Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/PwVGcN7-AG25Z_EVB5mSMrRZw_U.roa
File:                     PwVGcN7-AG25Z_EVB5mSMrRZw_U.roa (raw, json)
Hash identifier:          n+BI0dcWDz0/rfHuwVL/W0fA3VHX5rbe3Re+nTfH5+g=
Subject key identifier:   3F:05:46:70:DE:FE:00:6D:B9:67:F1:15:07:99:92:32:B4:59:C3:F5
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019840E2D8804856F6E4629C4D99E48FFF78
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/PwVGcN7-AG25Z_EVB5mSMrRZw_U.roa
Signing time:             Fri 25 Jul 2025 09:21:05 +0000
ROA not before:           Fri 25 Jul 2025 09:21:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202673
IP address blocks:        109.122.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 07:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:e2:d8:80:48:56:f6:e4:62:9c:4d:99:e4:8f:ff:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 25 09:21:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f054670defe006db967f11507999232b459c3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:57:09:8f:14:7d:02:93:3f:ce:e4:bd:35:59:
                    88:82:6b:d2:8e:db:3a:d5:4b:13:ef:9d:2f:0a:a6:
                    f7:12:cd:87:d2:12:56:d6:82:7a:95:2b:5b:f5:dd:
                    4f:66:71:83:16:50:ee:48:e5:28:76:9f:84:b6:24:
                    d6:58:bb:14:c7:f3:f5:5d:61:28:a0:28:24:fc:89:
                    7a:51:1f:52:dd:55:72:cd:1a:99:69:89:8b:26:f2:
                    d6:b5:0d:5e:c6:01:46:e1:91:b7:3f:e2:4f:9e:97:
                    41:ca:77:01:bf:c9:0e:49:bd:ef:02:b4:c3:4e:c5:
                    22:2d:ac:90:31:ea:9c:7c:18:d9:a5:61:0a:72:d6:
                    c8:87:96:b1:fc:6b:03:fe:aa:eb:83:12:50:0a:b5:
                    78:fa:e7:42:4d:3d:4f:97:ef:d0:ab:37:f1:02:d7:
                    0a:29:75:70:b2:d7:8f:d4:97:85:54:9b:87:5b:78:
                    1e:af:81:a1:e2:f2:e5:8e:1a:fb:65:46:09:1f:90:
                    11:22:46:42:2f:ff:61:96:d9:30:c8:ef:a1:ce:78:
                    09:10:6c:2f:9a:df:44:12:55:ec:85:45:15:25:d1:
                    90:ea:55:e2:3f:9a:96:95:b6:a6:f6:44:35:e4:c7:
                    6e:30:8d:c4:3f:c7:d7:d2:b1:ea:17:a6:60:1d:1e:
                    63:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:05:46:70:DE:FE:00:6D:B9:67:F1:15:07:99:92:32:B4:59:C3:F5
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/PwVGcN7-AG25Z_EVB5mSMrRZw_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:34:42:28:b6:ea:3c:41:ec:2f:6f:23:27:62:ed:5b:54:1e:
         f7:85:74:69:c0:3b:ea:c0:1b:51:22:02:39:ec:8c:ef:a6:24:
         18:85:00:b3:f5:c7:fa:1e:44:42:f6:a5:48:37:8a:c2:fc:9f:
         5c:82:e5:25:df:5a:65:c8:97:b2:db:ea:60:4c:23:ab:d1:10:
         8d:a0:31:c3:0e:6b:f1:fc:07:06:a0:c4:09:60:3c:bd:da:b2:
         d0:f0:a8:0c:6d:13:9b:35:9c:58:41:de:aa:5f:7c:e4:4c:89:
         e4:d4:92:7c:96:a5:ff:be:8e:6e:23:ca:da:ff:20:cd:58:5a:
         8d:63:e9:4b:f7:e0:2d:60:5f:3d:a4:ff:35:80:4b:b2:f2:2f:
         80:53:22:2f:0a:ac:7c:77:e6:d7:73:74:8a:39:6c:f7:6c:f2:
         86:51:02:c6:39:4c:95:2d:d7:bd:f7:79:2b:8a:93:05:43:b1:
         88:8e:cd:6c:62:be:a3:a1:ac:88:94:17:91:73:72:93:ad:92:
         b2:52:3a:15:df:3d:9d:91:2c:d5:70:ac:36:c4:50:f8:b1:61:
         89:fc:13:73:f2:57:5a:84:8e:5d:e0:7d:bc:9b:9b:39:79:7a:
         af:a0:d2:23:d1:08:2f:63:68:3c:ac:6c:26:b8:df:97:76:20:
         5d:a9:3d:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhA4tiASFb25GKcTZnkj/94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzI1MDkyMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjA1NDY3MGRlZmUwMDZkYjk2N2YxMTUwNzk5OTIzMmI0NTljM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VcJjxR9ApM/zuS9NVmIgmvSjts6
1UsT750vCqb3Es2H0hJW1oJ6lStb9d1PZnGDFlDuSOUodp+EtiTWWLsUx/P1XWEo
oCgk/Il6UR9S3VVyzRqZaYmLJvLWtQ1exgFG4ZG3P+JPnpdByncBv8kOSb3vArTD
TsUiLayQMeqcfBjZpWEKctbIh5ax/GsD/qrrgxJQCrV4+udCTT1Pl+/QqzfxAtcK
KXVwsteP1JeFVJuHW3ger4Gh4vLljhr7ZUYJH5ARIkZCL/9hltkwyO+hzngJEGwv
mt9EElXshUUVJdGQ6lXiP5qWlbam9kQ15MduMI3EP8fX0rHqF6ZgHR5jxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8FRnDe/gBtuWfxFQeZkjK0WcP1MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvUHdWR2NONy1BRzI1Wl9FVkI1bVNNclJad19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoVMA0G
CSqGSIb3DQEBCwUAA4IBAQCINEIotuo8QewvbyMnYu1bVB73hXRpwDvqwBtRIgI5
7IzvpiQYhQCz9cf6HkRC9qVIN4rC/J9cguUl31plyJey2+pgTCOr0RCNoDHDDmvx
/AcGoMQJYDy92rLQ8KgMbRObNZxYQd6qX3zkTInk1JJ8lqX/vo5uI8ra/yDNWFqN
Y+lL9+AtYF89pP81gEuy8i+AUyIvCqx8d+bXc3SKOWz3bPKGUQLGOUyVLde993kr
ipMFQ7GIjs1sYr6joayIlBeRc3KTrZKyUjoV3z2dkSzVcKw2xFD4sWGJ/BNz8lda
hI5d4H28m5s5eXqvoNIj0QgvY2g8rGwmuN+XdiBdqT3a
-----END CERTIFICATE-----