Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/IPSfZ0fvPhCDMmGUAtBirzIAECA.roa
File:                     IPSfZ0fvPhCDMmGUAtBirzIAECA.roa (raw, json)
Hash identifier:          R/HMW9jnD+CXP7TVHQiTppM88KPbRPAgQmIbho1dj50=
Subject key identifier:   20:F4:9F:67:47:EF:3E:10:83:32:61:94:02:D0:62:AF:32:00:10:20
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019D8AB2B3B8D13F3EF5F73E34DB0A5E3A50
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/IPSfZ0fvPhCDMmGUAtBirzIAECA.roa
Signing time:             Tue 14 Apr 2026 06:34:20 +0000
ROA not before:           Tue 14 Apr 2026 06:34:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198250
IP address blocks:        109.122.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8a:b2:b3:b8:d1:3f:3e:f5:f7:3e:34:db:0a:5e:3a:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Apr 14 06:34:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20f49f6747ef3e108332619402d062af32001020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:bb:6c:c1:d9:e7:53:a0:cf:9b:b9:b6:05:0e:
                    4a:3c:dc:d0:b5:1c:5e:cf:69:d4:f0:28:d6:b9:f0:
                    b9:ec:35:82:4a:ff:0e:11:84:08:5f:5d:8c:17:f1:
                    4d:48:16:3c:8d:0a:d5:73:b2:93:0f:88:c7:b7:8b:
                    f5:3a:94:ae:38:2a:20:de:2e:95:6e:fa:ef:e1:8a:
                    bd:63:e7:df:ef:34:1c:5b:ee:d1:93:42:24:0e:70:
                    6f:99:1e:45:16:f2:85:27:b0:68:1a:05:45:c1:c0:
                    3b:74:66:cf:db:32:68:e0:0f:07:55:a9:b0:02:a0:
                    9e:ce:e3:61:9f:b7:d7:dc:c8:ac:95:85:36:43:ce:
                    7d:5f:47:0f:97:5b:2c:ba:b6:83:cf:3e:5c:b0:df:
                    73:6b:05:2f:38:b9:b0:22:de:dd:33:53:6a:dc:24:
                    7e:92:99:fa:e2:ef:fb:83:a6:30:b0:bb:1c:35:5d:
                    24:8a:a4:75:83:a3:18:2f:9e:3d:15:5d:2d:6d:32:
                    f7:4f:a7:b7:0b:34:07:29:24:e0:6c:5a:87:7c:f6:
                    7f:a1:ca:f3:11:fd:06:b7:3b:05:21:ce:2d:bd:66:
                    cb:3f:05:0f:6e:39:e0:74:12:98:6f:b1:87:a9:a2:
                    27:d4:78:f7:68:1e:c5:e0:1b:37:a3:dc:41:94:50:
                    66:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F4:9F:67:47:EF:3E:10:83:32:61:94:02:D0:62:AF:32:00:10:20
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/IPSfZ0fvPhCDMmGUAtBirzIAECA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f0:80:71:3e:d2:6c:cb:11:27:70:c2:ed:fd:48:d3:51:c1:
         b0:39:20:b4:59:63:27:ef:6f:8f:62:c7:a6:e4:fd:6f:2c:e8:
         03:98:2e:03:d0:ea:04:e7:78:49:86:71:c1:a5:62:89:9a:28:
         58:55:0c:42:e3:c9:c4:2a:a1:32:82:10:dd:be:b8:7c:5e:73:
         2d:b6:bd:69:f4:27:1e:83:a9:c2:af:e1:24:dd:79:ad:87:6b:
         21:44:81:07:52:f5:57:33:c2:ef:30:fa:ef:4e:22:3d:f8:c6:
         4e:bc:50:cc:50:e4:7f:44:cc:5b:da:2c:ed:05:7a:55:66:95:
         63:32:a9:e8:92:08:21:27:9b:4f:02:c5:a8:a3:3d:9d:c6:ac:
         ba:7b:49:36:ef:5c:f4:48:85:5d:e7:a3:e6:ac:6b:bd:56:f0:
         25:bd:d9:a6:31:e6:f0:a7:8a:21:6e:05:7a:98:5b:57:32:b1:
         e9:c7:1d:7a:3e:a4:97:fd:93:e2:d3:a9:3f:7d:49:7f:0e:4e:
         88:22:53:4c:95:13:57:a2:fe:0e:dc:c9:f1:26:0d:b7:6a:7c:
         d6:58:c7:ec:d3:fb:e0:fa:94:e9:3d:75:89:0b:b9:0c:40:ce:
         22:5c:c3:35:17:60:d7:12:e0:35:0a:97:93:29:1b:39:7d:3f:
         27:7a:2a:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2KsrO40T8+9fc+NNsKXjpQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwNDE0MDYzNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGY0OWY2NzQ3ZWYzZTEwODMzMjYxOTQwMmQwNjJhZjMyMDAxMDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rtswdnnU6DPm7m2BQ5KPNzQtRxe
z2nU8CjWufC57DWCSv8OEYQIX12MF/FNSBY8jQrVc7KTD4jHt4v1OpSuOCog3i6V
bvrv4Yq9Y+ff7zQcW+7Rk0IkDnBvmR5FFvKFJ7BoGgVFwcA7dGbP2zJo4A8HVamw
AqCezuNhn7fX3MislYU2Q859X0cPl1ssuraDzz5csN9zawUvOLmwIt7dM1Nq3CR+
kpn64u/7g6YwsLscNV0kiqR1g6MYL549FV0tbTL3T6e3CzQHKSTgbFqHfPZ/ocrz
Ef0GtzsFIc4tvWbLPwUPbjngdBKYb7GHqaIn1Hj3aB7F4Bs3o9xBlFBmuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCD0n2dH7z4QgzJhlALQYq8yABAgMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvSVBTZlowZnZQaENETW1HVUF0QmlyeklBRUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo7MA0G
CSqGSIb3DQEBCwUAA4IBAQBG8IBxPtJsyxEncMLt/UjTUcGwOSC0WWMn72+PYsem
5P1vLOgDmC4D0OoE53hJhnHBpWKJmihYVQxC48nEKqEyghDdvrh8XnMttr1p9Cce
g6nCr+Ek3Xmth2shRIEHUvVXM8LvMPrvTiI9+MZOvFDMUOR/RMxb2iztBXpVZpVj
MqnokgghJ5tPAsWooz2dxqy6e0k271z0SIVd56PmrGu9VvAlvdmmMebwp4ohbgV6
mFtXMrHpxx16PqSX/ZPi06k/fUl/Dk6IIlNMlRNXov4O3MnxJg23anzWWMfs0/vg
+pTpPXWJC7kMQM4iXMM1F2DXEuA1CpeTKRs5fT8neiqu
-----END CERTIFICATE-----