Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/7fy5pMwC2BmqEWASDCe2Ap4e3m4.roa
File:                     7fy5pMwC2BmqEWASDCe2Ap4e3m4.roa (raw, json)
Hash identifier:          kq97Xxg5npRZz+k6S6J7uCxRX2OaCExgApqCLJxftGE=
Subject key identifier:   ED:FC:B9:A4:CC:02:D8:19:AA:11:60:12:0C:27:B6:02:9E:1E:DE:6E
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019A50840EA7CB520C86BE52E2EC658D775A
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/7fy5pMwC2BmqEWASDCe2Ap4e3m4.roa
Signing time:             Tue 04 Nov 2025 20:17:03 +0000
ROA not before:           Tue 04 Nov 2025 20:17:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        81.22.142.0/23 maxlen: 24
                          89.185.0.0/22 maxlen: 22
                          109.72.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 02:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:84:0e:a7:cb:52:0c:86:be:52:e2:ec:65:8d:77:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Nov  4 20:17:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edfcb9a4cc02d819aa1160120c27b6029e1ede6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e6:f7:ce:f9:f5:70:73:6c:35:e5:f1:b6:de:
                    60:fa:89:4a:83:03:51:66:4e:70:2e:76:9f:73:7f:
                    e5:a5:a7:36:e0:9d:c9:4b:51:3b:3d:7c:ef:d7:c3:
                    62:bb:de:7b:2e:21:89:5b:38:5a:21:7a:45:15:26:
                    4c:d1:ff:60:e8:b4:20:66:30:19:fe:51:36:9e:bc:
                    a5:91:98:93:f4:e4:84:dc:12:64:a6:5a:8d:f0:95:
                    89:2c:97:9b:ae:d1:e3:ed:04:50:37:dc:ee:4e:9b:
                    d0:a8:1b:50:24:ef:4c:46:d7:dc:a6:03:42:db:95:
                    1c:b4:de:e6:15:38:d2:0b:80:c4:95:ab:be:6c:3b:
                    51:c6:b5:d0:34:ff:c8:4f:3f:71:fc:20:d0:33:26:
                    fa:4b:78:09:9e:bd:3d:a6:88:36:30:98:b9:75:a2:
                    f2:58:dc:f5:04:52:e2:f9:a5:7a:63:c3:57:2c:0c:
                    44:82:2e:fc:0f:c6:c0:ae:3e:d1:ce:8b:50:a6:2b:
                    8f:0f:9e:4f:c4:2a:e8:3f:bf:3a:8d:a7:d1:b2:b3:
                    9e:81:77:3f:88:e1:59:56:06:e4:7d:5b:3c:d8:4c:
                    e9:ad:c0:5f:2b:c8:ef:d3:18:c1:3e:ed:91:d0:bf:
                    c9:7c:4f:a1:3a:75:a8:ce:e1:16:50:1f:12:f3:b3:
                    24:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:FC:B9:A4:CC:02:D8:19:AA:11:60:12:0C:27:B6:02:9E:1E:DE:6E
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/7fy5pMwC2BmqEWASDCe2Ap4e3m4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.142.0/23
                  89.185.0.0/22
                  109.72.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:c1:ff:55:b0:33:00:fb:5e:45:0d:c7:b8:92:41:5d:fe:a2:
         b2:c0:b3:6b:c7:4c:94:5a:77:d3:43:1a:aa:b0:43:6b:76:d4:
         5f:b2:b6:17:36:69:c6:4f:fd:37:bc:62:13:2d:78:7b:c6:31:
         9b:f9:e9:e2:d4:36:da:10:52:f6:89:08:bf:ea:3e:e7:ac:73:
         10:59:2b:74:f6:4d:6f:3c:b4:b2:0f:41:a6:01:88:63:76:48:
         71:9d:4a:a5:6d:65:61:78:10:13:4c:f8:4e:fe:0e:21:23:06:
         8b:27:6b:58:e9:5b:4e:64:2f:18:3c:e4:e0:45:5c:8c:27:6b:
         02:6c:f5:93:f0:22:6b:56:a6:9b:7e:48:84:8d:ee:5f:78:9e:
         33:35:21:35:0d:03:39:60:47:09:a1:ab:d7:94:e3:ed:b1:79:
         d5:d6:43:d2:09:bd:60:b9:29:86:3e:61:7e:0a:f2:62:40:3e:
         29:9a:70:98:b7:d2:75:a3:14:d0:8d:5c:ab:f0:9c:68:b0:0a:
         ba:81:23:97:48:e2:c6:2b:82:6d:c5:81:24:d0:66:3c:c1:27:
         dd:05:c7:03:5f:87:fc:4f:16:be:87:5c:9a:b6:4b:1c:4c:fa:
         9c:e7:e3:9f:bf:e3:d0:ef:32:5c:60:e2:90:cd:a0:c6:02:ed:
         ea:90:16:b2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpQhA6ny1IMhr5S4uxljXdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUxMTA0MjAxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGZjYjlhNGNjMDJkODE5YWExMTYwMTIwYzI3YjYwMjllMWVkZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseb3zvn1cHNsNeXxtt5g+olKgwNR
Zk5wLnafc3/lpac24J3JS1E7PXzv18Niu957LiGJWzhaIXpFFSZM0f9g6LQgZjAZ
/lE2nrylkZiT9OSE3BJkplqN8JWJLJebrtHj7QRQN9zuTpvQqBtQJO9MRtfcpgNC
25UctN7mFTjSC4DElau+bDtRxrXQNP/ITz9x/CDQMyb6S3gJnr09pog2MJi5daLy
WNz1BFLi+aV6Y8NXLAxEgi78D8bArj7RzotQpiuPD55PxCroP786jafRsrOegXc/
iOFZVgbkfVs82EzprcBfK8jv0xjBPu2R0L/JfE+hOnWozuEWUB8S87MktwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO38uaTMAtgZqhFgEgwntgKeHt5uMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvN2Z5NXBNd0MyQm1xRVdBU0RDZTJBcDRlM200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBURaOAwQC
WbkAAwQCbUh0MA0GCSqGSIb3DQEBCwUAA4IBAQBewf9VsDMA+15FDce4kkFd/qKy
wLNrx0yUWnfTQxqqsENrdtRfsrYXNmnGT/03vGITLXh7xjGb+eni1DbaEFL2iQi/
6j7nrHMQWSt09k1vPLSyD0GmAYhjdkhxnUqlbWVheBATTPhO/g4hIwaLJ2tY6VtO
ZC8YPOTgRVyMJ2sCbPWT8CJrVqabfkiEje5feJ4zNSE1DQM5YEcJoavXlOPtsXnV
1kPSCb1guSmGPmF+CvJiQD4pmnCYt9J1oxTQjVyr8JxosAq6gSOXSOLGK4JtxYEk
0GY8wSfdBccDX4f8Txa+h1yatkscTPqc5+Ofv+PQ7zJcYOKQzaDGAu3qkBay
-----END CERTIFICATE-----