Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/PeqWqI2e-4wMatGiq9gOqk9tHK4.roa
File:                     PeqWqI2e-4wMatGiq9gOqk9tHK4.roa (raw, json)
Hash identifier:          S5LqNRsejUBcrh6ezboLOAscPTNooWzcQ5iy4jVwfzg=
Subject key identifier:   3D:EA:96:A8:8D:9E:FB:8C:0C:6A:D1:A2:AB:D8:0E:AA:4F:6D:1C:AE
Certificate issuer:       /CN=b9762db1282ffd084761232038f81f5d29e640d5
Certificate serial:       019A047F2550B166930AA065378BB488D230
Authority key identifier: B9:76:2D:B1:28:2F:FD:08:47:61:23:20:38:F8:1F:5D:29:E6:40:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/PeqWqI2e-4wMatGiq9gOqk9tHK4.roa
Signing time:             Tue 21 Oct 2025 02:00:32 +0000
ROA not before:           Tue 21 Oct 2025 02:00:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        185.139.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:04:7f:25:50:b1:66:93:0a:a0:65:37:8b:b4:88:d2:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9762db1282ffd084761232038f81f5d29e640d5
        Validity
            Not Before: Oct 21 02:00:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dea96a88d9efb8c0c6ad1a2abd80eaa4f6d1cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c8:41:94:98:54:15:a3:7c:82:bc:20:67:1a:
                    da:4a:cc:a9:20:a4:88:07:dd:07:e0:26:79:1e:0b:
                    4f:a5:ec:8f:bd:1f:03:dd:52:78:aa:10:4e:20:ce:
                    4c:22:5b:1a:c2:d5:89:08:6d:ac:68:3f:2e:67:a6:
                    e6:a0:27:ab:f3:32:58:4f:c7:71:aa:0c:58:56:a5:
                    ea:b5:d0:fa:69:ec:ef:89:88:9a:9e:31:11:eb:ff:
                    70:7a:84:7c:56:e8:6c:2a:59:bd:3e:ee:6f:cf:5f:
                    00:be:a2:13:06:99:6e:f4:6f:e2:bb:7c:50:f6:e9:
                    53:ba:4a:de:57:47:e9:4b:d2:c0:0f:18:10:fb:3b:
                    6e:59:c5:41:97:2d:7d:41:d6:ba:4e:73:a0:cf:a4:
                    14:58:df:98:0c:94:93:65:56:b5:e5:ea:29:79:ef:
                    12:7e:ef:20:f9:1c:4c:4d:ea:42:34:ef:ed:c9:84:
                    1f:38:80:19:dc:63:c9:97:14:ae:f6:35:62:e0:b4:
                    81:8b:3a:6a:fd:e0:89:15:4a:6b:1e:18:1c:e1:76:
                    3e:04:ce:07:93:8a:3e:ac:1d:51:45:5e:cd:e1:51:
                    1f:a5:36:a7:ad:0d:55:61:e4:c8:89:83:82:a0:51:
                    0d:3c:8b:01:84:76:bd:53:10:84:2a:0c:c5:f2:6a:
                    91:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:EA:96:A8:8D:9E:FB:8C:0C:6A:D1:A2:AB:D8:0E:AA:4F:6D:1C:AE
            X509v3 Authority Key Identifier:
                keyid:B9:76:2D:B1:28:2F:FD:08:47:61:23:20:38:F8:1F:5D:29:E6:40:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/PeqWqI2e-4wMatGiq9gOqk9tHK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:fa:f8:f1:a5:84:b5:86:25:34:25:34:79:2e:93:81:88:bc:
