Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/XtEeHPY45JpEEo6w-R4DkAD2eG4.roa
File:                     XtEeHPY45JpEEo6w-R4DkAD2eG4.roa (raw, json)
Hash identifier:          bFyHjgAPu8ztBKS25HT/oLqiHetq9Th8H9VEUxzs3uc=
Subject key identifier:   5E:D1:1E:1C:F6:38:E4:9A:44:12:8E:B0:F9:1E:03:90:00:F6:78:6E
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       019A4ABABC034FA9DC10A6BD5BCEFA324148
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/XtEeHPY45JpEEo6w-R4DkAD2eG4.roa
Signing time:             Mon 03 Nov 2025 17:19:03 +0000
ROA not before:           Mon 03 Nov 2025 17:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202723
IP address blocks:        185.75.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 21:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:ba:bc:03:4f:a9:dc:10:a6:bd:5b:ce:fa:32:41:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Nov  3 17:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ed11e1cf638e49a44128eb0f91e039000f6786e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:20:71:b4:5d:74:f0:45:c2:c0:33:26:66:f2:
                    f6:53:09:58:bb:3a:17:67:39:9f:30:29:18:33:82:
                    7e:03:25:e6:e1:25:da:92:e3:22:12:7a:60:f0:26:
                    bc:75:81:c4:6c:4f:b2:57:c1:9c:67:c9:f7:be:f8:
                    a1:ee:30:89:df:40:8e:d9:16:5e:33:35:ae:a0:17:
                    16:12:ec:8e:a9:40:20:53:1b:05:50:89:c3:95:6c:
                    74:e2:cf:de:90:db:2b:4c:74:1f:c5:4e:39:8e:e2:
                    16:e7:04:c8:01:44:18:81:d1:e8:0e:45:d6:90:a7:
                    fa:ee:ff:6b:9c:2d:58:97:d8:de:50:1d:17:5d:2b:
                    fb:5d:a6:2f:0c:8f:53:49:c7:47:e3:e4:ee:1b:c9:
                    d7:92:7d:f8:e0:5e:eb:5a:7d:2b:f2:5e:3e:fa:83:
                    ef:08:77:29:61:32:9f:0b:08:9b:41:46:41:c8:78:
                    64:1d:f7:ff:41:07:12:2a:a5:b3:e3:0d:2b:c5:ce:
                    91:31:12:e5:4f:d5:ad:e5:76:d5:be:dd:0e:53:87:
                    4b:95:10:77:bc:f7:07:3f:44:f7:7e:34:fd:33:f8:
                    38:a3:37:f1:0b:73:1b:49:6b:fb:ea:5f:69:fe:49:
                    da:50:a5:dc:d1:7c:41:d5:ff:bc:db:4d:fe:ef:e1:
                    9c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D1:1E:1C:F6:38:E4:9A:44:12:8E:B0:F9:1E:03:90:00:F6:78:6E
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/XtEeHPY45JpEEo6w-R4DkAD2eG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:10:d3:a0:1b:31:e0:3b:11:b7:b0:64:b7:e5:c9:25:46:df:
         92:32:30:2d:96:62:02:5f:d1:55:dc:80:8a:8a:7e:04:65:2e:
         fb:25:05:5a:a5:e1:49:be:9a:00:c2:5a:05:d1:98:3e:2c:05:
         ab:d2:08:71:96:ac:7b:88:66:4d:11:29:4b:5b:43:79:ae:32:
         25:84:5e:fd:63:3c:ff:56:dc:fd:62:57:20:bd:67:20:26:d4:
         cd:84:7a:d8:67:08:34:b4:0e:cb:1a:84:70:47:dd:22:dd:8c:
         de:b3:92:cf:f1:6d:04:99:29:d0:fe:61:52:e6:44:44:c4:a9:
         01:49:d0:3d:fe:10:f8:cc:38:7b:51:38:83:96:e1:40:c0:37:
         32:b9:38:71:cb:06:c1:a2:e9:47:78:f5:51:ab:51:e4:f6:5e:
         5e:e8:bf:11:31:42:83:33:61:89:05:26:03:d0:c5:63:0b:fd:
         0c:fe:07:45:fd:8f:8c:4b:45:8f:07:ca:c2:d0:ff:17:30:08:
         af:b7:45:98:cb:fb:07:56:98:9d:9d:ce:58:35:cf:c5:9a:70:
         54:d7:99:3d:ad:8e:37:a2:5d:2c:09:8b:26:2e:89:d1:8b:05:
         03:99:61:2e:56:1e:81:ab:fe:07:8a:c4:74:c8:41:40:29:12:
         f3:41:0e:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpKurwDT6ncEKa9W876MkFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUxMTAzMTcxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQxMWUxY2Y2MzhlNDlhNDQxMjhlYjBmOTFlMDM5MDAwZjY3ODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCBxtF108EXCwDMmZvL2UwlYuzoX
ZzmfMCkYM4J+AyXm4SXakuMiEnpg8Ca8dYHEbE+yV8GcZ8n3vvih7jCJ30CO2RZe
MzWuoBcWEuyOqUAgUxsFUInDlWx04s/ekNsrTHQfxU45juIW5wTIAUQYgdHoDkXW
kKf67v9rnC1Yl9jeUB0XXSv7XaYvDI9TScdH4+TuG8nXkn344F7rWn0r8l4++oPv
CHcpYTKfCwibQUZByHhkHff/QQcSKqWz4w0rxc6RMRLlT9Wt5XbVvt0OU4dLlRB3
vPcHP0T3fjT9M/g4ozfxC3MbSWv76l9p/knaUKXc0XxB1f+8203+7+GcxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7RHhz2OOSaRBKOsPkeA5AA9nhuMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvWHRFZUhQWTQ1SnBFRW82dy1SNERrQUQyZUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUuGMA0G
CSqGSIb3DQEBCwUAA4IBAQCbENOgGzHgOxG3sGS35cklRt+SMjAtlmICX9FV3ICK
in4EZS77JQVapeFJvpoAwloF0Zg+LAWr0ghxlqx7iGZNESlLW0N5rjIlhF79Yzz/
Vtz9YlcgvWcgJtTNhHrYZwg0tA7LGoRwR90i3Yzes5LP8W0EmSnQ/mFS5kRExKkB
SdA9/hD4zDh7UTiDluFAwDcyuThxywbBoulHePVRq1Hk9l5e6L8RMUKDM2GJBSYD
0MVjC/0M/gdF/Y+MS0WPB8rC0P8XMAivt0WYy/sHVpidnc5YNc/FmnBU15k9rY43
ol0sCYsmLonRiwUDmWEuVh6Bq/4HisR0yEFAKRLzQQ7b
-----END CERTIFICATE-----