Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/WMQxf1zi-Lf6j9Cav2HEsfqjShk.roa
File:                     WMQxf1zi-Lf6j9Cav2HEsfqjShk.roa (raw, json)
Hash identifier:          6N/qUEPFoSq8fQxUA5quoxJstsRBkcyzrlkubzD8xSA=
Subject key identifier:   58:C4:31:7F:5C:E2:F8:B7:FA:8F:D0:9A:BF:61:C4:B1:FA:A3:4A:19
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0196CEA52125CBBCE13DF04F443D140B6034
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/WMQxf1zi-Lf6j9Cav2HEsfqjShk.roa
Signing time:             Wed 14 May 2025 11:54:10 +0000
ROA not before:           Wed 14 May 2025 11:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7224
IP address blocks:        109.122.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:a5:21:25:cb:bc:e1:3d:f0:4f:44:3d:14:0b:60:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: May 14 11:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58c4317f5ce2f8b7fa8fd09abf61c4b1faa34a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:99:c8:be:99:50:f2:a8:90:49:41:e0:36:37:
                    7c:47:ab:9a:dc:09:4f:28:54:56:48:bc:3e:16:16:
                    85:9f:22:cd:c8:e7:87:6e:5f:39:45:d2:b1:18:27:
                    c9:a1:21:96:c0:0b:35:53:5c:cb:bb:ff:e4:b2:89:
                    b8:82:e8:66:ca:4f:45:3d:e7:ea:cf:50:fb:19:3b:
                    f9:22:35:ce:3d:0c:ea:3b:4a:8c:b8:47:75:aa:af:
                    cd:a8:64:55:41:6d:4d:bf:94:33:d4:26:9a:eb:a2:
                    2f:88:c0:3f:16:a8:ea:5b:11:9e:17:dd:5b:4c:52:
                    f0:15:4b:75:b9:3b:4f:f3:2a:3f:88:57:ab:cc:76:
                    3d:af:48:8e:1e:05:23:3e:3f:b0:81:50:21:f4:58:
                    b6:1e:ed:93:83:e7:b5:57:1b:3a:11:ec:d6:c1:5c:
                    a7:b5:c8:4e:7b:ea:c9:22:f2:d4:dc:e4:1b:6b:c7:
                    92:00:bf:2f:17:e1:30:ec:44:6d:8f:8c:32:cf:17:
                    bb:4f:01:30:74:3b:b7:41:e7:66:21:ee:00:de:41:
                    34:4b:36:0b:a3:56:1d:40:41:3d:17:81:9b:0c:1a:
                    6b:d6:fd:22:66:27:8a:d8:a4:08:e4:30:44:8d:a4:
                    1e:32:0a:80:63:bd:f3:1e:dc:38:57:01:42:42:15:
                    68:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:C4:31:7F:5C:E2:F8:B7:FA:8F:D0:9A:BF:61:C4:B1:FA:A3:4A:19
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/WMQxf1zi-Lf6j9Cav2HEsfqjShk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:ca:62:e9:46:d7:fc:a4:73:47:95:b6:14:2c:9e:ae:5a:88:
         a1:79:28:e6:77:68:80:df:d6:d1:59:4a:d3:8c:71:6a:c9:a4:
         53:72:60:2b:4b:30:f5:5f:52:68:9f:5c:e2:de:b0:36:89:f8:
         44:6c:9a:81:c1:8c:af:3d:26:23:42:9d:53:88:8d:71:84:08:
         09:97:d1:8e:44:93:c8:74:30:39:5f:ea:e7:64:6b:f9:8d:ad:
         3a:f6:89:54:b2:f3:6e:02:45:c5:41:0b:52:8c:fa:4b:72:0f:
         4c:95:09:20:64:d3:c3:8d:eb:71:33:48:aa:11:b7:42:c4:33:
         ee:3d:db:d3:5a:7a:8d:7b:e0:5e:36:fd:5e:30:2a:ac:70:34:
         0a:56:5d:a7:05:05:c6:8c:71:6a:c6:23:e8:d6:65:e3:86:dc:
         79:d5:2b:a4:9a:c4:38:4e:f8:b6:49:da:f5:b2:d1:7a:f8:b6:
         9a:f9:ce:22:4e:6d:b7:5d:8e:f2:65:d1:1a:8a:3b:36:e1:81:
         a5:21:4d:17:49:3a:bc:8c:5b:42:7f:07:a3:5b:1b:ef:72:9d:
         c3:60:b6:48:41:d5:5b:d2:01:99:b1:6e:b8:79:57:97:fd:44:
         b5:0b:cd:5b:08:7d:00:05:fb:30:b4:f4:dc:c1:f3:92:49:a7:
         70:88:11:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbOpSEly7zhPfBPRD0UC2A0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNTE0MTE1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGM0MzE3ZjVjZTJmOGI3ZmE4ZmQwOWFiZjYxYzRiMWZhYTM0YTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5nIvplQ8qiQSUHgNjd8R6ua3AlP
KFRWSLw+FhaFnyLNyOeHbl85RdKxGCfJoSGWwAs1U1zLu//ksom4guhmyk9FPefq
z1D7GTv5IjXOPQzqO0qMuEd1qq/NqGRVQW1Nv5Qz1Caa66IviMA/FqjqWxGeF91b
TFLwFUt1uTtP8yo/iFerzHY9r0iOHgUjPj+wgVAh9Fi2Hu2Tg+e1Vxs6EezWwVyn
tchOe+rJIvLU3OQba8eSAL8vF+Ew7ERtj4wyzxe7TwEwdDu3QedmIe4A3kE0SzYL
o1YdQEE9F4GbDBpr1v0iZieK2KQI5DBEjaQeMgqAY73zHtw4VwFCQhVoIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjEMX9c4vi3+o/Qmr9hxLH6o0oZMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvV01ReGYxemktTGY2ajlDYXYySEVzZnFqU2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo5MA0G
CSqGSIb3DQEBCwUAA4IBAQBhymLpRtf8pHNHlbYULJ6uWoiheSjmd2iA39bRWUrT
jHFqyaRTcmArSzD1X1Jon1zi3rA2ifhEbJqBwYyvPSYjQp1TiI1xhAgJl9GORJPI
dDA5X+rnZGv5ja069olUsvNuAkXFQQtSjPpLcg9MlQkgZNPDjetxM0iqEbdCxDPu
PdvTWnqNe+BeNv1eMCqscDQKVl2nBQXGjHFqxiPo1mXjhtx51SukmsQ4Tvi2Sdr1
stF6+Laa+c4iTm23XY7yZdEaijs24YGlIU0XSTq8jFtCfwejWxvvcp3DYLZIQdVb
0gGZsW64eVeX/US1C81bCH0ABfswtPTcwfOSSadwiBHu
-----END CERTIFICATE-----