Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/IK6BLrV0EEpKCWmR8y07wOSk68U.roa
File:                     IK6BLrV0EEpKCWmR8y07wOSk68U.roa (raw, json)
Hash identifier:          2f+csqFlNzMlLrmcJAwXYvsvPfVBQ0wkksbKjz0lRi0=
Subject key identifier:   20:AE:81:2E:B5:74:10:4A:4A:09:69:91:F3:2D:3B:C0:E4:A4:EB:C5
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019A48F58C1656916D18487299F727B5A0D6
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/IK6BLrV0EEpKCWmR8y07wOSk68U.roa
Signing time:             Mon 03 Nov 2025 09:04:03 +0000
ROA not before:           Mon 03 Nov 2025 09:04:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209699
IP address blocks:        77.93.88.0/22 maxlen: 24
                          217.116.168.0/21 maxlen: 24
                          2a14:7dc0:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:48:f5:8c:16:56:91:6d:18:48:72:99:f7:27:b5:a0:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Nov  3 09:04:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20ae812eb574104a4a096991f32d3bc0e4a4ebc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:17:07:de:6b:56:99:6f:c1:53:68:0c:94:6b:
                    e5:92:0d:d2:e8:81:8c:39:b5:d5:6a:92:bb:5b:70:
                    19:e3:76:d7:f8:96:d1:68:2f:e2:a5:fa:f2:77:b7:
                    bf:82:a1:2f:87:8e:04:86:c3:8b:16:68:3a:8e:b4:
                    78:09:cf:88:7b:f1:61:94:81:53:26:62:eb:6b:2d:
                    fa:61:ac:e3:2e:5e:33:76:01:72:ff:7d:a6:b5:78:
                    c9:19:86:90:02:1b:6c:71:e6:20:60:81:a4:ca:fa:
                    bb:20:17:dd:51:3c:e0:71:be:86:9c:b2:33:ba:bd:
                    66:c9:b0:cd:33:7f:f0:14:be:ce:2e:54:a6:8e:df:
                    95:7e:b5:ee:02:e0:18:b9:24:80:3b:10:3e:44:45:
                    d9:24:b7:41:91:13:bf:67:0e:49:77:ef:94:55:ed:
                    4e:b2:6c:de:ab:39:d3:f5:fd:15:b2:7b:4a:3f:22:
                    e6:1b:55:32:f0:fd:a2:bb:49:33:62:28:0a:9e:59:
                    1f:8b:78:01:2b:90:f6:1c:2a:bc:3e:6d:6c:d5:7a:
                    fe:5d:4d:6d:b1:00:43:93:d9:63:ac:4a:08:ae:28:
                    aa:49:9d:5b:43:cb:4b:b5:ad:6f:fd:1e:f2:80:f7:
                    58:da:05:87:6e:9a:bc:1e:54:4d:72:11:9d:6a:12:
                    ab:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:AE:81:2E:B5:74:10:4A:4A:09:69:91:F3:2D:3B:C0:E4:A4:EB:C5
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/IK6BLrV0EEpKCWmR8y07wOSk68U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.88.0/22
                  217.116.168.0/21
                IPv6:
                  2a14:7dc0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:44:7e:51:2f:50:6b:b6:0b:d4:7a:2f:2c:66:b7:38:30:99:
         2a:d1:f2:c3:da:0b:68:9d:00:4b:0b:4f:ce:52:9a:df:59:31:
         10:03:6c:a5:34:19:c6:11:aa:af:91:75:f4:d1:bb:68:f9:71:
         5f:46:a0:02:03:41:f1:f4:12:8a:d5:37:e8:7c:1a:2e:46:25:
         29:45:b1:f5:c3:d2:77:2c:8c:ef:44:3b:be:89:46:1f:38:f2:
         25:65:aa:90:3c:d4:e0:84:15:0e:32:a9:bb:0f:1b:36:bc:63:
         7d:e8:4c:5d:76:3c:62:0f:47:61:da:21:2f:bb:75:d3:ab:94:
         4e:fe:3f:2b:c3:a1:1a:88:1b:95:56:a7:72:2a:e1:94:f1:99:
         44:f3:9e:8d:63:21:5c:8d:ca:91:4f:af:a1:98:ef:dc:4f:00:
         9c:00:a5:ec:1a:3f:b3:83:d9:5d:e9:93:3f:91:6d:bd:fa:4b:
         3b:f5:53:e5:ad:44:d5:13:92:bc:a6:e7:1a:70:2f:5f:a3:6f:
         c5:e0:12:db:bc:a5:83:7c:fa:ba:90:44:5e:73:31:a6:27:77:
         82:88:05:80:ed:78:c5:ba:cc:48:c2:ac:20:fc:92:bf:3b:b6:
         08:d1:5f:52:04:f1:05:31:77:bd:c2:04:2a:7b:1d:36:8f:f3:
         47:1f:92:db
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZpI9YwWVpFtGEhymfcntaDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjUxMTAzMDkwNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGFlODEyZWI1NzQxMDRhNGEwOTY5OTFmMzJkM2JjMGU0YTRlYmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBcH3mtWmW/BU2gMlGvlkg3S6IGM
ObXVapK7W3AZ43bX+JbRaC/ipfryd7e/gqEvh44EhsOLFmg6jrR4Cc+Ie/FhlIFT
JmLray36YazjLl4zdgFy/32mtXjJGYaQAhtsceYgYIGkyvq7IBfdUTzgcb6GnLIz
ur1mybDNM3/wFL7OLlSmjt+VfrXuAuAYuSSAOxA+REXZJLdBkRO/Zw5Jd++UVe1O
smzeqznT9f0VsntKPyLmG1Uy8P2iu0kzYigKnlkfi3gBK5D2HCq8Pm1s1Xr+XU1t
sQBDk9ljrEoIriiqSZ1bQ8tLta1v/R7ygPdY2gWHbpq8HlRNchGdahKr3wIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCCugS61dBBKSglpkfMtO8DkpOvFMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvSUs2QkxyVjBFRXBLQ1dtUjh5MDd3T1NrNjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQCTV1YAwQD
2XSoMA4EAgACMAgDBgAqFH3AATANBgkqhkiG9w0BAQsFAAOCAQEAUUR+US9Qa7YL
1HovLGa3ODCZKtHyw9oLaJ0ASwtPzlKa31kxEANspTQZxhGqr5F19NG7aPlxX0ag
AgNB8fQSitU36HwaLkYlKUWx9cPSdyyM70Q7volGHzjyJWWqkDzU4IQVDjKpuw8b
NrxjfehMXXY8Yg9HYdohL7t106uUTv4/K8OhGogblVancirhlPGZRPOejWMhXI3K
kU+voZjv3E8AnACl7Bo/s4PZXemTP5FtvfpLO/VT5a1E1ROSvKbnGnAvX6NvxeAS
27ylg3z6upBEXnMxpid3gogFgO14xbrMSMKsIPySvzu2CNFfUgTxBTF3vcIEKnsd
No/zRx+S2w==
-----END CERTIFICATE-----