         9d:c3:ef:f9:50:5b:be:38:a1:61:e6:c0:8b:be:2e:d2:d3:e4:
         b6:9e:30:cf:2f:06:5d:83:97:df:c4:81:00:60:7e:ea:d3:46:
         df:03:5e:b7:55:70:0f:30:a9:1d:11:d8:17:86:11:d2:1c:a2:
         36:37:4f:48:65:6e:bf:2e:00:13:65:1d:e2:4f:c5:b0:36:7a:
         cc:75:d9:af:eb:a4:d4:23:ba:30:b9:81:20:0b:20:c1:e6:57:
         b6:c0:08:ab:7a:97:f4:88:57:99:8e:38:65:c6:61:b7:b9:07:
         b2:c0:fd:d2:af:32:63:a2:31:e0:f9:65:9f:e6:3b:5e:75:0a:
         cd:f9:53:66:62:34:81:bd:53:f1:30:cf:9a:a4:71:dd:38:22:
         e9:07:23:8c:43:47:cc:3e:a6:c9:04:ad:ed:8e:4d:45:04:d7:
         ea:98:9d:a3:43:0e:4f:a6:7d:e1:6c:ae:e5:82:a5:a1:9f:8c:
         8f:fb:e5:a0:ee:f2:05:f2:cd:08:ea:54:38:30:19:ba:be:a4:
         10:9b:00:bd:ec:b4:08:9d:78:cd:00:9c:58:e6:d4:b3:91:66:
         7d:80:93:bf:b3:31:7a:14:ad:3f:ae:bb:4f:07:40:23:0d:fc:
         c7:17:4c:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoEfyVQsWaTCqBlN4u0iNIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NzYyZGIxMjgyZmZkMDg0NzYxMjMyMDM4ZjgxZjVkMjll
NjQwZDUwHhcNMjUxMDIxMDIwMDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGVhOTZhODhkOWVmYjhjMGM2YWQxYTJhYmQ4MGVhYTRmNmQxY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxshBlJhUFaN8grwgZxraSsypIKSI
B90H4CZ5HgtPpeyPvR8D3VJ4qhBOIM5MIlsawtWJCG2saD8uZ6bmoCer8zJYT8dx
qgxYVqXqtdD6aezviYianjER6/9weoR8VuhsKlm9Pu5vz18AvqITBplu9G/iu3xQ
9ulTukreV0fpS9LADxgQ+ztuWcVBly19Qda6TnOgz6QUWN+YDJSTZVa15eopee8S
fu8g+RxMTepCNO/tyYQfOIAZ3GPJlxSu9jVi4LSBizpq/eCJFUprHhgc4XY+BM4H
k4o+rB1RRV7N4VEfpTanrQ1VYeTIiYOCoFENPIsBhHa9UxCEKgzF8mqRMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3qlqiNnvuMDGrRoqvYDqpPbRyuMB8GA1UdIwQY
MBaAFLl2LbEoL/0IR2EjIDj4H10p5kDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVhZdHNTZ3ZfUWhIWVNNZ09QZ2ZYU25tUU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mODE5MTUtNDA1ZS00YjU0LTljYjQt
NzBhNTU2YmE4YTExLzEvUGVxV3FJMmUtNHdNYXRHaXE5Z09xazl0SEs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mODE5MTUtNDA1ZS00YjU0LTljYjQtNzBhNTU2YmE4YTEx
LzEvdVhZdHNTZ3ZfUWhIWVNNZ09QZ2ZYU25tUU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYsjMA0G
CSqGSIb3DQEBCwUAA4IBAQAn+vjxpYS1hiU0JTR5LpOBiLydw+/5UFu+OKFh5sCL
vi7S0+S2njDPLwZdg5ffxIEAYH7q00bfA163VXAPMKkdEdgXhhHSHKI2N09IZW6/
LgATZR3iT8WwNnrMddmv66TUI7owuYEgCyDB5le2wAirepf0iFeZjjhlxmG3uQey
wP3SrzJjojHg+WWf5jtedQrN+VNmYjSBvVPxMM+apHHdOCLpByOMQ0fMPqbJBK3t
jk1FBNfqmJ2jQw5Ppn3hbK7lgqWhn4yP++Wg7vIF8s0I6lQ4MBm6vqQQmwC97LQI
nXjNAJxY5tSzkWZ9gJO/szF6FK0/rrtPB0AjDfzHF0wT
-----END CERTIFICATE-----