Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/4xVy8n1nhBpAya1KevWUaTI2tB8.roa
File:                     4xVy8n1nhBpAya1KevWUaTI2tB8.roa (raw, json)
Hash identifier:          20aLYH4n1FuIXOWrztzrtcCxRBgx6WLXVkqg5CHqw0k=
Subject key identifier:   E3:15:72:F2:7D:67:84:1A:40:C9:AD:4A:7A:F5:94:69:32:36:B4:1F
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0197651A64A9ADE23C48ACB0963A3517DA3B
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/4xVy8n1nhBpAya1KevWUaTI2tB8.roa
Signing time:             Thu 12 Jun 2025 17:05:17 +0000
ROA not before:           Thu 12 Jun 2025 17:05:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18894
IP address blocks:        109.122.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:65:1a:64:a9:ad:e2:3c:48:ac:b0:96:3a:35:17:da:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jun 12 17:05:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e31572f27d67841a40c9ad4a7af594693236b41f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:51:37:37:07:ce:7e:1a:c9:21:33:a4:88:77:
                    0a:98:f0:b0:f1:01:8c:06:a9:33:9c:c7:81:9b:d4:
                    32:20:a4:69:d3:6d:d5:e6:7b:3e:02:7c:67:20:ed:
                    89:d2:fe:87:d2:a0:14:94:f8:c8:8a:24:3c:ee:6e:
                    73:3b:5b:ba:42:9a:db:c8:89:1e:d4:7c:16:5f:18:
                    74:23:bd:c0:07:c3:07:b0:94:84:44:8c:80:11:72:
                    a3:df:37:b1:a4:d6:18:a4:f0:f8:61:f8:61:ee:0d:
                    98:e6:9e:a9:1e:3f:0f:07:13:c9:63:67:60:f9:7b:
                    58:cf:4c:e8:78:a6:ab:60:e4:3a:93:d0:91:a1:85:
                    64:12:28:84:c2:a3:25:44:5d:c0:b6:2a:c6:2e:9a:
                    08:bf:ac:31:80:71:9b:14:b9:ab:33:89:ce:9f:be:
                    62:37:3d:53:ca:06:81:48:8d:49:e6:d1:c1:3d:28:
                    ab:e8:5e:07:fa:3c:57:fd:81:1d:43:41:1a:25:24:
                    cd:86:18:ff:a5:11:8b:4b:19:1d:f5:21:cb:77:8d:
                    d5:17:59:61:a9:7a:04:fd:c1:cf:b5:c5:25:b9:86:
                    21:24:48:88:99:7c:99:fa:29:78:fc:53:94:01:b1:
                    f9:9c:62:10:04:3e:38:c7:b0:cd:e6:5e:ca:f3:82:
                    7f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:15:72:F2:7D:67:84:1A:40:C9:AD:4A:7A:F5:94:69:32:36:B4:1F
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/4xVy8n1nhBpAya1KevWUaTI2tB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:8a:f7:3c:c9:61:2e:cf:41:49:53:36:3d:f9:81:ba:27:29:
         02:a7:b8:ac:4b:58:1d:ae:b8:52:58:4d:26:b0:66:f7:b8:78:
         97:35:50:0e:6c:1e:1f:20:5d:8c:e0:b9:ee:f9:48:1a:76:da:
         c2:45:8c:4f:b6:9a:d2:b4:55:80:6d:91:20:ce:5d:31:2f:5c:
         91:f3:fc:a7:3c:e9:4c:cb:6d:b8:00:4f:7b:da:91:f2:cb:47:
         f9:72:31:cc:91:54:6b:3f:40:af:a2:e8:c0:04:73:a6:fe:9f:
         4a:62:22:cb:c0:ff:5c:01:9b:61:75:70:b2:a2:87:c6:36:01:
         a8:34:95:38:f5:1b:ce:a2:a3:fe:71:de:82:e9:96:2c:65:b3:
         c6:3d:0e:70:36:96:4f:6b:2c:8b:7d:2c:2b:74:74:fa:ab:65:
         b2:52:55:71:18:df:2f:33:3f:b1:ee:98:23:89:4e:49:1a:7a:
         f7:3e:40:ed:96:a5:20:54:36:6b:70:d7:05:0f:00:3a:d5:84:
         c7:41:9d:e8:5f:1d:be:ed:76:ea:b2:88:b1:9c:e9:9a:95:3e:
         eb:9d:0b:d8:ee:1e:ff:13:fb:ee:a8:ff:6b:47:3f:33:24:c3:
         b8:c8:87:9c:4b:52:dc:64:f6:ed:2c:f1:5d:5c:db:b5:73:2b:
         01:80:25:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdlGmSpreI8SKywljo1F9o7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNjEyMTcwNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzE1NzJmMjdkNjc4NDFhNDBjOWFkNGE3YWY1OTQ2OTMyMzZiNDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8lE3NwfOfhrJITOkiHcKmPCw8QGM
BqkznMeBm9QyIKRp023V5ns+AnxnIO2J0v6H0qAUlPjIiiQ87m5zO1u6QprbyIke
1HwWXxh0I73AB8MHsJSERIyAEXKj3zexpNYYpPD4Yfhh7g2Y5p6pHj8PBxPJY2dg
+XtYz0zoeKarYOQ6k9CRoYVkEiiEwqMlRF3AtirGLpoIv6wxgHGbFLmrM4nOn75i
Nz1TygaBSI1J5tHBPSir6F4H+jxX/YEdQ0EaJSTNhhj/pRGLSxkd9SHLd43VF1lh
qXoE/cHPtcUluYYhJEiImXyZ+il4/FOUAbH5nGIQBD44x7DN5l7K84J/QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMVcvJ9Z4QaQMmtSnr1lGkyNrQfMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvNHhWeThuMW5oQnBBeWExS2V2V1VhVEkydEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo4MA0G
CSqGSIb3DQEBCwUAA4IBAQC2ivc8yWEuz0FJUzY9+YG6JykCp7isS1gdrrhSWE0m
sGb3uHiXNVAObB4fIF2M4Lnu+UgadtrCRYxPtprStFWAbZEgzl0xL1yR8/ynPOlM
y224AE972pHyy0f5cjHMkVRrP0CvoujABHOm/p9KYiLLwP9cAZthdXCyoofGNgGo
NJU49RvOoqP+cd6C6ZYsZbPGPQ5wNpZPayyLfSwrdHT6q2WyUlVxGN8vMz+x7pgj
iU5JGnr3PkDtlqUgVDZrcNcFDwA61YTHQZ3oXx2+7XbqsoixnOmalT7rnQvY7h7/
E/vuqP9rRz8zJMO4yIecS1LcZPbtLPFdXNu1cysBgCVG
-----END CERTIFICATE-----