Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/54rdq1RzB_GEfYfnhrY8auLzI-8.roa
File:                     54rdq1RzB_GEfYfnhrY8auLzI-8.roa (raw, json)
Hash identifier:          A5ig+GhFLhDvR/IVx14Ak59xO+tpID+lMnxki02sJ7c=
Subject key identifier:   E7:8A:DD:AB:54:73:07:F1:84:7D:87:E7:86:B6:3C:6A:E2:F3:23:EF
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01984FA9CD9E3AF6582DBC4B2868646899EB
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/54rdq1RzB_GEfYfnhrY8auLzI-8.roa
Signing time:             Mon 28 Jul 2025 06:13:04 +0000
ROA not before:           Mon 28 Jul 2025 06:13:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        109.122.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4f:a9:cd:9e:3a:f6:58:2d:bc:4b:28:68:64:68:99:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 28 06:13:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e78addab547307f1847d87e786b63c6ae2f323ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d0:c6:d3:5b:f3:bc:cf:bf:0c:eb:06:a2:ee:
                    f7:84:62:3b:7e:34:1f:3c:26:fd:9f:28:9c:30:48:
                    71:82:da:1e:46:d6:cb:23:3a:f7:68:0b:60:e0:35:
                    38:38:ca:3c:3c:b0:78:44:af:16:b0:4e:a8:d7:eb:
                    49:eb:14:18:63:1b:b6:c2:d0:e5:e0:98:ee:0f:47:
                    95:50:83:d4:bf:cf:78:c8:87:82:ac:5a:39:b8:18:
                    fb:77:20:97:b0:3a:7d:f7:5d:52:ba:17:e6:a1:e6:
                    9e:31:4e:11:ab:6e:d4:fa:be:c6:c0:92:17:82:02:
                    97:ee:a4:bd:bc:e8:c7:19:88:74:cb:27:bb:48:8b:
                    c9:63:42:f0:1b:8e:ce:66:0e:f3:5b:09:c7:f2:4a:
                    0c:1d:6c:ef:61:38:89:6e:4d:0a:be:32:8f:90:f7:
                    ed:1d:04:6a:05:32:cb:2d:d1:5e:59:f2:ee:7d:ae:
                    3f:71:de:02:ac:72:e7:c3:49:b0:a9:2d:1a:98:cf:
                    75:66:f5:b5:fd:2c:35:09:03:0f:31:6c:1b:7e:52:
                    7f:53:c9:1c:24:be:0c:22:6f:30:4f:df:5d:fd:f0:
                    6b:f1:c4:0e:03:8c:3c:4c:8a:f1:f9:39:4d:e4:ae:
                    1a:66:b9:32:7a:50:cb:3e:52:7b:43:83:3b:ea:14:
                    85:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:8A:DD:AB:54:73:07:F1:84:7D:87:E7:86:B6:3C:6A:E2:F3:23:EF
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/54rdq1RzB_GEfYfnhrY8auLzI-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:65:bc:df:6e:37:4d:b7:75:ff:68:6b:89:e0:50:57:3e:b3:
         55:cc:ab:c3:19:ab:f7:b0:49:fe:54:20:0d:1e:12:33:80:a1:
         f3:3e:4c:8e:43:24:16:73:16:4d:70:ce:90:f3:ef:b6:2d:5b:
         dd:81:6a:e4:ff:bd:43:98:38:dd:83:82:bb:54:41:14:25:a8:
         04:29:a6:cb:8d:6f:16:ef:42:a2:e4:ed:d5:cc:9a:e6:81:e4:
         66:7f:fe:c6:5e:f8:f2:13:97:ae:39:1c:75:cd:2f:0d:fc:00:
         de:0c:6e:3b:19:a0:e2:60:52:ca:b8:24:cb:b2:8a:49:8c:32:
         ca:09:86:34:28:db:9a:35:3c:4c:c6:02:3d:86:b2:c2:48:60:
         47:53:9e:a2:b7:fc:fe:2f:8e:48:b3:d2:9c:fa:46:1d:66:6a:
         7b:2c:6b:53:05:27:b3:5c:59:df:37:98:ab:7e:8f:27:4a:2d:
         17:f1:9f:d8:19:89:bf:82:04:cd:95:85:73:ee:58:ff:ee:1b:
         9e:fb:cf:b5:0b:02:00:59:92:ba:8e:29:3a:c3:24:f8:b9:fc:
         dd:71:ba:64:d1:ad:d6:e4:3a:ae:81:2b:e2:36:0d:01:c4:af:
         1b:2b:2a:d2:db:c2:2f:ca:37:ca:73:f0:de:3c:a6:b6:be:7d:
         c9:08:d6:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhPqc2eOvZYLbxLKGhkaJnrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzI4MDYxMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzhhZGRhYjU0NzMwN2YxODQ3ZDg3ZTc4NmI2M2M2YWUyZjMyM2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtDG01vzvM+/DOsGou73hGI7fjQf
PCb9nyicMEhxgtoeRtbLIzr3aAtg4DU4OMo8PLB4RK8WsE6o1+tJ6xQYYxu2wtDl
4JjuD0eVUIPUv894yIeCrFo5uBj7dyCXsDp9911SuhfmoeaeMU4Rq27U+r7GwJIX
ggKX7qS9vOjHGYh0yye7SIvJY0LwG47OZg7zWwnH8koMHWzvYTiJbk0KvjKPkPft
HQRqBTLLLdFeWfLufa4/cd4CrHLnw0mwqS0amM91ZvW1/Sw1CQMPMWwbflJ/U8kc
JL4MIm8wT99d/fBr8cQOA4w8TIrx+TlN5K4aZrkyelDLPlJ7Q4M76hSFywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOeK3atUcwfxhH2H54a2PGri8yPvMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvNTRyZHExUnpCX0dFZllmbmhyWThhdUx6SS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoNMA0G
CSqGSIb3DQEBCwUAA4IBAQApZbzfbjdNt3X/aGuJ4FBXPrNVzKvDGav3sEn+VCAN
HhIzgKHzPkyOQyQWcxZNcM6Q8++2LVvdgWrk/71DmDjdg4K7VEEUJagEKabLjW8W
70Ki5O3VzJrmgeRmf/7GXvjyE5euORx1zS8N/ADeDG47GaDiYFLKuCTLsopJjDLK
CYY0KNuaNTxMxgI9hrLCSGBHU56it/z+L45Is9Kc+kYdZmp7LGtTBSezXFnfN5ir
fo8nSi0X8Z/YGYm/ggTNlYVz7lj/7hue+8+1CwIAWZK6jik6wyT4ufzdcbpk0a3W
5DqugSviNg0BxK8bKyrS28IvyjfKc/DePKa2vn3JCNYG
-----END CERTIFICATE-----