Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/eOWw0hoBD0V8VDv_9KrqRqo9fyA.roa
File:                     eOWw0hoBD0V8VDv_9KrqRqo9fyA.roa (raw, json)
Hash identifier:          ZHNmoz5Xj/PvA07453i2fwNiwXlHKUm8tYngOjzHSGA=
Subject key identifier:   78:E5:B0:D2:1A:01:0F:45:7C:54:3B:FF:F4:AA:EA:46:AA:3D:7F:20
Certificate issuer:       /CN=93ece780dfda43ab4a841727eb20d71fc76528bc
Certificate serial:       019A059D409058F7EC323EBF43C0B2635DF9
Authority key identifier: 93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/eOWw0hoBD0V8VDv_9KrqRqo9fyA.roa
Signing time:             Tue 21 Oct 2025 07:13:02 +0000
ROA not before:           Tue 21 Oct 2025 07:13:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204415
IP address blocks:        69.19.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:9d:40:90:58:f7:ec:32:3e:bf:43:c0:b2:63:5d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93ece780dfda43ab4a841727eb20d71fc76528bc
        Validity
            Not Before: Oct 21 07:13:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78e5b0d21a010f457c543bfff4aaea46aa3d7f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4d:77:83:33:37:d9:44:85:10:37:6a:b0:e1:
                    94:63:ff:6f:22:73:24:ac:e8:6e:14:29:e3:23:73:
                    a6:01:cd:6c:d4:af:26:39:44:8b:a4:c1:75:bf:5d:
                    7f:1f:6f:4e:0a:ea:15:f3:cb:a1:4e:0a:de:c8:28:
                    cd:7f:84:9d:21:2b:75:bc:4c:cc:2a:91:60:02:a3:
                    63:7a:12:21:77:30:f4:41:df:0f:f9:06:41:ad:b3:
                    11:7d:07:d7:7b:3a:ee:0c:e6:37:97:8d:bd:eb:1b:
                    f0:d9:1b:40:ae:2b:b4:df:c6:51:c3:93:d0:71:2b:
                    b9:5d:9d:a9:aa:08:5e:92:ab:a7:f0:20:ec:79:52:
                    b2:28:03:54:b7:82:53:a3:2e:79:73:14:fd:24:8f:
                    17:80:de:22:69:c4:c8:5b:d2:6a:0d:97:c3:a9:54:
                    28:3d:0c:44:72:6a:1d:15:57:d0:03:9c:3e:b3:37:
                    95:15:d3:c9:a3:54:be:77:09:17:ff:94:d1:23:ce:
                    e1:79:cb:d3:90:62:7b:1b:b7:37:f5:21:fb:04:90:
                    14:df:3a:ac:4d:34:5f:83:fc:cf:e4:37:96:d8:9f:
                    96:e5:1b:43:89:61:95:f2:5b:3b:98:c1:e5:49:2e:
                    be:48:2c:fd:56:fc:29:6d:24:c0:e0:31:69:1b:2b:
                    96:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:E5:B0:D2:1A:01:0F:45:7C:54:3B:FF:F4:AA:EA:46:AA:3D:7F:20
            X509v3 Authority Key Identifier:
                keyid:93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/eOWw0hoBD0V8VDv_9KrqRqo9fyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.19.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:46:d2:26:59:f1:80:1f:07:19:7e:08:3c:78:16:36:4f:8e:
         5c:f1:48:ef:30:57:57:84:d8:82:ea:de:13:2b:db:b1:b8:9f:
         4e:69:ea:ed:96:8e:44:22:d6:9c:7b:53:b5:21:fa:98:ee:d8:
         84:a1:ae:dd:21:b6:64:4d:cc:c4:f8:d2:68:e6:de:de:fe:10:
         9e:a6:2a:fb:02:db:52:00:2e:d7:7a:c0:46:08:b2:41:4b:c7:
         a2:db:d8:9c:1e:63:b8:13:c4:af:90:44:f7:62:94:4c:53:dd:
         ef:4e:96:94:28:60:93:ee:eb:72:55:38:d7:b1:ad:1a:3f:0f:
         c2:e5:cf:75:8b:5b:e4:ff:80:37:7d:5d:9d:e7:a1:01:d6:72:
         56:aa:8d:da:49:48:cb:d9:e7:2b:ed:92:ba:c1:14:5b:94:60:
         da:41:50:a5:4d:41:39:09:88:c9:93:ea:09:78:80:b4:5f:f9:
         dc:8f:2d:34:0e:04:f4:bc:83:67:b2:73:fb:c2:52:99:d3:69:
         21:c4:bd:6f:1e:40:92:71:e8:f7:d4:87:19:cb:16:86:5a:90:
         af:29:a6:61:9e:a1:b4:63:e0:ab:04:c1:75:79:df:67:bc:b2:
         79:ba:1c:8a:09:4f:c3:cf:06:a8:c3:bc:8a:cb:dc:da:f2:77:
         36:c0:4f:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoFnUCQWPfsMj6/Q8CyY135MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZWNlNzgwZGZkYTQzYWI0YTg0MTcyN2ViMjBkNzFmYzc2
NTI4YmMwHhcNMjUxMDIxMDcxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGU1YjBkMjFhMDEwZjQ1N2M1NDNiZmZmNGFhZWE0NmFhM2Q3ZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlU13gzM32USFEDdqsOGUY/9vInMk
rOhuFCnjI3OmAc1s1K8mOUSLpMF1v11/H29OCuoV88uhTgreyCjNf4SdISt1vEzM
KpFgAqNjehIhdzD0Qd8P+QZBrbMRfQfXezruDOY3l4296xvw2RtAriu038ZRw5PQ
cSu5XZ2pqghekqun8CDseVKyKANUt4JToy55cxT9JI8XgN4iacTIW9JqDZfDqVQo
PQxEcmodFVfQA5w+szeVFdPJo1S+dwkX/5TRI87hecvTkGJ7G7c39SH7BJAU3zqs
TTRfg/zP5DeW2J+W5RtDiWGV8ls7mMHlSS6+SCz9VvwpbSTA4DFpGyuWiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjlsNIaAQ9FfFQ7//Sq6kaqPX8gMB8GA1UdIwQY
MBaAFJPs54Df2kOrSoQXJ+sg1x/HZSi8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUt
YTRkNDEzZDdmODljLzEvZU9XdzBob0JEMFY4VkR2XzlLcnFScW85ZnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUtYTRkNDEzZDdmODlj
LzEvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQARROLMA0G
CSqGSIb3DQEBCwUAA4IBAQCmRtImWfGAHwcZfgg8eBY2T45c8UjvMFdXhNiC6t4T
K9uxuJ9Oaertlo5EItace1O1IfqY7tiEoa7dIbZkTczE+NJo5t7e/hCepir7AttS
AC7XesBGCLJBS8ei29icHmO4E8SvkET3YpRMU93vTpaUKGCT7utyVTjXsa0aPw/C
5c91i1vk/4A3fV2d56EB1nJWqo3aSUjL2ecr7ZK6wRRblGDaQVClTUE5CYjJk+oJ
eIC0X/ncjy00DgT0vINnsnP7wlKZ02khxL1vHkCScej31IcZyxaGWpCvKaZhnqG0
Y+CrBMF1ed9nvLJ5uhyKCU/Dzwaow7yKy9za8nc2wE94
-----END CERTIFICATE-----