Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/ImZ71vkvK8QW6Gf8wBhmNCY82_Y.roa
File:                     ImZ71vkvK8QW6Gf8wBhmNCY82_Y.roa (raw, json)
Hash identifier:          a22Yqft9nJnPT17qgkPlyZe+W7jNErrKGXQIN762r+I=
Subject key identifier:   22:66:7B:D6:F9:2F:2B:C4:16:E8:67:FC:C0:18:66:34:26:3C:DB:F6
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019A40C6D43141DDBC0B075CA9E88B3AC20C
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/ImZ71vkvK8QW6Gf8wBhmNCY82_Y.roa
Signing time:             Sat 01 Nov 2025 18:56:03 +0000
ROA not before:           Sat 01 Nov 2025 18:56:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     132335
IP address blocks:        109.122.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:40:c6:d4:31:41:dd:bc:0b:07:5c:a9:e8:8b:3a:c2:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Nov  1 18:56:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22667bd6f92f2bc416e867fcc0186634263cdbf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:87:e0:62:c4:7b:df:a9:d0:bd:82:b2:b0:09:
                    7c:67:ec:4a:f3:04:02:7b:85:be:d1:83:89:6d:d7:
                    e2:29:9a:79:17:6a:f5:82:22:3b:b4:40:b4:24:bf:
                    1c:c3:3d:32:cd:c6:d1:5a:d7:59:8a:96:d8:5c:9c:
                    04:b9:0f:d6:82:2c:8e:ea:83:19:25:4e:fa:e1:7a:
                    5f:9e:5d:8e:53:f1:82:59:1c:5c:88:19:c7:65:1f:
                    27:1f:42:7e:a4:be:e0:a7:6d:3d:11:23:51:4a:2b:
                    bd:65:1f:a9:39:4a:a6:fa:b8:70:87:16:0a:f0:df:
                    9a:46:50:90:9d:1d:8a:80:d9:bd:45:54:53:29:7b:
                    17:72:e0:a0:04:de:b5:e5:30:be:cd:63:cf:02:fc:
                    93:c3:fd:f3:f2:96:ca:60:0f:6e:0a:55:76:4f:15:
                    37:ca:79:33:1e:36:c1:2b:72:ba:93:ff:6f:8d:98:
                    e5:67:eb:bd:f3:ff:ae:8a:7b:4a:d0:33:a7:53:23:
                    98:d2:13:e9:87:94:f9:4d:06:85:0c:4c:0f:58:58:
                    50:7d:82:75:74:ab:4b:0b:ef:ed:e5:4a:61:3d:1a:
                    df:70:e1:f0:3a:87:22:1c:d0:8c:e2:25:40:ae:a6:
                    99:26:14:13:e5:7b:76:ca:be:8e:d5:0e:da:14:f4:
                    15:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:66:7B:D6:F9:2F:2B:C4:16:E8:67:FC:C0:18:66:34:26:3C:DB:F6
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/ImZ71vkvK8QW6Gf8wBhmNCY82_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:10:0e:44:5f:43:21:f4:2a:08:20:e4:37:87:7e:a9:12:e9:
         82:fe:cf:f2:f0:67:4e:f8:6a:04:fb:61:51:03:df:80:b8:30:
         e6:85:57:d0:71:26:b8:ed:a0:94:50:f6:9d:37:77:da:03:04:
         89:79:34:43:08:33:f9:d5:e4:9c:13:28:d7:6f:1a:90:5a:2f:
         3d:51:2a:bf:8a:9f:df:81:44:0e:70:bb:d6:b2:60:78:28:28:
         4d:5d:1a:c2:79:89:07:02:6c:d8:a8:c4:8c:4e:8e:a4:73:c5:
         35:96:d9:50:04:85:94:29:95:49:bc:b3:d9:ec:25:5c:d1:bb:
         ca:bd:48:4c:e1:97:9e:d7:54:53:0e:45:96:23:9f:2a:0a:38:
         8f:8d:2d:37:bf:ec:0b:3d:78:02:c8:05:62:3a:36:10:7d:e8:
         46:9d:83:03:09:6f:72:74:f7:f3:a3:f1:c5:bd:03:5d:12:fe:
         3a:95:c1:5c:4e:07:78:4b:0b:82:de:29:af:f5:52:c2:a4:d3:
         aa:1f:4a:b9:f4:70:22:ac:1d:79:21:21:4d:87:d4:a7:03:74:
         3d:50:6b:91:be:b0:0d:19:29:89:ca:33:af:02:4d:b4:39:6d:
         3c:4b:4d:cb:d6:8e:7e:71:d7:1f:8a:77:e3:47:77:2b:82:4b:
         56:64:fa:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpAxtQxQd28CwdcqeiLOsIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUxMTAxMTg1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjY2N2JkNmY5MmYyYmM0MTZlODY3ZmNjMDE4NjYzNDI2M2NkYmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4fgYsR736nQvYKysAl8Z+xK8wQC
e4W+0YOJbdfiKZp5F2r1giI7tEC0JL8cwz0yzcbRWtdZipbYXJwEuQ/WgiyO6oMZ
JU764Xpfnl2OU/GCWRxciBnHZR8nH0J+pL7gp209ESNRSiu9ZR+pOUqm+rhwhxYK
8N+aRlCQnR2KgNm9RVRTKXsXcuCgBN615TC+zWPPAvyTw/3z8pbKYA9uClV2TxU3
ynkzHjbBK3K6k/9vjZjlZ+u98/+uintK0DOnUyOY0hPph5T5TQaFDEwPWFhQfYJ1
dKtLC+/t5UphPRrfcOHwOociHNCM4iVArqaZJhQT5Xt2yr6O1Q7aFPQVrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJme9b5LyvEFuhn/MAYZjQmPNv2MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvSW1aNzF2a3ZLOFFXNkdmOHdCaG1OQ1k4Ml9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoCMA0G
CSqGSIb3DQEBCwUAA4IBAQBqEA5EX0Mh9CoIIOQ3h36pEumC/s/y8GdO+GoE+2FR
A9+AuDDmhVfQcSa47aCUUPadN3faAwSJeTRDCDP51eScEyjXbxqQWi89USq/ip/f
gUQOcLvWsmB4KChNXRrCeYkHAmzYqMSMTo6kc8U1ltlQBIWUKZVJvLPZ7CVc0bvK
vUhM4Zee11RTDkWWI58qCjiPjS03v+wLPXgCyAViOjYQfehGnYMDCW9ydPfzo/HF
vQNdEv46lcFcTgd4SwuC3imv9VLCpNOqH0q59HAirB15ISFNh9SnA3Q9UGuRvrAN
GSmJyjOvAk20OW08S03L1o5+cdcfinfjR3crgktWZPoF
-----END CERTIFICATE-----