Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/L2Ok5GdB4QIlyiu6jqDX3sqSZsQ.roa
File:                     L2Ok5GdB4QIlyiu6jqDX3sqSZsQ.roa (raw, json)
Hash identifier:          U+F1guAfTS7obRcxDCexfLUiVnDuUsPekwLK52t1jqo=
Subject key identifier:   2F:63:A4:E4:67:41:E1:02:25:CA:2B:BA:8E:A0:D7:DE:CA:92:66:C4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019744BF9FBE003501B14AE6A2151CBF7B76
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/L2Ok5GdB4QIlyiu6jqDX3sqSZsQ.roa
Signing time:             Fri 06 Jun 2025 10:18:18 +0000
ROA not before:           Fri 06 Jun 2025 10:18:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215691
IP address blocks:        79.110.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 14:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:bf:9f:be:00:35:01:b1:4a:e6:a2:15:1c:bf:7b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun  6 10:18:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f63a4e46741e10225ca2bba8ea0d7deca9266c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7d:07:2f:30:5b:ac:d4:a0:c6:98:8c:9a:03:
                    7f:58:ea:6d:7d:cd:57:2d:b8:68:50:90:5e:5b:57:
                    e7:38:eb:45:b5:bf:2b:ae:b3:60:b4:6c:18:05:ae:
                    a4:32:c9:de:a8:e4:1e:72:32:fc:6a:19:7f:31:22:
                    2c:0d:cf:10:e9:9c:1e:42:28:ae:96:ea:bd:eb:d6:
                    33:88:f8:7d:c8:b8:2d:f9:0f:a3:ab:c1:5b:2b:7f:
                    51:47:af:15:fe:57:b4:3a:9c:c0:88:ad:6a:2b:d8:
                    e5:b2:7a:72:0c:2c:e4:a8:6e:3b:c9:01:07:05:ba:
                    3c:e0:d4:4d:9a:64:3e:70:89:16:f3:58:38:1e:6d:
                    aa:eb:cf:0c:6d:6e:e7:1f:78:76:54:3c:0f:e6:eb:
                    5f:e7:45:3e:a3:98:72:29:9e:46:2d:fc:bc:70:c2:
                    80:f5:81:ec:95:e9:08:b7:6f:4c:89:5f:77:56:01:
                    6c:bc:e6:c0:9b:35:33:d4:51:04:36:54:2e:a9:60:
                    c1:07:c2:bf:c4:32:db:45:33:b9:06:ee:dd:ce:e5:
                    09:a7:7d:64:ec:5c:35:61:c0:bf:cd:d8:10:69:b2:
                    12:9c:1a:9b:61:ec:19:d4:29:f1:24:5e:11:9e:0c:
                    ec:d7:da:4f:64:d3:cc:29:81:eb:82:02:4b:b4:b8:
                    3e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:63:A4:E4:67:41:E1:02:25:CA:2B:BA:8E:A0:D7:DE:CA:92:66:C4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/L2Ok5GdB4QIlyiu6jqDX3sqSZsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c5:c3:b1:94:78:5c:d3:16:05:43:37:33:85:e0:1b:49:5d:
         b8:3a:81:ff:32:d8:46:2c:95:b0:18:4b:fc:4d:a4:9b:d3:1e:
         5e:c7:ac:2c:ec:b7:e4:1f:c3:ac:eb:e2:55:d9:61:cc:c0:9b:
         0a:2a:8a:99:d5:80:cb:57:7b:d6:71:b8:c9:d5:da:de:a1:28:
         4a:18:24:be:b2:fe:39:75:a7:e4:2a:38:a1:59:38:7b:dc:3e:
         30:f0:57:d9:f1:e0:e8:4b:f3:4e:b8:62:fd:32:71:12:a0:7d:
         7f:ac:99:3a:bf:f5:96:5f:21:b3:6e:6a:32:cf:94:f9:2a:fb:
         4c:70:2e:fa:c5:4e:8e:19:ed:02:0d:35:8f:5d:52:79:03:62:
         09:cb:03:73:50:03:ce:ed:0d:67:4d:82:3e:83:1b:7e:0b:3d:
         12:84:8c:be:7a:2a:a5:a3:e8:b1:93:e7:a5:92:98:08:e2:02:
         24:03:6f:2b:9c:e7:35:b1:13:8f:d7:9e:dd:30:b5:25:ac:d0:
         bc:43:0f:75:c5:1c:e9:c8:90:f4:91:fc:2b:f7:75:70:e0:06:
         01:04:c3:f9:53:58:ee:4e:9a:04:76:b1:97:ac:2f:27:3a:41:
         f6:6b:61:3f:b7:92:80:2f:c0:c9:d4:4d:54:db:f1:19:84:87:
         02:d4:ab:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdEv5++ADUBsUrmohUcv3t2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNjA2MTAxODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjYzYTRlNDY3NDFlMTAyMjVjYTJiYmE4ZWEwZDdkZWNhOTI2NmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx30HLzBbrNSgxpiMmgN/WOptfc1X
LbhoUJBeW1fnOOtFtb8rrrNgtGwYBa6kMsneqOQecjL8ahl/MSIsDc8Q6ZweQiiu
luq969YziPh9yLgt+Q+jq8FbK39RR68V/le0OpzAiK1qK9jlsnpyDCzkqG47yQEH
Bbo84NRNmmQ+cIkW81g4Hm2q688MbW7nH3h2VDwP5utf50U+o5hyKZ5GLfy8cMKA
9YHslekIt29MiV93VgFsvObAmzUz1FEENlQuqWDBB8K/xDLbRTO5Bu7dzuUJp31k
7Fw1YcC/zdgQabISnBqbYewZ1CnxJF4Rngzs19pPZNPMKYHrggJLtLg+0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9jpORnQeECJcoruo6g197KkmbEMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTDJPazVHZEI0UUlseWl1NmpxRFgzc3FTWnNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT24/MA0G
CSqGSIb3DQEBCwUAA4IBAQAKxcOxlHhc0xYFQzczheAbSV24OoH/MthGLJWwGEv8
TaSb0x5ex6ws7LfkH8Os6+JV2WHMwJsKKoqZ1YDLV3vWcbjJ1dreoShKGCS+sv45
dafkKjihWTh73D4w8FfZ8eDoS/NOuGL9MnESoH1/rJk6v/WWXyGzbmoyz5T5KvtM
cC76xU6OGe0CDTWPXVJ5A2IJywNzUAPO7Q1nTYI+gxt+Cz0ShIy+eiqlo+ixk+el
kpgI4gIkA28rnOc1sROP157dMLUlrNC8Qw91xRzpyJD0kfwr93Vw4AYBBMP5U1ju
TpoEdrGXrC8nOkH2a2E/t5KAL8DJ1E1U2/EZhIcC1Ksl
-----END CERTIFICATE-----