Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/07dd58-2d2e-426e-9e1a-5454e5a16f42/1/sL2NSlZMFdAYtXpmUtMsUTVxj5U.roa
File:                     sL2NSlZMFdAYtXpmUtMsUTVxj5U.roa (raw, json)
Hash identifier:          xcmnsmi1DtWtpZIXUGx0RyP3Q0L6fGwH3VyxN8K/Zro=
Subject key identifier:   B0:BD:8D:4A:56:4C:15:D0:18:B5:7A:66:52:D3:2C:51:35:71:8F:95
Certificate issuer:       /CN=573cec9063a88741841908b0c5297fcdbb439530
Certificate serial:       019A4DFDB25B50688D1C47F2F1C871280437
Authority key identifier: 57:3C:EC:90:63:A8:87:41:84:19:08:B0:C5:29:7F:CD:BB:43:95:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VzzskGOoh0GEGQiwxSl_zbtDlTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/07dd58-2d2e-426e-9e1a-5454e5a16f42/1/sL2NSlZMFdAYtXpmUtMsUTVxj5U.roa
Signing time:             Tue 04 Nov 2025 08:31:03 +0000
ROA not before:           Tue 04 Nov 2025 08:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205899
IP address blocks:        194.117.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/07dd58-2d2e-426e-9e1a-5454e5a16f42/1/VzzskGOoh0GEGQiwxSl_zbtDlTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/07dd58-2d2e-426e-9e1a-5454e5a16f42/1/VzzskGOoh0GEGQiwxSl_zbtDlTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VzzskGOoh0GEGQiwxSl_zbtDlTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4d:fd:b2:5b:50:68:8d:1c:47:f2:f1:c8:71:28:04:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=573cec9063a88741841908b0c5297fcdbb439530
        Validity
            Not Before: Nov  4 08:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0bd8d4a564c15d018b57a6652d32c5135718f95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:14:59:24:6b:66:07:33:50:81:73:a7:9f:93:
                    c0:cc:1c:af:2f:0b:27:52:e8:12:d5:58:f7:e2:2d:
                    df:5d:f5:4e:31:62:c0:37:a6:5b:82:45:91:74:7c:
                    bd:6b:db:7c:f1:d0:9e:8a:e2:ee:04:43:6a:05:b2:
                    3c:32:25:57:40:15:36:ef:9d:52:6c:70:ac:ea:d2:
                    4e:a4:43:e8:0f:b6:ed:b6:5b:c8:e2:d1:c8:de:ff:
                    f2:d7:39:57:75:21:f9:eb:58:96:c7:a8:57:e4:5f:
                    a6:d8:a7:c0:e1:bd:ff:d7:bb:76:19:31:f1:84:38:
                    17:1f:d8:5d:37:cc:04:57:13:6d:00:99:dc:19:e5:
                    e8:78:55:95:ab:69:04:31:57:6e:13:d2:ce:ce:b4:
                    1f:24:17:6d:38:9d:e7:79:d8:d1:36:e2:24:91:0d:
                    c9:bc:66:41:f8:bb:1d:40:97:48:3d:b9:ef:02:57:
                    3c:a8:5d:38:cf:79:9a:0a:75:fa:dc:c9:f8:c7:fd:
                    b4:13:1d:03:7d:00:fd:73:43:c1:f5:1c:05:98:1f:
                    73:dd:3d:1b:c8:a6:f8:c1:0a:eb:69:e1:24:c6:f1:
                    23:ef:ff:17:10:34:3f:95:99:20:62:72:c2:53:b2:
                    92:66:6c:3b:57:c8:47:f8:f6:2a:76:9c:20:fc:7c:
                    e2:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:BD:8D:4A:56:4C:15:D0:18:B5:7A:66:52:D3:2C:51:35:71:8F:95
            X509v3 Authority Key Identifier:
