Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/kojEemV1y3p1Ig0PF0Qwwmhe1Bs.roa
File:                     kojEemV1y3p1Ig0PF0Qwwmhe1Bs.roa (raw, json)
Hash identifier:          Oye8rISWv3W8lfSMiPLOOdMEyDfiF8khVTUsBLT1Pro=
Subject key identifier:   92:88:C4:7A:65:75:CB:7A:75:22:0D:0F:17:44:30:C2:68:5E:D4:1B
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       019763803C847E2CBDDBCA3532A7886D66C9
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/kojEemV1y3p1Ig0PF0Qwwmhe1Bs.roa
Signing time:             Thu 12 Jun 2025 09:37:17 +0000
ROA not before:           Thu 12 Jun 2025 09:37:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        95.173.173.0/24 maxlen: 24
                          95.173.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Jun 2025 13:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:80:3c:84:7e:2c:bd:db:ca:35:32:a7:88:6d:66:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jun 12 09:37:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9288c47a6575cb7a75220d0f174430c2685ed41b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:4b:79:34:dc:59:b8:80:d0:86:ad:58:cb:2c:
                    0f:e2:d2:fa:13:b0:75:f7:a3:d5:4c:1d:dc:14:ea:
                    de:b7:55:85:c4:75:0f:26:e5:de:1d:46:bd:ff:46:
                    05:86:04:7f:31:0b:bb:68:24:6e:b9:fe:d7:f1:93:
                    6a:11:7b:3a:30:01:3b:a9:51:89:6b:cc:c4:bb:3c:
                    84:de:e1:d2:70:90:7a:7e:f0:bf:c8:80:37:6a:bc:
                    ec:7d:42:70:da:ce:77:43:b7:fa:9e:e5:7c:fe:0c:
                    15:a2:37:89:13:ae:11:65:23:e7:cf:6d:51:59:3f:
                    33:e6:a7:b7:12:8f:07:3b:84:a4:c4:8a:e9:1b:c8:
                    2c:d2:7a:d0:e5:a3:e6:b2:ff:df:1b:89:74:dc:17:
                    d4:03:1b:eb:d4:6c:3a:ef:0f:72:2f:fa:5b:4d:d9:
                    45:bd:7d:b3:54:73:14:85:34:eb:1d:d3:67:19:21:
                    2f:ea:cb:b3:f3:f3:02:dd:05:bc:a4:27:a7:53:d7:
                    42:60:12:28:a9:74:6a:67:54:d2:b3:04:2d:ab:f5:
                    4d:d8:7d:19:9c:e5:47:bb:a3:80:71:b5:90:78:79:
                    77:5d:3b:68:d0:85:96:c4:5e:dc:8f:02:14:5d:15:
                    88:d7:03:5c:39:25:ae:81:52:8a:16:73:28:d3:78:
                    3d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:88:C4:7A:65:75:CB:7A:75:22:0D:0F:17:44:30:C2:68:5E:D4:1B
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/kojEemV1y3p1Ig0PF0Qwwmhe1Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.173.0-95.173.174.255

    Signature Algorithm: sha256WithRSAEncryption
         47:42:02:59:4a:60:4c:de:1f:7b:76:1f:4d:d6:8a:41:d2:77:
         88:6a:f0:75:81:eb:82:cc:ac:17:97:06:f7:a3:13:84:5b:0b:
         bc:15:ea:05:d2:9b:34:ff:d8:cc:3f:95:be:3a:cf:37:36:1f:
         dc:ec:55:bb:a9:33:d1:e8:ff:b5:7c:51:9d:3f:69:31:ed:ff:
         4f:c4:ce:ed:df:6c:6d:86:59:34:87:b5:1f:29:c5:90:7a:b6:
         48:02:a5:28:9e:c9:7e:86:ed:2e:58:09:01:61:22:e2:fd:19:
         48:e3:5b:db:59:1c:e9:f1:43:b1:a3:9b:ad:df:20:fa:ce:62:
         70:f7:c3:1d:08:71:cd:29:76:a7:cc:5c:01:41:00:f6:47:2a:
         f0:ac:56:12:3b:7b:b9:99:71:f9:73:e0:6d:70:44:da:c8:7e:
         c9:be:f8:c9:2c:aa:86:d6:ce:44:a2:b5:a4:d4:c4:fd:ba:29:
         16:3f:8b:41:67:be:6a:0e:e7:e8:38:92:79:63:e6:bf:23:c8:
         92:df:3b:37:86:1a:2e:08:2b:5e:00:5b:fd:be:75:53:2a:49:
         3f:3c:56:46:fd:21:92:c9:7c:14:30:a0:90:99:60:ee:58:b4:
         dc:b7:97:16:78:84:42:2c:cc:51:aa:e4:bf:26:34:2e:d5:98:
         7f:e3:c9:d0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdjgDyEfiy928o1MqeIbWbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjUwNjEyMDkzNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjg4YzQ3YTY1NzVjYjdhNzUyMjBkMGYxNzQ0MzBjMjY4NWVkNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kt5NNxZuIDQhq1YyywP4tL6E7B1
96PVTB3cFOret1WFxHUPJuXeHUa9/0YFhgR/MQu7aCRuuf7X8ZNqEXs6MAE7qVGJ
a8zEuzyE3uHScJB6fvC/yIA3arzsfUJw2s53Q7f6nuV8/gwVojeJE64RZSPnz21R
WT8z5qe3Eo8HO4SkxIrpG8gs0nrQ5aPmsv/fG4l03BfUAxvr1Gw67w9yL/pbTdlF
vX2zVHMUhTTrHdNnGSEv6suz8/MC3QW8pCenU9dCYBIoqXRqZ1TSswQtq/VN2H0Z
nOVHu6OAcbWQeHl3XTto0IWWxF7cjwIUXRWI1wNcOSWugVKKFnMo03g9swIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJKIxHpldct6dSINDxdEMMJoXtQbMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEva29qRWVtVjF5M3AxSWcwUEYwUXd3bWhlMUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABfra0D
BABfra4wDQYJKoZIhvcNAQELBQADggEBAEdCAllKYEzeH3t2H03WikHSd4hq8HWB
64LMrBeXBvejE4RbC7wV6gXSmzT/2Mw/lb46zzc2H9zsVbupM9Ho/7V8UZ0/aTHt
/0/Ezu3fbG2GWTSHtR8pxZB6tkgCpSieyX6G7S5YCQFhIuL9GUjjW9tZHOnxQ7Gj
m63fIPrOYnD3wx0Icc0pdqfMXAFBAPZHKvCsVhI7e7mZcflz4G1wRNrIfsm++Mks
qobWzkSitaTUxP26KRY/i0FnvmoO5+g4knlj5r8jyJLfOzeGGi4IK14AW/2+dVMq
ST88Vkb9IZLJfBQwoJCZYO5YtNy3lxZ4hEIszFGq5L8mNC7VmH/jydA=
-----END CERTIFICATE-----