Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/_IPRbMWwskVt3IbCmXEmagAHz9s.roa
File:                     _IPRbMWwskVt3IbCmXEmagAHz9s.roa (raw, json)
Hash identifier:          HH3Sf7d/mGsMAjOImxuCaLyQ45/rThGApKwsbdwUpNs=
Subject key identifier:   FC:83:D1:6C:C5:B0:B2:45:6D:DC:86:C2:99:71:26:6A:00:07:CF:DB
Certificate issuer:       /CN=96e6f77cbda101987d9dfc84be90b6fba66adc9f
Certificate serial:       01985CE3CA0C0F3EAE104E77137292E6B42B
Authority key identifier: 96:E6:F7:7C:BD:A1:01:98:7D:9D:FC:84:BE:90:B6:FB:A6:6A:DC:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/_IPRbMWwskVt3IbCmXEmagAHz9s.roa
Signing time:             Wed 30 Jul 2025 19:51:28 +0000
ROA not before:           Wed 30 Jul 2025 19:51:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8801
IP address blocks:        193.56.176.0/22 maxlen: 22
                          2a10:f301::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 13:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5c:e3:ca:0c:0f:3e:ae:10:4e:77:13:72:92:e6:b4:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96e6f77cbda101987d9dfc84be90b6fba66adc9f
        Validity
            Not Before: Jul 30 19:51:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc83d16cc5b0b2456ddc86c29971266a0007cfdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f7:4d:1b:a7:7d:87:e1:7c:59:c0:cd:56:6d:
                    e9:67:85:60:ad:04:dd:78:52:8e:c5:6d:65:6c:eb:
                    b2:1c:38:9e:d6:c8:40:86:38:36:eb:ed:29:a7:5b:
                    10:47:4b:63:54:b9:47:60:2a:62:81:0d:05:a0:ca:
                    56:95:6b:67:32:80:2e:42:91:af:77:bc:94:06:39:
                    20:5c:c1:a2:01:ed:c1:98:27:64:ec:37:46:ee:2b:
                    55:e5:4e:c9:1c:bb:75:c0:5a:ec:33:6a:ac:a4:98:
                    94:57:35:85:79:bf:01:24:32:7e:27:9c:4a:b8:14:
                    c2:a7:a4:2c:a6:24:a5:a5:12:e6:0c:c6:71:ce:41:
                    be:88:e7:cc:fb:91:d9:e6:6f:a6:6c:79:b5:29:22:
                    2b:c1:be:66:dc:22:db:2a:c0:2f:13:b9:b4:74:a4:
                    86:32:09:b8:16:28:dc:2e:c2:b7:04:c4:a0:79:11:
                    6e:eb:ef:83:97:49:73:d9:a9:e4:86:e1:2b:b1:33:
                    7f:ce:30:f7:ca:54:bf:48:0d:37:2f:64:f4:ae:3c:
                    cb:f6:0f:31:a2:27:ad:55:51:0c:15:e1:95:45:de:
                    c9:91:f8:2a:d0:23:89:9e:71:ee:30:97:bf:c3:03:
                    a5:43:da:f3:d3:40:c2:ad:6a:e9:57:92:6a:8a:f8:
                    8b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:83:D1:6C:C5:B0:B2:45:6D:DC:86:C2:99:71:26:6A:00:07:CF:DB
            X509v3 Authority Key Identifier:
                keyid:96:E6:F7:7C:BD:A1:01:98:7D:9D:FC:84:BE:90:B6:FB:A6:6A:DC:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/_IPRbMWwskVt3IbCmXEmagAHz9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.176.0/22
