Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/p_UwPPQQZDsBfAg4HBAR7nWjimo.roa
File:                     p_UwPPQQZDsBfAg4HBAR7nWjimo.roa (raw, json)
Hash identifier:          GvtbVZusOeT67R9IkrXg2CtRp7KCBet7PDPO6W/fd9c=
Subject key identifier:   A7:F5:30:3C:F4:10:64:3B:01:7C:08:38:1C:10:11:EE:75:A3:8A:6A
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019A30B9F052D37701871F3871797C5155C0
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/p_UwPPQQZDsBfAg4HBAR7nWjimo.roa
Signing time:             Wed 29 Oct 2025 16:08:03 +0000
ROA not before:           Wed 29 Oct 2025 16:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        79.172.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:30:b9:f0:52:d3:77:01:87:1f:38:71:79:7c:51:55:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Oct 29 16:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7f5303cf410643b017c08381c1011ee75a38a6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:14:e4:1f:62:bf:ae:99:e0:d9:90:dc:0e:0a:
                    91:ff:97:5c:3e:f7:06:50:61:91:5c:6a:28:25:73:
                    39:2a:06:56:49:5a:27:e9:53:0b:ff:99:28:4e:67:
                    d2:d6:15:c4:e9:12:46:07:6d:5a:a5:98:23:ff:3c:
                    b5:8d:2b:11:47:75:49:18:8e:b1:a4:fa:ed:4d:db:
                    72:b2:0d:f5:81:b7:26:0c:bf:6b:36:70:d7:e3:2a:
                    b2:fb:cf:99:2c:4f:03:b1:e1:74:51:68:20:cb:72:
                    0d:b3:79:1e:09:70:5c:e5:54:95:b1:ce:09:1f:2a:
                    25:55:0b:8b:81:2d:35:d2:61:5f:15:07:7e:85:b8:
                    99:ff:aa:6f:22:0e:f9:f6:39:5e:18:be:ff:5f:78:
                    7a:23:e4:bf:24:8e:e8:2c:91:a8:5b:ff:6f:26:6a:
                    13:bd:2b:2c:37:21:d1:16:d2:ea:43:92:55:89:71:
                    72:a0:6f:0a:ed:d2:aa:29:69:b0:4c:e7:65:87:8d:
                    ef:6d:dc:f5:d9:84:2d:f7:b0:b6:e1:a9:6c:45:6d:
                    ee:84:bd:1e:6e:42:d1:c5:b3:09:e5:3b:76:05:b0:
                    3c:4c:21:e0:52:b1:dc:f1:05:fd:0a:33:7e:72:c7:
                    0b:a2:bd:e5:9a:87:25:bc:2d:ea:51:79:3b:69:94:
                    7b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F5:30:3C:F4:10:64:3B:01:7C:08:38:1C:10:11:EE:75:A3:8A:6A
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/p_UwPPQQZDsBfAg4HBAR7nWjimo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:83:25:32:27:6d:ce:34:26:7b:8e:b8:f4:17:38:1a:3f:30:
         41:26:18:52:e8:0a:02:c1:28:62:00:78:b6:72:f0:05:49:d1:
         b5:51:86:68:f9:cb:6b:1e:b1:a6:cf:13:15:e7:5c:49:f9:cc:
         3b:03:b4:8b:e2:3e:95:fc:6e:d0:c9:fc:4b:a2:62:d8:2f:06:
         85:e5:64:4c:68:7b:b9:cf:e5:03:f2:4a:56:13:fd:02:b3:aa:
         1e:e9:6a:1f:3e:19:e0:0e:23:33:a8:e8:c0:1a:f0:4c:89:37:
         44:35:aa:ae:39:be:2a:e0:c1:d3:fb:6c:88:d6:bc:57:c7:50:
         ee:98:c0:bb:1e:96:d1:67:39:6a:7d:e0:38:3e:3b:6f:6b:ea:
         1d:c4:ac:d1:64:53:ae:e1:00:b1:3e:35:f4:d7:56:56:e5:17:
         8b:be:21:9a:ac:fe:78:df:b9:9a:2f:2a:bd:1e:9d:5e:e6:4e:
         49:2c:6c:87:96:ca:e8:01:22:eb:5b:ca:2d:03:97:26:ef:5e:
         90:4e:00:5d:6b:fd:1e:bc:dc:21:c4:56:04:83:3a:e2:8b:c5:
         f0:31:79:9a:0c:bb:81:75:64:b0:0c:a7:51:47:ca:3f:ec:7a:
         7a:95:62:dd:3d:33:43:57:99:ed:b1:27:d9:81:fc:90:e9:b4:
         5c:7d:ed:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZowufBS03cBhx84cXl8UVXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUxMDI5MTYwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2Y1MzAzY2Y0MTA2NDNiMDE3YzA4MzgxYzEwMTFlZTc1YTM4YTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9RTkH2K/rpng2ZDcDgqR/5dcPvcG
UGGRXGooJXM5KgZWSVon6VML/5koTmfS1hXE6RJGB21apZgj/zy1jSsRR3VJGI6x
pPrtTdtysg31gbcmDL9rNnDX4yqy+8+ZLE8DseF0UWggy3INs3keCXBc5VSVsc4J
HyolVQuLgS010mFfFQd+hbiZ/6pvIg759jleGL7/X3h6I+S/JI7oLJGoW/9vJmoT
vSssNyHRFtLqQ5JViXFyoG8K7dKqKWmwTOdlh43vbdz12YQt97C24alsRW3uhL0e
bkLRxbMJ5Tt2BbA8TCHgUrHc8QX9CjN+cscLor3lmoclvC3qUXk7aZR74QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKf1MDz0EGQ7AXwIOBwQEe51o4pqMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvcF9Vd1BQUVFaRHNCZkFnNEhCQVI3bldqaW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zJMA0G
CSqGSIb3DQEBCwUAA4IBAQBCgyUyJ23ONCZ7jrj0FzgaPzBBJhhS6AoCwShiAHi2
cvAFSdG1UYZo+ctrHrGmzxMV51xJ+cw7A7SL4j6V/G7QyfxLomLYLwaF5WRMaHu5
z+UD8kpWE/0Cs6oe6WofPhngDiMzqOjAGvBMiTdENaquOb4q4MHT+2yI1rxXx1Du
mMC7HpbRZzlqfeA4Pjtva+odxKzRZFOu4QCxPjX011ZW5ReLviGarP5437maLyq9
Hp1e5k5JLGyHlsroASLrW8otA5cm716QTgBda/0evNwhxFYEgzrii8XwMXmaDLuB
dWSwDKdRR8o/7Hp6lWLdPTNDV5ntsSfZgfyQ6bRcfe3v
-----END CERTIFICATE-----