Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/CoAMK767WWVQcbHZJgxTqi_DwkU.roa
File:                     CoAMK767WWVQcbHZJgxTqi_DwkU.roa (raw, json)
Hash identifier:          03G79qPRf1at5r20Sd2wR+cZRTeRJ0oZJvbwSSsO4wE=
Subject key identifier:   0A:80:0C:2B:BE:BB:59:65:50:71:B1:D9:26:0C:53:AA:2F:C3:C2:45
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019A08675DA7A8D1A986ED105F75940A948B
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/CoAMK767WWVQcbHZJgxTqi_DwkU.roa
Signing time:             Tue 21 Oct 2025 20:13:03 +0000
ROA not before:           Tue 21 Oct 2025 20:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214654
IP address blocks:        109.122.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:08:67:5d:a7:a8:d1:a9:86:ed:10:5f:75:94:0a:94:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Oct 21 20:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a800c2bbebb59655071b1d9260c53aa2fc3c245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:61:43:f0:b4:cf:aa:f3:11:0c:ed:1b:53:8a:
                    f9:5f:07:ef:23:f4:73:3a:53:aa:53:be:05:12:f6:
                    03:ea:7d:18:3d:9d:d2:44:0d:c0:c1:b7:77:09:f1:
                    99:6d:1e:2c:30:56:5a:05:41:c9:47:ed:ca:f0:fc:
                    d2:e2:4e:a5:44:eb:41:65:91:3b:32:16:6a:0e:5c:
                    93:0c:a7:72:6e:86:5d:ef:fd:b1:63:b7:ce:a8:56:
                    43:13:18:23:51:ec:27:c4:61:44:06:65:20:af:bb:
                    82:72:aa:4a:60:7e:6e:ab:7a:12:c6:25:a3:3b:70:
                    bb:89:d4:a2:cc:23:2e:d6:f1:79:24:e2:f5:8a:81:
                    4a:94:99:0f:6c:db:32:d6:7c:35:14:cb:11:47:fd:
                    7d:38:42:82:ee:90:c6:77:37:7a:a1:f2:ce:80:d0:
                    6a:97:46:5a:51:48:f2:b4:6e:ab:95:b1:d5:7b:6c:
                    d1:63:dd:b0:2a:ed:cb:05:57:84:38:1a:b3:b2:0b:
                    9a:4f:80:c4:a1:29:9e:81:47:3a:16:04:34:c7:42:
                    56:50:09:aa:f7:66:df:de:aa:a2:37:02:32:ea:6f:
                    a6:43:1c:a1:ec:5a:0a:01:c6:bb:b0:23:89:72:ff:
                    69:4b:6c:eb:72:ca:5a:77:a4:a7:1f:35:53:b5:dc:
                    3c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:80:0C:2B:BE:BB:59:65:50:71:B1:D9:26:0C:53:AA:2F:C3:C2:45
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/CoAMK767WWVQcbHZJgxTqi_DwkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:de:95:db:83:bb:e8:e0:cb:ce:ce:ef:6c:68:bf:e5:b6:a8:
         3d:a9:df:ea:d0:f2:14:50:c5:f9:78:17:30:cc:c9:52:34:fd:
         77:66:c7:5f:96:63:22:e7:0e:c7:20:38:e2:d1:9a:5e:4b:e2:
         53:64:35:d3:13:37:72:0e:d1:ec:88:8f:11:75:ff:db:59:33:
         30:4a:04:b0:bc:03:ab:d8:5e:ca:bb:3c:3f:9b:5d:e6:76:57:
         2f:98:55:ec:0f:f3:d0:38:0d:ce:a6:a0:6a:c0:56:bc:e0:a9:
         2f:37:1a:bc:58:2f:7c:ff:77:31:c8:f6:1d:e0:d4:32:ef:59:
         f1:09:3d:f1:19:65:8e:ca:a7:5e:f8:04:c7:64:eb:af:7d:ef:
         f6:48:30:65:a1:c7:77:d4:a3:cc:1f:b1:d5:b9:37:19:9c:8a:
         ab:00:a8:2b:45:a4:0d:e7:3f:75:f7:90:f3:b0:f6:f1:91:41:
         32:86:33:a2:e0:6e:bf:e2:24:86:a6:4d:aa:1e:20:a6:73:08:
         81:a2:4b:83:d1:df:8a:59:3d:25:89:20:fe:03:4b:50:a7:27:
         a3:f5:19:66:37:e7:cb:c2:b0:b1:6f:2d:1b:fe:c3:58:b9:76:
         a3:b8:95:99:92:3b:78:20:7b:e1:70:17:ad:fa:86:4e:d6:42:
         0d:81:09:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoIZ12nqNGphu0QX3WUCpSLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUxMDIxMjAxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgwMGMyYmJlYmI1OTY1NTA3MWIxZDkyNjBjNTNhYTJmYzNjMjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52FD8LTPqvMRDO0bU4r5XwfvI/Rz
OlOqU74FEvYD6n0YPZ3SRA3Awbd3CfGZbR4sMFZaBUHJR+3K8PzS4k6lROtBZZE7
MhZqDlyTDKdyboZd7/2xY7fOqFZDExgjUewnxGFEBmUgr7uCcqpKYH5uq3oSxiWj
O3C7idSizCMu1vF5JOL1ioFKlJkPbNsy1nw1FMsRR/19OEKC7pDGdzd6ofLOgNBq
l0ZaUUjytG6rlbHVe2zRY92wKu3LBVeEOBqzsguaT4DEoSmegUc6FgQ0x0JWUAmq
92bf3qqiNwIy6m+mQxyh7FoKAca7sCOJcv9pS2zrcspad6SnHzVTtdw85QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqADCu+u1llUHGx2SYMU6ovw8JFMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvQ29BTUs3NjdXV1ZRY2JIWkpneFRxaV9Ed2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoaMA0G
CSqGSIb3DQEBCwUAA4IBAQAb3pXbg7vo4MvOzu9saL/ltqg9qd/q0PIUUMX5eBcw
zMlSNP13ZsdflmMi5w7HIDji0ZpeS+JTZDXTEzdyDtHsiI8Rdf/bWTMwSgSwvAOr
2F7Kuzw/m13mdlcvmFXsD/PQOA3OpqBqwFa84KkvNxq8WC98/3cxyPYd4NQy71nx
CT3xGWWOyqde+ATHZOuvfe/2SDBlocd31KPMH7HVuTcZnIqrAKgrRaQN5z9195Dz
sPbxkUEyhjOi4G6/4iSGpk2qHiCmcwiBokuD0d+KWT0liSD+A0tQpyej9RlmN+fL
wrCxby0b/sNYuXajuJWZkjt4IHvhcBet+oZO1kINgQko
-----END CERTIFICATE-----