Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/sRNRYB70MeVIzFhK7okFlw-OH9o.roa
File:                     sRNRYB70MeVIzFhK7okFlw-OH9o.roa (raw, json)
Hash identifier:          bsaOqY3gwMAPKVXIJYmUwdKdXRJfxyZiCWm27SmpULY=
Subject key identifier:   B1:13:51:60:1E:F4:31:E5:48:CC:58:4A:EE:89:05:97:0F:8E:1F:DA
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019856F6C2A8DE3DE2938027655C254F1738
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/sRNRYB70MeVIzFhK7okFlw-OH9o.roa
Signing time:             Tue 29 Jul 2025 16:14:28 +0000
ROA not before:           Tue 29 Jul 2025 16:14:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        109.122.4.0/24 maxlen: 24
                          109.122.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:f6:c2:a8:de:3d:e2:93:80:27:65:5c:25:4f:17:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 29 16:14:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b11351601ef431e548cc584aee8905970f8e1fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5a:b3:09:00:03:f2:40:cd:f2:a9:8f:28:fa:
                    15:c7:d9:3a:7c:47:5a:2b:11:34:77:bc:24:94:a2:
                    c9:23:4d:f9:5c:5d:1b:e9:f1:86:29:14:5e:cb:73:
                    80:6a:08:6e:e7:b1:96:c4:57:b9:9b:3c:3a:86:06:
                    44:3f:5a:80:8b:f3:4f:69:3a:fe:ac:4c:4e:1d:5f:
                    6e:ed:b5:62:47:55:cf:7e:2d:33:08:f4:b5:91:3d:
                    cc:32:53:08:21:61:aa:d6:82:6e:c2:1c:d9:f9:1b:
                    7c:a9:10:cf:c6:e0:6c:d1:c1:19:fa:95:5a:79:e4:
                    de:41:43:5c:b4:8d:5a:67:e2:b3:c2:48:de:2b:15:
                    94:6e:9d:a3:ca:fe:74:d0:1e:43:fb:c1:8d:32:3f:
                    c6:aa:3f:41:7c:8f:b3:52:41:02:fc:42:45:14:81:
                    79:0c:db:b1:50:06:62:15:16:d0:e1:04:73:c1:92:
                    e9:39:2b:13:3b:2c:bf:b4:95:4c:5e:75:47:70:be:
                    42:57:ff:3d:7b:a0:47:09:64:23:c5:ac:6d:da:ca:
                    d3:c4:40:5f:3a:21:01:f1:41:a7:af:0c:d2:49:bd:
                    4c:e3:75:9f:3f:28:ef:f2:c9:05:59:ad:58:15:0a:
                    b7:cd:c5:42:5e:87:ff:a9:72:fb:f9:54:77:2b:3d:
                    65:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:13:51:60:1E:F4:31:E5:48:CC:58:4A:EE:89:05:97:0F:8E:1F:DA
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/sRNRYB70MeVIzFhK7okFlw-OH9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.4.0/24
                  109.122.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:6e:9a:97:e4:5c:f8:f2:96:5a:3d:11:6f:11:79:f4:b3:94:
         6c:39:b5:0d:81:70:9b:6e:79:a2:9a:7a:5d:2b:53:fa:e7:7c:
         ae:cc:16:18:74:42:d1:93:a3:7b:aa:a0:26:bc:09:36:4c:00:
         88:3a:42:6a:d7:b6:64:ef:9f:3d:05:ea:6a:97:af:5f:57:02:
         d7:38:5d:16:55:ee:07:30:77:f9:e4:58:88:cd:b5:cc:e8:8c:
         2e:31:9f:5e:88:2d:ba:14:41:26:3a:4b:b9:9a:cb:0d:27:b2:
         a2:d1:9e:8a:b0:64:3d:b5:90:28:24:6e:99:f8:e4:09:61:1d:
         d2:6f:19:18:29:4f:73:b5:43:86:c2:7a:54:b6:28:ea:5b:54:
         b5:48:99:5d:fa:05:22:74:fd:f6:bb:be:d2:07:6c:34:12:75:
         0a:80:12:9d:ad:69:0a:a5:9a:c2:04:f1:f6:38:a5:33:3d:e1:
         f8:ef:d4:cc:ca:e6:fc:30:e1:23:b0:0c:58:03:7f:03:29:73:
         24:1e:eb:4a:22:2e:a4:9a:c0:e9:a4:b2:49:50:2b:2e:98:ad:
         84:ac:c0:38:63:0d:5a:c7:a6:3f:58:0f:81:7e:00:11:be:bb:
         4a:59:4c:70:31:65:6b:c3:86:73:27:c3:a7:09:22:31:ce:d1:
         ea:2b:c8:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhW9sKo3j3ik4AnZVwlTxc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzI5MTYxNDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTEzNTE2MDFlZjQzMWU1NDhjYzU4NGFlZTg5MDU5NzBmOGUxZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21qzCQAD8kDN8qmPKPoVx9k6fEda
KxE0d7wklKLJI035XF0b6fGGKRRey3OAaghu57GWxFe5mzw6hgZEP1qAi/NPaTr+
rExOHV9u7bViR1XPfi0zCPS1kT3MMlMIIWGq1oJuwhzZ+Rt8qRDPxuBs0cEZ+pVa
eeTeQUNctI1aZ+KzwkjeKxWUbp2jyv500B5D+8GNMj/Gqj9BfI+zUkEC/EJFFIF5
DNuxUAZiFRbQ4QRzwZLpOSsTOyy/tJVMXnVHcL5CV/89e6BHCWQjxaxt2srTxEBf
OiEB8UGnrwzSSb1M43WfPyjv8skFWa1YFQq3zcVCXof/qXL7+VR3Kz1lewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLETUWAe9DHlSMxYSu6JBZcPjh/aMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvc1JOUllCNzBNZVZJekZoSzdva0Zsdy1PSDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXoEAwQA
bXoeMA0GCSqGSIb3DQEBCwUAA4IBAQA9bpqX5Fz48pZaPRFvEXn0s5RsObUNgXCb
bnmimnpdK1P653yuzBYYdELRk6N7qqAmvAk2TACIOkJq17Zk7589Bepql69fVwLX
OF0WVe4HMHf55FiIzbXM6IwuMZ9eiC26FEEmOku5mssNJ7Ki0Z6KsGQ9tZAoJG6Z
+OQJYR3SbxkYKU9ztUOGwnpUtijqW1S1SJld+gUidP32u77SB2w0EnUKgBKdrWkK
pZrCBPH2OKUzPeH479TMyub8MOEjsAxYA38DKXMkHutKIi6kmsDppLJJUCsumK2E
rMA4Yw1ax6Y/WA+BfgARvrtKWUxwMWVrw4ZzJ8OnCSIxztHqK8jv
-----END CERTIFICATE-----
Generated at Mon Aug 4 18:32:16 2025 by rpki-client