Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/vAOPrMQ4DvCkIl8pRCOHXClQmmA.roa
File:                     vAOPrMQ4DvCkIl8pRCOHXClQmmA.roa (raw, json)
Hash identifier:          0aROE+eJRjt32yMRTPG1pw5b6bdh86At5DwLSKErW9s=
Subject key identifier:   BC:03:8F:AC:C4:38:0E:F0:A4:22:5F:29:44:23:87:5C:29:50:9A:60
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019836D0B8A68E8BB3BA95D6BBFA6A19FE27
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/vAOPrMQ4DvCkIl8pRCOHXClQmmA.roa
Signing time:             Wed 23 Jul 2025 10:25:05 +0000
ROA not before:           Wed 23 Jul 2025 10:25:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395839
IP address blocks:        109.122.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:d0:b8:a6:8e:8b:b3:ba:95:d6:bb:fa:6a:19:fe:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jul 23 10:25:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc038facc4380ef0a4225f294423875c29509a60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ae:77:d4:c5:be:1f:ad:37:6d:82:c5:bf:e7:
                    39:ea:21:10:68:c2:cf:95:e8:c3:29:36:d2:c1:72:
                    1a:42:34:c3:d0:96:66:cf:78:d0:f2:e9:d5:2f:a4:
                    ed:ff:b6:c6:0b:bb:ca:76:e2:72:93:40:5a:05:12:
                    8b:fd:78:51:55:83:56:5a:a0:48:d7:73:ea:05:f9:
                    f6:ed:97:41:8c:94:b6:07:f5:07:ef:92:ee:9e:28:
                    0f:01:9d:ff:f0:66:89:e6:2c:45:8c:58:73:b0:29:
                    b2:c2:b5:82:99:6c:c2:c5:66:db:fc:5b:a5:4e:37:
                    aa:90:72:c0:d1:56:b2:a5:b9:12:64:d3:62:e3:82:
                    55:dd:4f:42:12:20:d9:4e:ae:07:6e:da:dc:b4:a3:
                    ea:a8:ae:ee:d0:40:bb:bf:57:35:3b:7d:2c:dd:59:
                    7c:02:52:50:cb:35:5b:1e:9b:dc:68:58:ff:f8:9b:
                    ec:f8:8d:43:20:8e:64:03:8c:f0:35:7e:2d:7c:66:
                    dc:01:74:9b:5b:21:16:67:ef:3f:d4:31:cc:74:bc:
                    ee:1c:24:ad:a3:21:f6:a9:97:bc:06:91:f0:b5:f6:
                    44:9e:0d:5c:53:2e:88:28:1a:6b:23:09:a2:5c:a5:
                    dc:a8:88:86:13:76:5a:18:b8:be:d4:6d:38:e4:19:
                    e0:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:03:8F:AC:C4:38:0E:F0:A4:22:5F:29:44:23:87:5C:29:50:9A:60
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/vAOPrMQ4DvCkIl8pRCOHXClQmmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:4b:f2:fd:63:d7:f4:d8:16:73:e7:e7:9d:15:5d:c8:f9:07:
         75:8b:ad:7a:c2:20:e2:85:9e:33:e3:00:70:31:96:f9:4c:38:
         9d:c3:de:a0:5a:f1:f3:f2:b1:15:f9:3d:dc:8f:89:48:e5:f8:
         3f:1e:3b:39:77:f4:a1:4a:2c:85:bf:04:93:7e:e7:2e:18:3b:
         53:8a:71:50:ad:e5:23:79:39:bb:58:f3:58:15:96:51:67:e1:
         e0:14:ee:c2:d3:0d:01:83:cf:8e:78:92:cf:8e:fb:1c:d6:6f:
         f5:2d:99:ec:c3:25:2f:d8:62:0e:42:ca:b0:cb:29:4a:64:f5:
         73:93:7f:66:ce:47:34:e5:76:ee:7a:8e:c1:0f:d8:ea:28:10:
         cc:8f:62:b9:cd:40:5d:3d:ea:7a:de:5d:e5:e0:22:22:0f:4b:
         58:ec:e6:c0:8c:d8:1a:81:b3:78:aa:4d:a4:99:34:f5:ea:f9:
         99:f9:3b:f0:45:42:da:3d:d2:40:b8:c3:a5:3b:ea:29:41:21:
         d4:61:b0:b5:24:b6:05:a0:fe:35:b9:9e:28:1d:6c:93:93:aa:
         ba:21:02:c7:d2:50:05:0e:98:a4:a9:a9:c9:1f:dd:ec:85:95:
         a3:97:48:72:92:b2:49:46:af:73:9a:b2:59:78:34:c1:4a:7e:
         ed:de:9c:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg20LimjouzupXWu/pqGf4nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjUwNzIzMTAyNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzAzOGZhY2M0MzgwZWYwYTQyMjVmMjk0NDIzODc1YzI5NTA5YTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6531MW+H603bYLFv+c56iEQaMLP
lejDKTbSwXIaQjTD0JZmz3jQ8unVL6Tt/7bGC7vKduJyk0BaBRKL/XhRVYNWWqBI
13PqBfn27ZdBjJS2B/UH75LunigPAZ3/8GaJ5ixFjFhzsCmywrWCmWzCxWbb/Ful
TjeqkHLA0VaypbkSZNNi44JV3U9CEiDZTq4HbtrctKPqqK7u0EC7v1c1O30s3Vl8
AlJQyzVbHpvcaFj/+Jvs+I1DII5kA4zwNX4tfGbcAXSbWyEWZ+8/1DHMdLzuHCSt
oyH2qZe8BpHwtfZEng1cUy6IKBprIwmiXKXcqIiGE3ZaGLi+1G045BngAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwDj6zEOA7wpCJfKUQjh1wpUJpgMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvdkFPUHJNUTREdkNrSWw4cFJDT0hYQ2xRbW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXoYMA0G
CSqGSIb3DQEBCwUAA4IBAQA+S/L9Y9f02BZz5+edFV3I+Qd1i616wiDihZ4z4wBw
MZb5TDidw96gWvHz8rEV+T3cj4lI5fg/Hjs5d/ShSiyFvwSTfucuGDtTinFQreUj
eTm7WPNYFZZRZ+HgFO7C0w0Bg8+OeJLPjvsc1m/1LZnswyUv2GIOQsqwyylKZPVz
k39mzkc05Xbueo7BD9jqKBDMj2K5zUBdPep63l3l4CIiD0tY7ObAjNgagbN4qk2k
mTT16vmZ+TvwRULaPdJAuMOlO+opQSHUYbC1JLYFoP41uZ4oHWyTk6q6IQLH0lAF
DpikqanJH93shZWjl0hykrJJRq9zmrJZeDTBSn7t3pwe
-----END CERTIFICATE-----