38:2A:CA:95:60
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/0sxJKFusGN5dgL-oP_ENOCrKlWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:4a:c8:db:b3:09:88:e2:46:df:d8:a8:4f:ce:71:d3:04:bf:
         dd:1a:b7:10:7a:04:e1:1e:85:b0:d3:be:f0:ca:82:f6:90:d2:
         c2:75:16:d6:33:4a:45:d5:10:38:45:6d:f9:d6:32:6d:82:73:
         1c:21:04:ea:34:0a:2f:93:06:e7:ca:3f:c5:e3:b7:c8:52:00:
         f3:2d:3c:b0:99:89:e7:d5:4e:ff:7b:5d:9d:29:97:b5:f3:27:
         7d:3b:86:81:28:f1:57:66:91:4a:1e:da:43:45:f6:be:20:b2:
         51:ec:76:31:9c:18:5a:5e:ec:5a:22:75:d0:48:a5:c9:69:d7:
         ce:f8:01:29:82:a4:dc:2b:e5:ae:a4:61:5b:53:29:37:24:8d:
         3c:f5:e6:de:0c:24:96:a2:f3:f7:f7:1e:a7:2b:22:28:ad:5e:
         23:60:47:aa:89:f3:b4:92:19:b4:de:70:19:c2:7a:bb:54:4b:
         cf:a3:47:da:96:b9:db:07:17:18:77:2b:1c:09:07:30:93:96:
         fd:12:28:19:c5:32:f5:56:f8:42:7d:de:67:d9:a7:21:c0:51:
         1c:43:30:d7:f4:ec:b6:85:09:dc:02:f3:26:94:64:72:31:d7:
         a9:35:35:8c:da:27:bf:a1:24:1c:10:f7:c8:fa:60:14:b7:5a:
         b3:cb:bd:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpKT58L4d/oWmK1IXP7u3jJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUxMTAzMTUyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmNjNDkyODViYWMxOGRlNWQ4MGJmYTgzZmYxMGQzODJhY2E5NTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ4drF7MhMjqnSf2BCIbV+qXBREE
xa0DTXyzzBDJS2xssanRyiZGVFK2CpSDOlJ09RMtCHU3iAaA2f1wUirTDcjV5Qfc
5d7qXXQkBJRvcvArEx9MQWEEK65qrxccyZcRLglDoJeFzc4V1gg54XPLmMhS81St
4eJa0GhJQhQWP8PzflyymDPju9st1sGaMi9nybf4IytePUu1L7/3yhblGdczJzj8
reAhDClIhr3R3DBnHXqQIxDdJRMDFzklb39c9iJSoK9IoZYoUtyepj3G08n4XRfY
zF48YT/vMDUK7IdbABdjLMbgMc1xp/uL2uuw7GwCTpQiIPn6KTqRYkCqOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLMSShbrBjeXYC/qD/xDTgqypVgMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvMHN4SktGdXNHTjVkZ0wtb1BfRU5PQ3JLbFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXodMA0G
CSqGSIb3DQEBCwUAA4IBAQB6SsjbswmI4kbf2KhPznHTBL/dGrcQegThHoWw077w
yoL2kNLCdRbWM0pF1RA4RW351jJtgnMcIQTqNAovkwbnyj/F47fIUgDzLTywmYnn
1U7/e12dKZe18yd9O4aBKPFXZpFKHtpDRfa+ILJR7HYxnBhaXuxaInXQSKXJadfO
+AEpgqTcK+WupGFbUyk3JI089ebeDCSWovP39x6nKyIorV4jYEeqifO0khm03nAZ
wnq7VEvPo0falrnbBxcYdyscCQcwk5b9EigZxTL1VvhCfd5n2achwFEcQzDX9Oy2
hQncAvMmlGRyMdepNTWM2ie/oSQcEPfI+mAUt1qzy73m
-----END CERTIFICATE-----