Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/ALc01kVyhc1UkHuiUhk_LjqWlbg.roa
File:                     ALc01kVyhc1UkHuiUhk_LjqWlbg.roa (raw, json)
Hash identifier:          9fbpUHN18yGt5ShjC5SeiWKJWScB0f/zJx4TfIiScOY=
Subject key identifier:   00:B7:34:D6:45:72:85:CD:54:90:7B:A2:52:19:3F:2E:3A:96:95:B8
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019768FDCE0F0E6905A5B4FF5C8A0302F47E
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/ALc01kVyhc1UkHuiUhk_LjqWlbg.roa
Signing time:             Fri 13 Jun 2025 11:12:33 +0000
ROA not before:           Fri 13 Jun 2025 11:12:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34661
IP address blocks:        109.122.0.0/20 maxlen: 20
                          109.122.16.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:68:fd:ce:0f:0e:69:05:a5:b4:ff:5c:8a:03:02:f4:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jun 13 11:12:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00b734d6457285cd54907ba252193f2e3a9695b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:1b:19:3e:a9:d9:7f:a0:46:99:7c:5e:dd:bf:
                    91:9e:e9:a8:90:0b:de:1c:74:d1:07:a3:84:31:4d:
                    48:1e:e4:76:d8:f9:ee:57:97:15:2e:3e:d4:c3:25:
                    53:6b:18:4a:51:9c:76:4f:1d:f0:91:97:ed:2f:78:
                    df:bf:b3:4f:e7:b5:6b:d8:dc:76:0a:c5:41:bf:71:
                    af:e9:97:d5:ef:67:5d:f2:9d:fa:06:35:30:12:46:
                    fe:6b:b0:7b:b3:bb:99:46:34:fe:31:f8:24:5a:1d:
                    7f:05:dd:66:a7:1a:c4:bd:dd:9d:e2:22:6d:8b:2d:
                    b1:d2:eb:5f:63:5b:fc:c3:7d:fe:b4:d6:04:62:d5:
                    ed:e7:94:e6:88:d3:e4:a9:6b:a6:b5:ce:e5:60:a5:
                    e2:48:6c:19:af:07:0f:fe:85:dc:92:ac:b2:ee:12:
                    c4:02:4c:60:fc:02:a4:c7:1b:90:fe:f2:87:73:d2:
                    4f:0c:c4:24:0f:b4:f1:a5:f2:21:9b:97:4d:9b:44:
                    a8:27:59:21:18:d9:7e:ab:89:4d:76:ce:22:10:00:
                    ed:e5:ca:95:96:5f:b2:bd:cb:39:7e:48:35:ae:30:
                    35:5d:93:7f:77:c0:5f:56:be:14:63:4c:1b:8a:ef:
                    82:81:14:27:83:b9:04:4b:61:32:36:a7:ab:4e:35:
                    10:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B7:34:D6:45:72:85:CD:54:90:7B:A2:52:19:3F:2E:3A:96:95:B8
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/ALc01kVyhc1UkHuiUhk_LjqWlbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         55:46:ba:75:2f:c6:4f:fe:ba:fd:1c:5e:14:dc:07:d7:2e:54:
         99:86:d9:3e:9a:24:9b:a3:49:ca:6b:7f:33:12:62:97:87:8a:
         d9:94:53:6e:86:d8:be:52:b0:82:9e:de:da:1c:bd:60:d8:97:
         ac:83:f0:12:16:01:4a:21:cc:9b:53:41:71:d6:89:51:44:48:
         94:53:c1:40:ec:a5:fc:64:0c:44:80:e1:3b:b9:53:b3:32:e2:
         e4:5a:c5:4d:87:9c:50:fb:fa:db:e8:a4:40:5f:d4:00:c9:73:
         ff:5b:55:8b:ca:08:d2:b2:7e:6b:94:cb:f0:22:d7:cf:15:02:
         f0:0e:33:24:b9:d8:e6:96:be:f2:e3:76:6d:ff:37:3a:fa:83:
         5f:77:ec:1e:39:17:6a:e0:39:5e:78:a4:5e:9b:12:5e:cc:40:
         44:a4:e6:c0:5c:94:54:5a:75:5c:5a:84:18:19:30:94:6c:28:
         26:cf:73:54:12:45:5b:ae:c3:f3:0d:c5:b2:d1:07:a1:42:2c:
         02:c3:8c:6d:da:67:01:f4:8a:32:b2:4d:5e:b2:bb:e5:4b:e7:
         47:45:8d:fe:76:94:ba:44:90:a7:a2:3f:3e:6e:c9:f1:42:c0:
         fa:6b:55:80:e2:94:fc:ae:0c:32:dd:aa:39:ee:19:e5:91:0c:
         92:63:9d:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdo/c4PDmkFpbT/XIoDAvR+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNjEzMTExMjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGI3MzRkNjQ1NzI4NWNkNTQ5MDdiYTI1MjE5M2YyZTNhOTY5NWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4RsZPqnZf6BGmXxe3b+RnumokAve
HHTRB6OEMU1IHuR22PnuV5cVLj7UwyVTaxhKUZx2Tx3wkZftL3jfv7NP57Vr2Nx2
CsVBv3Gv6ZfV72dd8p36BjUwEkb+a7B7s7uZRjT+MfgkWh1/Bd1mpxrEvd2d4iJt
iy2x0utfY1v8w33+tNYEYtXt55TmiNPkqWumtc7lYKXiSGwZrwcP/oXckqyy7hLE
Akxg/AKkxxuQ/vKHc9JPDMQkD7TxpfIhm5dNm0SoJ1khGNl+q4lNds4iEADt5cqV
ll+yvcs5fkg1rjA1XZN/d8BfVr4UY0wbiu+CgRQng7kES2EyNqerTjUQowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAC3NNZFcoXNVJB7olIZPy46lpW4MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvQUxjMDFrVnloYzFVa0h1aVVoa19ManFXbGJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFbXoAMA0G
CSqGSIb3DQEBCwUAA4IBAQBVRrp1L8ZP/rr9HF4U3AfXLlSZhtk+miSbo0nKa38z
EmKXh4rZlFNuhti+UrCCnt7aHL1g2Jesg/ASFgFKIcybU0Fx1olRREiUU8FA7KX8
ZAxEgOE7uVOzMuLkWsVNh5xQ+/rb6KRAX9QAyXP/W1WLygjSsn5rlMvwItfPFQLw
DjMkudjmlr7y43Zt/zc6+oNfd+weORdq4DleeKRemxJezEBEpObAXJRUWnVcWoQY
GTCUbCgmz3NUEkVbrsPzDcWy0QehQiwCw4xt2mcB9Ioysk1esrvlS+dHRY3+dpS6
RJCnoj8+bsnxQsD6a1WA4pT8rgwy3ao57hnlkQySY51M
-----END CERTIFICATE-----