                IPv6:
                  2a10:f301::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:0b:1d:c4:1e:7f:96:1a:7e:7e:13:63:d2:ff:f5:be:12:97:
         b6:9d:8b:cd:eb:18:3d:51:69:a3:08:b3:81:27:f6:63:9b:ec:
         3a:e1:90:29:68:f1:ce:34:96:0e:13:5a:7d:34:74:26:46:45:
         9b:cf:53:72:39:af:1d:68:43:f0:26:bd:a8:ff:39:94:45:ae:
         95:f9:4a:6f:eb:75:f0:06:ee:46:1a:bb:0d:62:ad:43:68:d7:
         e0:64:ad:d2:11:6c:db:ba:95:4e:d4:a1:83:d2:c6:c2:1b:2e:
         32:e4:6e:ef:b5:aa:d3:1a:2d:a3:c4:63:18:a0:bb:36:25:ee:
         ed:00:6a:c6:c2:a3:c4:e9:48:30:a1:32:d7:04:b0:94:e7:fa:
         9d:4c:f2:11:d0:37:47:e3:a1:89:bc:aa:2f:76:8d:32:5e:0c:
         e1:a7:40:d5:7a:27:8a:88:d2:0e:c1:19:be:2b:1d:26:b7:e3:
         52:01:74:e0:9d:03:16:ab:e0:4d:bf:f9:98:3e:73:31:66:26:
         9b:52:53:0d:5f:14:0a:44:4e:e7:f2:0d:3b:83:a6:47:e7:9e:
         9b:6a:f7:3e:28:4f:23:81:cc:85:b5:2c:e8:53:f7:03:cd:8e:
         73:6b:f8:7d:07:e7:90:d9:44:e4:c2:25:de:19:ad:9c:1c:88:
         8b:c0:cf:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhc48oMDz6uEE53E3KS5rQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZTZmNzdjYmRhMTAxOTg3ZDlkZmM4NGJlOTBiNmZiYTY2
YWRjOWYwHhcNMjUwNzMwMTk1MTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzgzZDE2Y2M1YjBiMjQ1NmRkYzg2YzI5OTcxMjY2YTAwMDdjZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPdNG6d9h+F8WcDNVm3pZ4VgrQTd
eFKOxW1lbOuyHDie1shAhjg26+0pp1sQR0tjVLlHYCpigQ0FoMpWlWtnMoAuQpGv
d7yUBjkgXMGiAe3BmCdk7DdG7itV5U7JHLt1wFrsM2qspJiUVzWFeb8BJDJ+J5xK
uBTCp6QspiSlpRLmDMZxzkG+iOfM+5HZ5m+mbHm1KSIrwb5m3CLbKsAvE7m0dKSG
Mgm4FijcLsK3BMSgeRFu6++Dl0lz2ankhuErsTN/zjD3ylS/SA03L2T0rjzL9g8x
oietVVEMFeGVRd7Jkfgq0COJnnHuMJe/wwOlQ9rz00DCrWrpV5JqiviL/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPyD0WzFsLJFbdyGwplxJmoAB8/bMB8GA1UdIwQY
MBaAFJbm93y9oQGYfZ38hL6QtvumatyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHViM2ZMMmhBWmg5bmZ5RXZwQzItNlpxM0o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8xY2JjMWUtNGQ0Ni00YjViLWIyNDkt
MzIwOGRlMzljMDlkLzEvX0lQUmJNV3dza1Z0M0liQ21YRW1hZ0FIejlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8xY2JjMWUtNGQ0Ni00YjViLWIyNDktMzIwOGRlMzljMDlk
LzEvbHViM2ZMMmhBWmg5bmZ5RXZwQzItNlpxM0o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwTiwMA0E
AgACMAcDBQAqEPMBMA0GCSqGSIb3DQEBCwUAA4IBAQAFCx3EHn+WGn5+E2PS//W+
Epe2nYvN6xg9UWmjCLOBJ/Zjm+w64ZApaPHONJYOE1p9NHQmRkWbz1NyOa8daEPw
Jr2o/zmURa6V+Upv63XwBu5GGrsNYq1DaNfgZK3SEWzbupVO1KGD0sbCGy4y5G7v
tarTGi2jxGMYoLs2Je7tAGrGwqPE6UgwoTLXBLCU5/qdTPIR0DdH46GJvKovdo0y
Xgzhp0DVeieKiNIOwRm+Kx0mt+NSAXTgnQMWq+BNv/mYPnMxZiabUlMNXxQKRE7n
8g07g6ZH556bavc+KE8jgcyFtSzoU/cDzY5za/h9B+eQ2UTkwiXeGa2cHIiLwM+I
-----END CERTIFICATE-----