Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/o9mqiTtH3S2KZnujvjvvDG0aICg.roa
File:                     o9mqiTtH3S2KZnujvjvvDG0aICg.roa (raw, json)
Hash identifier:          KCs0ZnZjjQktrTca+UXk7YMlBgyjltzEeWWRRRwCKw8=
Subject key identifier:   A3:D9:AA:89:3B:47:DD:2D:8A:66:7B:A3:BE:3B:EF:0C:6D:1A:20:28
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019D531DA9EA4BF209059B2678E73C2121FC
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/o9mqiTtH3S2KZnujvjvvDG0aICg.roa
Signing time:             Fri 03 Apr 2026 11:32:26 +0000
ROA not before:           Fri 03 Apr 2026 11:32:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        109.122.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:53:1d:a9:ea:4b:f2:09:05:9b:26:78:e7:3c:21:21:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Apr  3 11:32:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3d9aa893b47dd2d8a667ba3be3bef0c6d1a2028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d2:ec:4c:dc:21:14:a5:10:7e:e2:52:b4:c6:
                    95:ce:b3:a2:f7:00:e7:c5:bb:c7:de:eb:72:c2:cd:
                    b0:f7:87:3d:97:fb:e0:3f:e2:65:23:59:66:56:61:
                    d0:06:36:95:c0:80:1e:84:6b:15:f4:dc:ec:16:21:
                    a3:61:0b:9e:0c:48:dd:a4:6e:7a:69:50:60:b0:60:
                    46:e7:cd:1a:ec:21:7c:c4:69:24:5e:29:fb:63:9b:
                    21:c8:ba:12:6b:b4:ef:3c:31:cc:c8:e9:4e:40:4d:
                    b9:d8:74:95:62:af:cf:d2:ed:f7:de:9c:fd:ad:8b:
                    85:e6:5c:98:b9:93:bc:55:77:69:d1:5b:59:e1:94:
                    df:4b:33:11:38:c1:52:df:92:0b:64:5a:49:c8:72:
                    66:c8:36:d7:bb:3c:23:6a:dd:d9:4f:ea:d8:a9:a8:
                    77:da:c9:14:78:fc:6f:e3:0c:f9:2d:55:a1:c4:06:
                    3d:fc:cd:1f:42:da:b1:71:02:9e:4e:6f:c9:37:32:
                    88:62:94:b8:00:96:c5:d3:67:f7:76:4b:4c:bf:12:
                    a3:e3:ab:8a:94:a4:7a:de:52:67:9f:92:15:3d:55:
                    ad:26:78:6e:9e:0d:cd:ca:6f:80:c9:10:45:e5:58:
                    db:9e:2b:d7:a2:a3:86:44:8b:ee:e1:32:7f:b6:ac:
                    76:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D9:AA:89:3B:47:DD:2D:8A:66:7B:A3:BE:3B:EF:0C:6D:1A:20:28
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/o9mqiTtH3S2KZnujvjvvDG0aICg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:5e:c2:56:70:58:48:5b:4d:58:af:51:52:cf:87:cf:d0:96:
         fc:2c:7e:d9:f0:40:28:71:d0:17:4d:4f:37:cc:da:35:de:0a:
         9a:de:48:2c:36:4b:bf:98:19:4b:ec:8e:16:b4:09:6e:3e:ea:
         0d:df:bb:08:79:ff:ca:9e:47:a5:62:52:f5:3d:fe:87:fb:5b:
         b0:9f:6e:70:22:32:85:44:ee:cf:4a:76:48:71:6d:3c:2e:15:
         0a:8a:ce:2e:02:7c:3a:c9:9b:92:67:fc:aa:b3:21:4f:08:83:
         97:89:f8:39:24:a9:05:44:ae:0a:c1:31:98:88:76:c9:5b:24:
         be:3c:ec:4e:8c:e0:a1:c7:a3:3c:1e:54:77:87:5e:ec:a9:ac:
         26:72:f6:70:cb:93:f3:7d:21:81:0a:3f:07:46:68:9e:ae:32:
         f5:a4:78:47:b5:48:37:6f:b0:89:4b:05:e0:3d:a1:ef:cc:d6:
         bf:17:2a:f5:d0:ba:14:ca:1b:3d:b2:98:6a:1f:64:9e:cd:b4:
         c9:33:da:22:6b:bb:65:a2:0f:65:38:de:d6:ea:a3:26:7d:32:
         5c:7b:6c:ea:8f:28:c7:ec:bb:35:27:7b:a4:e5:ab:4b:b4:fe:
         02:ca:7a:85:c7:c0:f8:2c:35:49:08:8b:eb:bc:a1:9b:ef:61:
         1c:00:19:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1THanqS/IJBZsmeOc8ISH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwNDAzMTEzMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Q5YWE4OTNiNDdkZDJkOGE2NjdiYTNiZTNiZWYwYzZkMWEyMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9LsTNwhFKUQfuJStMaVzrOi9wDn
xbvH3utyws2w94c9l/vgP+JlI1lmVmHQBjaVwIAehGsV9NzsFiGjYQueDEjdpG56
aVBgsGBG580a7CF8xGkkXin7Y5shyLoSa7TvPDHMyOlOQE252HSVYq/P0u333pz9
rYuF5lyYuZO8VXdp0VtZ4ZTfSzMROMFS35ILZFpJyHJmyDbXuzwjat3ZT+rYqah3
2skUePxv4wz5LVWhxAY9/M0fQtqxcQKeTm/JNzKIYpS4AJbF02f3dktMvxKj46uK
lKR63lJnn5IVPVWtJnhung3Nym+AyRBF5VjbnivXoqOGRIvu4TJ/tqx2GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPZqok7R90timZ7o7477wxtGiAoMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvbzltcWlUdEgzUzJLWm51anZqdnZERzBhSUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo6MA0G
CSqGSIb3DQEBCwUAA4IBAQB1XsJWcFhIW01Yr1FSz4fP0Jb8LH7Z8EAocdAXTU83
zNo13gqa3kgsNku/mBlL7I4WtAluPuoN37sIef/KnkelYlL1Pf6H+1uwn25wIjKF
RO7PSnZIcW08LhUKis4uAnw6yZuSZ/yqsyFPCIOXifg5JKkFRK4KwTGYiHbJWyS+
POxOjOChx6M8HlR3h17sqawmcvZwy5PzfSGBCj8HRmierjL1pHhHtUg3b7CJSwXg
PaHvzNa/Fyr10LoUyhs9sphqH2SezbTJM9oia7tlog9lON7W6qMmfTJce2zqjyjH
7Ls1J3uk5atLtP4CynqFx8D4LDVJCIvrvKGb72EcABmC
-----END CERTIFICATE-----