Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/4DkoIbhRs7RG_RskDtCAPh40HCo.roa
File:                     4DkoIbhRs7RG_RskDtCAPh40HCo.roa (raw, json)
Hash identifier:          z4aVVawhmrJyh75Zpc2/LXH4fln4YqcLnq1NTg95G6I=
Subject key identifier:   E0:39:28:21:B8:51:B3:B4:46:FD:1B:24:0E:D0:80:3E:1E:34:1C:2A
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01985260B15711FFD1D65119030F5578BD62
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/4DkoIbhRs7RG_RskDtCAPh40HCo.roa
Signing time:             Mon 28 Jul 2025 18:52:05 +0000
ROA not before:           Mon 28 Jul 2025 18:52:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208328
IP address blocks:        109.122.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:52:60:b1:57:11:ff:d1:d6:51:19:03:0f:55:78:bd:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 28 18:52:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0392821b851b3b446fd1b240ed0803e1e341c2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:de:7a:86:16:ee:2f:5e:1c:16:1e:42:f3:08:
                    c6:d5:ea:2c:e5:6f:6d:f2:fa:ea:4c:0a:ee:b4:97:
                    79:1d:03:e2:bf:53:b5:b2:38:19:6f:90:f7:a7:7e:
                    8b:95:a5:d4:79:54:a3:ac:78:5b:a7:73:7f:53:75:
                    77:3d:78:88:83:62:a0:10:88:44:92:e8:6a:ae:2b:
                    72:10:9e:a0:a3:8e:ff:0e:f8:33:93:c1:e6:ce:4a:
                    78:c6:0c:4b:24:e0:54:15:eb:66:a3:9d:f7:6a:ae:
                    7c:39:a4:8b:ee:f4:ec:ab:51:c8:94:06:87:e6:39:
                    12:b4:a5:cb:e6:f2:12:53:42:f7:c1:16:e0:b8:25:
                    1c:46:1c:3e:cf:f1:0b:f3:c9:70:32:25:d2:c8:1c:
                    17:4f:d4:5e:7c:34:c7:1f:2a:d7:d4:16:ca:91:2a:
                    b6:09:18:b4:51:f8:27:cd:c4:aa:4e:d2:dd:81:de:
                    c2:6c:29:7d:31:25:af:81:0e:e3:73:fe:3f:a6:2e:
                    ac:3a:51:63:ca:a0:35:5e:06:de:7e:84:db:d2:7e:
                    77:26:92:ca:8b:bf:bf:27:87:1a:1e:99:6b:b4:cb:
                    1e:6e:75:fc:74:26:ee:5a:5c:ff:86:aa:48:d6:4d:
                    6b:85:a6:b4:44:b0:e0:21:79:f6:95:92:b8:8c:a0:
                    23:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:39:28:21:B8:51:B3:B4:46:FD:1B:24:0E:D0:80:3E:1E:34:1C:2A
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/4DkoIbhRs7RG_RskDtCAPh40HCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:22:29:15:ff:04:4d:a1:f2:cc:89:40:8d:97:e4:a8:59:c9:
         db:a5:a4:02:af:d9:17:df:88:11:b7:30:83:30:50:7f:8e:51:
         11:01:19:1c:e8:30:ce:4e:62:99:aa:39:e4:41:a0:92:9d:39:
         cb:a7:9d:32:0f:d0:75:4e:cb:3e:95:b6:ae:dd:93:20:3e:af:
         e9:c9:d6:56:43:39:16:f3:6c:02:c5:ca:eb:87:9b:d0:ea:be:
         80:e8:54:c3:a5:47:2f:47:1f:8a:6c:70:21:d9:cc:08:2e:4a:
         29:ef:4a:dd:9d:d8:a5:a6:71:86:c9:93:1f:ad:3f:df:48:d8:
         e0:1c:b2:73:1a:ec:07:ed:c9:0e:0a:41:d0:ea:67:f8:ec:80:
         47:03:b9:d1:90:7a:b4:65:fb:65:8c:b6:66:ed:a9:be:ff:3c:
         e6:4c:90:d7:11:58:1a:57:62:91:91:e2:31:97:4e:5c:2a:4a:
         94:9b:d5:45:07:42:2b:2d:23:cb:d5:d1:76:8d:c3:a5:db:28:
         d3:20:d0:78:68:40:eb:1c:8a:f0:de:98:97:81:88:65:1b:3d:
         6c:ab:87:24:cb:ff:ca:56:50:40:1e:ba:a5:e8:da:b1:5c:7c:
         ea:e8:31:d8:3e:61:f3:15:08:71:aa:95:51:cc:c8:78:c0:96:
         3b:77:a1:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhSYLFXEf/R1lEZAw9VeL1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzI4MTg1MjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDM5MjgyMWI4NTFiM2I0NDZmZDFiMjQwZWQwODAzZTFlMzQxYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAud56hhbuL14cFh5C8wjG1eos5W9t
8vrqTArutJd5HQPiv1O1sjgZb5D3p36LlaXUeVSjrHhbp3N/U3V3PXiIg2KgEIhE
kuhqrityEJ6go47/Dvgzk8Hmzkp4xgxLJOBUFetmo533aq58OaSL7vTsq1HIlAaH
5jkStKXL5vISU0L3wRbguCUcRhw+z/EL88lwMiXSyBwXT9RefDTHHyrX1BbKkSq2
CRi0UfgnzcSqTtLdgd7CbCl9MSWvgQ7jc/4/pi6sOlFjyqA1XgbefoTb0n53JpLK
i7+/J4caHplrtMsebnX8dCbuWlz/hqpI1k1rhaa0RLDgIXn2lZK4jKAjTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOA5KCG4UbO0Rv0bJA7QgD4eNBwqMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvNERrb0liaFJzN1JHX1Jza0R0Q0FQaDQwSENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoLMA0G
CSqGSIb3DQEBCwUAA4IBAQBEIikV/wRNofLMiUCNl+SoWcnbpaQCr9kX34gRtzCD
MFB/jlERARkc6DDOTmKZqjnkQaCSnTnLp50yD9B1Tss+lbau3ZMgPq/pydZWQzkW
82wCxcrrh5vQ6r6A6FTDpUcvRx+KbHAh2cwILkop70rdndilpnGGyZMfrT/fSNjg
HLJzGuwH7ckOCkHQ6mf47IBHA7nRkHq0ZftljLZm7am+/zzmTJDXEVgaV2KRkeIx
l05cKkqUm9VFB0IrLSPL1dF2jcOl2yjTINB4aEDrHIrw3piXgYhlGz1sq4cky//K
VlBAHrql6NqxXHzq6DHYPmHzFQhxqpVRzMh4wJY7d6GP
-----END CERTIFICATE-----