Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/SFjeqOASRO7UaTji1Zm6-RBu61g.roa
File:                     SFjeqOASRO7UaTji1Zm6-RBu61g.roa (raw, json)
Hash identifier:          Yx5TV1nxZdFx90sQHJN42KeWhaWZPKKBhbXLKBfzOb0=
Subject key identifier:   48:58:DE:A8:E0:12:44:EE:D4:69:38:E2:D5:99:BA:F9:10:6E:EB:58
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       01983BC2E5F4318A4FA4CA11AAE3B5480D34
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/SFjeqOASRO7UaTji1Zm6-RBu61g.roa
Signing time:             Thu 24 Jul 2025 09:28:05 +0000
ROA not before:           Thu 24 Jul 2025 09:28:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214661
IP address blocks:        109.122.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3b:c2:e5:f4:31:8a:4f:a4:ca:11:aa:e3:b5:48:0d:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 24 09:28:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4858dea8e01244eed46938e2d599baf9106eeb58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c1:81:4e:64:89:2f:97:d2:f6:85:ac:ec:09:
                    10:b4:95:cb:af:45:67:7f:47:43:af:9f:f5:8f:ec:
                    ce:f6:11:eb:16:ad:85:e4:4a:1b:a1:46:0d:f7:a5:
                    a7:9f:11:31:52:e5:db:05:71:01:07:62:8d:65:e9:
                    5f:95:e1:c2:b4:6a:25:67:b2:54:ba:c0:51:2d:c5:
                    86:bf:31:c3:09:f7:ba:c6:75:79:09:38:cb:3e:9c:
                    65:4b:b9:04:26:48:85:c7:23:a6:36:f4:fc:eb:04:
                    2e:67:7b:3f:31:e7:d7:48:89:51:89:b4:d5:75:e7:
                    2d:65:b7:c4:b9:ca:27:47:5c:c6:85:1f:7b:dd:01:
                    06:6b:ff:b6:63:6a:e9:13:be:0f:65:c5:d0:ef:78:
                    f0:a5:45:07:42:98:17:c3:37:1f:ec:44:4b:2d:67:
                    46:9b:0a:8a:2f:77:eb:e9:e3:fe:eb:d7:6a:db:5f:
                    de:61:62:1a:ed:6c:53:ef:8d:2a:fa:ef:08:14:b4:
                    6e:9d:3b:2a:91:d7:fa:99:59:ab:80:4e:7b:96:46:
                    03:bd:d2:1b:ac:8e:e2:d0:3a:ce:b0:9f:7d:13:9d:
                    d4:a0:ca:66:9d:4d:64:88:5e:0c:8f:c1:bc:02:5b:
                    88:f2:7f:d1:06:13:a9:df:c4:9f:d0:33:50:82:4c:
                    45:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:58:DE:A8:E0:12:44:EE:D4:69:38:E2:D5:99:BA:F9:10:6E:EB:58
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/SFjeqOASRO7UaTji1Zm6-RBu61g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:cd:99:75:12:34:b0:48:05:3c:0f:11:ff:3d:01:2e:d2:51:
         9c:32:15:99:16:04:f6:77:56:bc:25:5a:fc:59:0d:79:35:13:
         98:f3:fc:70:97:01:c6:f9:70:e8:27:d6:72:46:91:bd:93:5e:
         90:3b:37:e1:e3:66:76:1c:43:08:e4:94:ae:75:2d:10:03:c6:
         c5:34:92:cd:f8:89:3a:83:b2:7f:f4:91:9c:e5:27:f9:48:b2:
         2e:39:06:43:3d:92:ae:aa:29:6d:38:1e:1c:77:ec:e4:13:ee:
         4d:66:56:93:7b:81:b0:ee:2f:da:d1:cc:75:81:51:14:36:d8:
         29:9c:f8:5d:66:20:49:66:19:80:30:e3:7b:68:5b:a0:94:ba:
         c6:1a:92:b7:b3:1d:75:13:df:f7:96:2c:80:51:90:6e:3e:b2:
         56:43:d4:36:01:4b:de:17:3d:8e:38:61:bd:8a:21:7d:49:50:
         eb:ed:62:10:58:89:bf:4e:79:92:92:b7:5f:05:4c:c4:86:b0:
         32:86:5e:44:f2:6f:70:4e:6e:8e:7e:e3:9c:7b:58:69:ef:98:
         bc:7d:a0:5e:33:e6:55:44:b7:44:f4:f9:99:7c:f9:0a:96:5e:
         43:68:a5:03:37:e7:c7:44:88:df:04:62:08:fc:98:e4:7f:6f:
         6f:65:58:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg7wuX0MYpPpMoRquO1SA00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzI0MDkyODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODU4ZGVhOGUwMTI0NGVlZDQ2OTM4ZTJkNTk5YmFmOTEwNmVlYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsGBTmSJL5fS9oWs7AkQtJXLr0Vn
f0dDr5/1j+zO9hHrFq2F5EoboUYN96WnnxExUuXbBXEBB2KNZelfleHCtGolZ7JU
usBRLcWGvzHDCfe6xnV5CTjLPpxlS7kEJkiFxyOmNvT86wQuZ3s/MefXSIlRibTV
dectZbfEuconR1zGhR973QEGa/+2Y2rpE74PZcXQ73jwpUUHQpgXwzcf7ERLLWdG
mwqKL3fr6eP+69dq21/eYWIa7WxT740q+u8IFLRunTsqkdf6mVmrgE57lkYDvdIb
rI7i0DrOsJ99E53UoMpmnU1kiF4Mj8G8AluI8n/RBhOp38Sf0DNQgkxFZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhY3qjgEkTu1Gk44tWZuvkQbutYMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvU0ZqZXFPQVNSTzdVYVRqaTFabTYtUkJ1NjFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoDMA0G
CSqGSIb3DQEBCwUAA4IBAQA6zZl1EjSwSAU8DxH/PQEu0lGcMhWZFgT2d1a8JVr8
WQ15NROY8/xwlwHG+XDoJ9ZyRpG9k16QOzfh42Z2HEMI5JSudS0QA8bFNJLN+Ik6
g7J/9JGc5Sf5SLIuOQZDPZKuqiltOB4cd+zkE+5NZlaTe4Gw7i/a0cx1gVEUNtgp
nPhdZiBJZhmAMON7aFuglLrGGpK3sx11E9/3liyAUZBuPrJWQ9Q2AUveFz2OOGG9
iiF9SVDr7WIQWIm/TnmSkrdfBUzEhrAyhl5E8m9wTm6OfuOce1hp75i8faBeM+ZV
RLdE9PmZfPkKll5DaKUDN+fHRIjfBGII/Jjkf29vZVj4
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:53:20 2025 by rpki-client