                keyid:57:3C:EC:90:63:A8:87:41:84:19:08:B0:C5:29:7F:CD:BB:43:95:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VzzskGOoh0GEGQiwxSl_zbtDlTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/07dd58-2d2e-426e-9e1a-5454e5a16f42/1/sL2NSlZMFdAYtXpmUtMsUTVxj5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/07dd58-2d2e-426e-9e1a-5454e5a16f42/1/VzzskGOoh0GEGQiwxSl_zbtDlTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:eb:fb:92:da:0c:ad:15:9a:a8:e9:4c:5d:27:96:db:75:89:
         33:41:b8:dd:c0:e8:a8:f8:51:77:95:90:51:68:6d:81:93:5c:
         de:53:59:2b:c2:4a:03:54:f6:df:cb:e0:41:53:61:42:ce:32:
         00:93:3e:77:fd:93:ce:ab:70:bf:3e:ff:1a:4d:6d:b9:26:12:
         0a:ab:e2:7d:63:8b:52:1a:52:e1:30:d3:78:15:f8:31:b6:46:
         6a:5d:76:0d:78:08:a2:9e:4b:2f:38:08:e6:2e:b2:82:99:82:
         b9:6a:c2:f6:f2:0c:a4:31:a8:e4:7e:f5:c4:5c:49:b2:f0:61:
         e2:31:66:d9:46:09:8e:e0:80:bc:db:7f:90:a6:03:e6:6c:3d:
         21:ba:8a:83:da:98:0c:ba:84:45:4c:6f:73:1c:9a:4d:94:76:
         9c:0c:cf:1b:8e:da:72:e8:67:d5:b7:a7:7e:ff:b9:c3:98:b2:
         88:52:b0:09:98:c0:f3:2b:12:12:8c:09:3e:15:b3:17:6c:6f:
         64:e7:47:21:12:d0:1e:3a:74:f4:eb:a2:77:0f:47:cb:24:5e:
         02:10:7d:5d:7d:1a:64:89:92:2f:82:12:93:29:e4:13:9e:41:
         8a:b5:f3:f2:4b:5c:b6:08:82:62:b9:b5:c8:fb:65:60:f9:8b:
         99:64:54:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpN/bJbUGiNHEfy8chxKAQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3M2NlYzkwNjNhODg3NDE4NDE5MDhiMGM1Mjk3ZmNkYmI0
Mzk1MzAwHhcNMjUxMTA0MDgzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGJkOGQ0YTU2NGMxNWQwMThiNTdhNjY1MmQzMmM1MTM1NzE4Zjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhRZJGtmBzNQgXOnn5PAzByvLwsn
UugS1Vj34i3fXfVOMWLAN6ZbgkWRdHy9a9t88dCeiuLuBENqBbI8MiVXQBU2751S
bHCs6tJOpEPoD7bttlvI4tHI3v/y1zlXdSH561iWx6hX5F+m2KfA4b3/17t2GTHx
hDgXH9hdN8wEVxNtAJncGeXoeFWVq2kEMVduE9LOzrQfJBdtOJ3nedjRNuIkkQ3J
vGZB+LsdQJdIPbnvAlc8qF04z3maCnX63Mn4x/20Ex0DfQD9c0PB9RwFmB9z3T0b
yKb4wQrraeEkxvEj7/8XEDQ/lZkgYnLCU7KSZmw7V8hH+PYqdpwg/HziTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLC9jUpWTBXQGLV6ZlLTLFE1cY+VMB8GA1UdIwQY
MBaAFFc87JBjqIdBhBkIsMUpf827Q5UwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnp6c2tHT29oMEdFR1Fpd3hTbF96YnREbFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8wN2RkNTgtMmQyZS00MjZlLTllMWEt
NTQ1NGU1YTE2ZjQyLzEvc0wyTlNsWk1GZEFZdFhwbVV0TXNVVFZ4ajVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8wN2RkNTgtMmQyZS00MjZlLTllMWEtNTQ1NGU1YTE2ZjQy
LzEvVnp6c2tHT29oMEdFR1Fpd3hTbF96YnREbFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnVAMA0G
CSqGSIb3DQEBCwUAA4IBAQCV6/uS2gytFZqo6UxdJ5bbdYkzQbjdwOio+FF3lZBR
aG2Bk1zeU1krwkoDVPbfy+BBU2FCzjIAkz53/ZPOq3C/Pv8aTW25JhIKq+J9Y4tS
GlLhMNN4FfgxtkZqXXYNeAiinksvOAjmLrKCmYK5asL28gykMajkfvXEXEmy8GHi
MWbZRgmO4IC823+QpgPmbD0huoqD2pgMuoRFTG9zHJpNlHacDM8bjtpy6GfVt6d+
/7nDmLKIUrAJmMDzKxISjAk+FbMXbG9k50chEtAeOnT066J3D0fLJF4CEH1dfRpk
iZIvghKTKeQTnkGKtfPyS1y2CIJiubXI+2Vg+YuZZFS7
-----END CERTIFICATE-----