Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/McVjfCOWfpHaaVECbZO-SUISLIE.roa
File:                     McVjfCOWfpHaaVECbZO-SUISLIE.roa (raw, json)
Hash identifier:          mXVtd1TlBbxdfZd74Ue3xhKpBK/9c9rl7jvJAmPY+yc=
Subject key identifier:   31:C5:63:7C:23:96:7E:91:DA:69:51:02:6D:93:BE:49:42:12:2C:81
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019850ABFBA750FC36974CCA2E0ADB9846A2
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/McVjfCOWfpHaaVECbZO-SUISLIE.roa
Signing time:             Mon 28 Jul 2025 10:55:05 +0000
ROA not before:           Mon 28 Jul 2025 10:55:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400909
IP address blocks:        109.122.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:52:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:ab:fb:a7:50:fc:36:97:4c:ca:2e:0a:db:98:46:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 28 10:55:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31c5637c23967e91da6951026d93be4942122c81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:41:67:1f:d9:ef:8c:92:52:0a:f9:3e:4d:7c:
                    8c:4d:2d:17:69:91:0c:e0:db:36:ec:ea:2c:6e:e4:
                    1c:09:0b:bf:1b:72:95:77:4a:a2:b3:b6:ab:6b:00:
                    5b:98:85:61:c1:3d:21:a1:96:67:1c:7c:30:16:16:
                    53:d1:ab:4f:ff:9c:a7:5e:81:22:d3:da:a4:e0:9d:
                    8c:db:9f:3d:7b:d2:50:0e:b1:df:86:ec:67:3e:56:
                    d0:a4:b4:2d:68:c8:19:4a:56:03:a8:e6:2e:59:0f:
                    43:88:9e:33:6c:3e:e6:ea:84:51:1f:be:24:ed:57:
                    56:62:5b:63:4f:19:2e:54:7a:10:b2:c6:1a:8b:2e:
                    c7:9c:dc:8f:ff:85:c2:5f:c5:81:df:95:1c:f7:74:
                    99:de:90:bf:b9:b1:67:56:4d:b6:93:92:80:6f:7f:
                    96:07:45:1b:9d:8c:1b:79:e7:b5:e5:e2:87:27:db:
                    7c:e2:72:38:77:b0:0f:23:76:4e:5c:fe:f5:7e:df:
                    cb:7e:80:ea:8e:56:37:a4:a7:f7:2c:ef:55:71:14:
                    49:3b:8b:80:da:ae:e1:3f:54:dc:5c:70:7b:e7:50:
                    b3:08:92:25:78:ed:0d:40:29:d5:6b:1c:22:b9:08:
                    58:ca:ac:25:51:2c:29:f3:f9:66:c4:73:f3:b2:9d:
                    7a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C5:63:7C:23:96:7E:91:DA:69:51:02:6D:93:BE:49:42:12:2C:81
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/McVjfCOWfpHaaVECbZO-SUISLIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ab:95:ed:b1:6a:51:d1:df:b3:b3:0e:df:aa:9f:ef:66:54:
         c9:76:3c:dc:51:52:06:59:c6:9e:16:25:cb:95:65:01:fc:20:
         ee:0b:6f:d3:7a:46:f9:bb:02:0f:21:73:79:75:82:14:5f:e4:
         84:1f:ff:10:55:19:63:8a:4d:0c:e3:37:67:3c:ef:e7:dc:06:
         c7:da:13:06:51:50:c4:47:32:1b:3c:88:f5:f3:e5:4d:de:fd:
         51:49:37:fa:47:83:eb:da:7e:c5:61:c2:c5:00:6b:e9:d4:20:
         ef:a8:25:c7:9b:21:3f:89:48:a8:21:18:89:40:8c:bf:e6:86:
         8c:bd:fa:1b:23:55:0b:17:3c:6d:8a:ea:6f:61:cd:d0:9e:5a:
         10:da:96:15:ec:0b:f8:92:03:1c:8d:05:00:10:f3:c9:37:b5:
         f8:96:70:5d:e9:76:04:b8:0c:1e:39:61:87:e8:bf:07:30:31:
         6b:bf:78:1b:94:fe:30:38:bb:0f:bf:8c:31:5d:79:15:98:18:
         d8:89:34:99:83:67:60:8e:9c:19:30:bd:56:0d:74:08:c9:65:
         f8:77:ec:01:62:b6:11:51:6c:07:4c:6e:61:84:4b:67:bc:d1:
         98:e9:48:7a:3c:4b:3f:42:87:a6:f9:73:0d:e2:c5:2c:4a:9b:
         41:69:f3:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhQq/unUPw2l0zKLgrbmEaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzI4MTA1NTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWM1NjM3YzIzOTY3ZTkxZGE2OTUxMDI2ZDkzYmU0OTQyMTIyYzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUFnH9nvjJJSCvk+TXyMTS0XaZEM
4Ns27OosbuQcCQu/G3KVd0qis7arawBbmIVhwT0hoZZnHHwwFhZT0atP/5ynXoEi
09qk4J2M2589e9JQDrHfhuxnPlbQpLQtaMgZSlYDqOYuWQ9DiJ4zbD7m6oRRH74k
7VdWYltjTxkuVHoQssYaiy7HnNyP/4XCX8WB35Uc93SZ3pC/ubFnVk22k5KAb3+W
B0UbnYwbeee15eKHJ9t84nI4d7API3ZOXP71ft/LfoDqjlY3pKf3LO9VcRRJO4uA
2q7hP1TcXHB751CzCJIleO0NQCnVaxwiuQhYyqwlUSwp8/lmxHPzsp16bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHFY3wjln6R2mlRAm2TvklCEiyBMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvTWNWamZDT1dmcEhhYVZFQ2JaTy1TVUlTTElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoOMA0G
CSqGSIb3DQEBCwUAA4IBAQBoq5XtsWpR0d+zsw7fqp/vZlTJdjzcUVIGWcaeFiXL
lWUB/CDuC2/Tekb5uwIPIXN5dYIUX+SEH/8QVRljik0M4zdnPO/n3AbH2hMGUVDE
RzIbPIj18+VN3v1RSTf6R4Pr2n7FYcLFAGvp1CDvqCXHmyE/iUioIRiJQIy/5oaM
vfobI1ULFzxtiupvYc3QnloQ2pYV7Av4kgMcjQUAEPPJN7X4lnBd6XYEuAweOWGH
6L8HMDFrv3gblP4wOLsPv4wxXXkVmBjYiTSZg2dgjpwZML1WDXQIyWX4d+wBYrYR
UWwHTG5hhEtnvNGY6Uh6PEs/Qoem+XMN4sUsSptBafNj
-----END CERTIFICATE-----