Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/dQb0F1u5mBPMG5LeEDlmBArl4_c.roa
File:                     dQb0F1u5mBPMG5LeEDlmBArl4_c.roa (raw, json)
Hash identifier:          ch/l2lKRfk5F4Xdg3CcMMBUnCPuT7Z2xxq+N89Xyb4E=
Subject key identifier:   75:06:F4:17:5B:B9:98:13:CC:1B:92:DE:10:39:66:04:0A:E5:E3:F7
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019A170B89ECC21C885C1E0BB6B934A29610
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/dQb0F1u5mBPMG5LeEDlmBArl4_c.roa
Signing time:             Fri 24 Oct 2025 16:27:03 +0000
ROA not before:           Fri 24 Oct 2025 16:27:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        109.122.1.0/24 maxlen: 24
                          109.122.15.0/24 maxlen: 24
                          109.122.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:17:0b:89:ec:c2:1c:88:5c:1e:0b:b6:b9:34:a2:96:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Oct 24 16:27:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7506f4175bb99813cc1b92de103966040ae5e3f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b5:38:6d:5d:05:b6:e7:cc:6e:2e:c8:a8:20:
                    05:70:da:b8:c3:93:19:ea:34:c7:69:f0:47:e6:83:
                    fc:fc:52:64:12:0d:2d:22:74:4b:a6:37:2e:d3:98:
                    90:c6:ae:e8:4d:3a:c1:81:f1:62:c1:03:14:30:e9:
                    3f:12:33:92:7e:c1:e2:49:40:54:bb:68:b6:88:f6:
                    84:06:92:b5:47:11:51:f9:3e:17:2d:4d:c4:c6:f3:
                    e0:f7:68:e7:a7:06:dc:68:13:ec:a3:36:d3:23:7e:
                    1b:3d:c3:c5:2d:d6:8c:40:60:6f:af:b8:6a:0a:9f:
                    36:55:8c:cc:4f:41:22:d5:63:ed:07:96:1e:fd:5b:
                    5a:9b:f2:c3:0b:38:1b:cc:a0:ec:c4:ad:2b:b6:4c:
                    11:c2:18:0b:d9:55:ba:a3:83:48:25:58:8d:a0:46:
                    b0:b8:cb:4e:37:44:69:2b:4c:3e:b8:70:ca:26:01:
                    0b:1e:f8:c0:0d:2d:44:60:25:ef:09:1c:eb:9f:0a:
                    f1:cc:da:84:70:1e:90:a4:29:d2:2f:ae:40:4e:14:
                    0d:64:b3:2c:7b:10:fe:cc:f5:29:84:a4:a2:a7:7b:
                    8f:93:01:65:4d:ee:32:00:00:01:5c:48:5e:91:f3:
                    ee:a3:21:d1:71:ab:b5:81:9a:5a:17:35:3f:71:86:
                    66:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:06:F4:17:5B:B9:98:13:CC:1B:92:DE:10:39:66:04:0A:E5:E3:F7
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/dQb0F1u5mBPMG5LeEDlmBArl4_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.1.0/24
                  109.122.15.0/24
                  109.122.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:9f:d4:88:b8:12:e9:d5:5b:84:0e:bd:2c:2f:20:7f:b9:28:
         40:8e:4d:72:41:e6:0b:2b:b2:8e:96:05:fe:75:f9:bc:40:01:
         c2:bf:2d:a0:15:5a:36:75:f5:0b:f3:df:49:22:3b:5e:19:fb:
         34:a4:e3:53:ea:96:b3:08:c8:91:39:44:52:b6:57:f8:00:e3:
         85:d6:da:bd:fd:e2:20:1a:77:8c:86:1f:d4:d1:19:7e:c4:4d:
         d6:1b:3e:9e:5d:3d:20:cc:c5:4e:a1:e9:f2:65:f8:ab:6e:56:
         07:f4:1e:f2:6a:d1:1b:e3:a6:cc:30:ec:c7:78:dd:2e:8c:35:
         c0:4f:e6:22:5a:e5:99:aa:63:d0:84:41:04:32:11:de:41:f6:
         19:1d:3b:86:65:72:6b:9c:49:06:18:ae:dd:69:f7:58:b8:32:
         27:04:ce:88:a8:2b:8b:de:11:ba:4c:9f:d9:d4:35:61:19:07:
         a0:dd:33:54:aa:75:b6:fa:6c:55:9e:78:cf:9a:51:cc:05:69:
         2d:ce:fa:60:77:89:58:cd:2f:00:d5:f0:ed:89:d4:d2:5b:93:
         ea:ca:fa:1e:e8:05:85:a3:1b:84:05:ae:6f:b3:be:c0:57:13:
         9d:6a:37:11:b3:80:ce:6e:a9:27:15:1f:75:5a:4e:c3:c3:e7:
         bb:b0:6f:f8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoXC4nswhyIXB4Ltrk0opYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUxMDI0MTYyNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA2ZjQxNzViYjk5ODEzY2MxYjkyZGUxMDM5NjYwNDBhZTVlM2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbU4bV0FtufMbi7IqCAFcNq4w5MZ
6jTHafBH5oP8/FJkEg0tInRLpjcu05iQxq7oTTrBgfFiwQMUMOk/EjOSfsHiSUBU
u2i2iPaEBpK1RxFR+T4XLU3ExvPg92jnpwbcaBPsozbTI34bPcPFLdaMQGBvr7hq
Cp82VYzMT0Ei1WPtB5Ye/Vtam/LDCzgbzKDsxK0rtkwRwhgL2VW6o4NIJViNoEaw
uMtON0RpK0w+uHDKJgELHvjADS1EYCXvCRzrnwrxzNqEcB6QpCnSL65AThQNZLMs
exD+zPUphKSip3uPkwFlTe4yAAABXEhekfPuoyHRcau1gZpaFzU/cYZmxwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHUG9BdbuZgTzBuS3hA5ZgQK5eP3MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvZFFiMEYxdTVtQlBNRzVMZUVEbG1CQXJsNF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbXoBAwQA
bXoPAwQAbXoUMA0GCSqGSIb3DQEBCwUAA4IBAQA/n9SIuBLp1VuEDr0sLyB/uShA
jk1yQeYLK7KOlgX+dfm8QAHCvy2gFVo2dfUL899JIjteGfs0pONT6pazCMiROURS
tlf4AOOF1tq9/eIgGneMhh/U0Rl+xE3WGz6eXT0gzMVOoenyZfirblYH9B7yatEb
46bMMOzHeN0ujDXAT+YiWuWZqmPQhEEEMhHeQfYZHTuGZXJrnEkGGK7dafdYuDIn
BM6IqCuL3hG6TJ/Z1DVhGQeg3TNUqnW2+mxVnnjPmlHMBWktzvpgd4lYzS8A1fDt
idTSW5Pqyvoe6AWFoxuEBa5vs77AVxOdajcRs4DObqknFR91Wk7Dw+e7sG/4
-----END CERTIFICATE-----