Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/4czWj5aZMB_R86nok0e-gmmw8FA.roa
File:                     4czWj5aZMB_R86nok0e-gmmw8FA.roa (raw, json)
Hash identifier:          Gv8YcKmGHmiLJguwO6BvvZVFENIayfRvLi+jAcPEdhE=
Subject key identifier:   E1:CC:D6:8F:96:99:30:1F:D1:F3:A9:E8:93:47:BE:82:69:B0:F0:50
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019A1BBBC9D7C763CE212D134DDD1B0AC1C8
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/4czWj5aZMB_R86nok0e-gmmw8FA.roa
Signing time:             Sat 25 Oct 2025 14:18:02 +0000
ROA not before:           Sat 25 Oct 2025 14:18:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        185.65.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1b:bb:c9:d7:c7:63:ce:21:2d:13:4d:dd:1b:0a:c1:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Oct 25 14:18:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1ccd68f9699301fd1f3a9e89347be8269b0f050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:65:db:b1:72:8c:c9:c4:67:69:c3:a8:a9:29:
                    4d:78:25:be:90:57:35:df:4c:f1:69:2b:f4:86:36:
                    7f:10:05:5a:3b:48:7c:c5:b3:7a:dc:b5:f3:79:d7:
                    26:6a:5e:29:f2:fe:93:ac:30:cb:ac:b2:55:0d:8c:
                    1e:b2:f5:8d:f4:c3:6f:18:8d:cf:a5:60:53:2a:15:
                    b8:bf:22:2a:1c:c7:01:64:0f:3a:b5:ff:db:cb:4c:
                    b5:65:27:e3:f5:e1:70:02:cc:61:77:77:a2:e2:61:
                    d3:40:3f:f1:27:17:8e:0b:9e:f9:70:8f:dd:01:24:
                    ce:5e:1a:c1:bb:70:8c:43:96:cd:7b:f1:63:2e:1d:
                    ab:c1:26:51:5b:8e:ac:22:96:41:62:f6:00:b3:8a:
                    ec:c4:77:61:d8:cb:55:4a:97:3a:06:ab:01:3d:01:
                    a8:70:4c:85:44:64:78:b3:22:43:12:b8:99:a3:73:
                    73:34:89:b4:dc:92:40:48:b3:22:58:47:ca:d3:96:
                    ca:da:b9:d8:0a:36:d9:ff:f8:b9:59:aa:fe:18:47:
                    7b:a4:ac:34:2b:f6:37:91:32:5e:8a:77:f2:04:f0:
                    a1:37:7c:f4:d7:1b:3f:b9:ef:7d:ee:be:e8:90:a6:
                    65:9a:ad:f7:b5:52:9a:c2:54:41:3c:b5:84:ce:fe:
                    bd:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:CC:D6:8F:96:99:30:1F:D1:F3:A9:E8:93:47:BE:82:69:B0:F0:50
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/4czWj5aZMB_R86nok0e-gmmw8FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:52:a4:08:45:d8:e7:16:56:e5:b4:58:86:2a:54:58:2f:d3:
         84:41:1d:c5:91:7b:84:49:d8:84:03:ce:b8:f5:5d:2d:b5:a0:
         b9:87:b1:22:1a:85:fa:ac:ed:ee:1e:5d:b0:32:76:b5:7d:cd:
         c1:9f:ef:d6:9e:01:7f:04:f9:18:a2:30:88:6e:ab:a2:4b:ac:
         48:e5:97:71:fe:df:9b:fd:e5:4d:19:14:a3:e2:da:b9:e7:c9:
         79:ab:00:68:86:a8:49:54:93:4d:c9:e4:ad:4d:97:a4:5a:f3:
         33:9a:d4:7d:5f:f8:9d:66:9d:a0:b7:0b:8d:cc:49:e4:b6:64:
         a5:8f:cd:42:69:7a:12:4c:4b:a5:a6:9d:ca:37:57:92:57:f3:
         5d:11:0b:03:42:64:de:36:f7:7a:78:cf:ec:ba:ad:7b:8a:5a:
         e7:ef:d3:e8:d0:0c:96:5a:04:7e:e4:46:81:02:f3:4f:1a:d9:
         53:36:18:d2:54:59:6a:c3:bf:7a:d4:a0:1e:2a:d1:b7:45:8e:
         4e:9f:28:24:fe:0b:51:e8:52:d1:6f:94:e5:d0:e0:42:07:0e:
         4d:b2:72:37:1e:7c:11:35:61:37:99:e5:99:54:79:34:26:62:
         83:ad:e0:ee:da:d9:a7:30:0d:92:c4:38:80:ed:fe:44:7e:8b:
         a4:88:f8:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZobu8nXx2POIS0TTd0bCsHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUxMDI1MTQxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWNjZDY4Zjk2OTkzMDFmZDFmM2E5ZTg5MzQ3YmU4MjY5YjBmMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGXbsXKMycRnacOoqSlNeCW+kFc1
30zxaSv0hjZ/EAVaO0h8xbN63LXzedcmal4p8v6TrDDLrLJVDYwesvWN9MNvGI3P
pWBTKhW4vyIqHMcBZA86tf/by0y1ZSfj9eFwAsxhd3ei4mHTQD/xJxeOC575cI/d
ASTOXhrBu3CMQ5bNe/FjLh2rwSZRW46sIpZBYvYAs4rsxHdh2MtVSpc6BqsBPQGo
cEyFRGR4syJDEriZo3NzNIm03JJASLMiWEfK05bK2rnYCjbZ//i5War+GEd7pKw0
K/Y3kTJeinfyBPChN3z01xs/ue997r7okKZlmq33tVKawlRBPLWEzv697QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHM1o+WmTAf0fOp6JNHvoJpsPBQMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvNGN6V2o1YVpNQl9SODZub2swZS1nbW13OEZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUE+MA0G
CSqGSIb3DQEBCwUAA4IBAQAlUqQIRdjnFlbltFiGKlRYL9OEQR3FkXuESdiEA864
9V0ttaC5h7EiGoX6rO3uHl2wMna1fc3Bn+/WngF/BPkYojCIbquiS6xI5Zdx/t+b
/eVNGRSj4tq558l5qwBohqhJVJNNyeStTZekWvMzmtR9X/idZp2gtwuNzEnktmSl
j81CaXoSTEulpp3KN1eSV/NdEQsDQmTeNvd6eM/suq17ilrn79Po0AyWWgR+5EaB
AvNPGtlTNhjSVFlqw7961KAeKtG3RY5Onygk/gtR6FLRb5Tl0OBCBw5NsnI3HnwR
NWE3meWZVHk0JmKDreDu2tmnMA2SxDiA7f5EfoukiPhv
-----END CERTIFICATE-----