Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/Sk4oS4Jwout0TIyWtwTprBvECw8.roa
File:                     Sk4oS4Jwout0TIyWtwTprBvECw8.roa (raw, json)
Hash identifier:          d9eggJxjronzsMXpOOKPiqelR6UqHbuMYzc02e4+PZo=
Subject key identifier:   4A:4E:28:4B:82:70:A2:EB:74:4C:8C:96:B7:04:E9:AC:1B:C4:0B:0F
Certificate issuer:       /CN=b5cafe1e3aea2f6d911ed107a08aafee979a4f51
Certificate serial:       019951C825ED288ECE22E0027CF2376A1DB5
Authority key identifier: B5:CA:FE:1E:3A:EA:2F:6D:91:1E:D1:07:A0:8A:AF:EE:97:9A:4F:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/Sk4oS4Jwout0TIyWtwTprBvECw8.roa
Signing time:             Tue 16 Sep 2025 09:08:15 +0000
ROA not before:           Tue 16 Sep 2025 09:08:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48339
IP address blocks:        91.207.134.0/23 maxlen: 23
                          195.234.0.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 22:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:51:c8:25:ed:28:8e:ce:22:e0:02:7c:f2:37:6a:1d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5cafe1e3aea2f6d911ed107a08aafee979a4f51
        Validity
            Not Before: Sep 16 09:08:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a4e284b8270a2eb744c8c96b704e9ac1bc40b0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:67:20:93:88:ad:9d:9c:7e:9f:3c:9f:4a:96:
                    8b:89:26:c4:75:40:d4:57:30:7a:82:1e:a4:90:a4:
                    17:bf:a1:c3:4b:02:2c:91:b0:2c:cd:e3:0a:f8:f6:
                    2a:6f:18:d5:79:85:b4:53:7a:1d:08:b1:29:0b:58:
                    47:a1:5c:92:16:f3:db:f9:b8:f3:0f:cb:2c:12:d3:
                    52:6d:ad:e4:88:7d:28:c3:37:11:87:fd:a9:81:75:
                    b0:ae:7b:8e:02:e2:96:c1:33:ce:ff:64:30:43:ec:
                    e9:90:0a:16:56:f4:f5:58:05:31:7b:c9:f6:d7:4d:
                    ed:43:03:f1:38:9c:44:f6:e8:a6:0d:0b:1b:8a:5f:
                    39:12:37:32:9c:8e:6b:cf:52:26:5d:5b:e2:4c:28:
                    80:c6:d1:9a:2e:0b:01:62:7d:e3:78:b3:73:ca:f2:
                    62:c1:75:eb:bd:71:b0:64:6a:2d:6a:21:65:46:f1:
                    ca:57:7c:fe:27:d0:d6:27:f7:ca:d5:78:24:2e:4e:
                    f3:36:d1:b7:73:ea:51:8a:b9:79:07:b6:73:c2:b1:
                    7b:ff:60:67:36:b3:80:68:42:74:14:30:88:33:87:
                    f7:0e:27:73:39:ce:45:6f:b4:d1:9d:50:81:ed:01:
                    09:ae:22:b8:23:8d:04:bd:f3:cc:3c:d0:b9:fb:b8:
                    be:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:4E:28:4B:82:70:A2:EB:74:4C:8C:96:B7:04:E9:AC:1B:C4:0B:0F
            X509v3 Authority Key Identifier:
                keyid:B5:CA:FE:1E:3A:EA:2F:6D:91:1E:D1:07:A0:8A:AF:EE:97:9A:4F:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/Sk4oS4Jwout0TIyWtwTprBvECw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.134.0/23
                  195.234.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:78:e4:b5:e3:26:7c:87:82:a1:20:33:1a:98:49:20:92:01:
         f3:be:3e:60:f9:e4:b4:ec:b1:b2:c5:fb:fe:e4:77:41:0f:0e:
         83:80:5e:ee:78:4b:05:37:56:6f:d4:91:6b:ca:c2:96:3b:00:
         45:8b:e7:17:71:6a:7c:1c:ed:0a:fa:1a:13:24:f6:8c:b2:b7:
         b9:dc:fb:1b:67:be:61:3d:a0:a6:be:8b:cb:2d:fa:7a:1c:73:
         cb:10:d8:d9:4a:a5:a2:17:5a:40:70:08:9b:83:ed:2a:d3:08:
         11:ad:48:fa:c7:36:4d:85:3e:17:e8:34:a6:dc:db:d8:de:ad:
         e4:e6:5c:f1:d8:74:d1:a5:d6:be:42:51:53:6d:98:fb:09:2a:
         68:10:bf:a9:31:44:bb:66:70:b5:a0:2e:a2:10:6b:0d:e3:17:
         5e:79:49:94:da:68:0e:50:e1:50:ca:43:4e:1c:e9:e7:f5:61:
         91:32:ec:b7:e9:5c:c2:03:11:30:2a:4c:ec:54:28:c5:d7:64:
         3d:6e:b4:82:1e:b9:0a:0f:fb:82:79:12:2d:0c:bd:ce:92:0f:
         90:01:fd:15:cc:bc:b3:04:df:86:ca:f8:72:32:a2:c4:90:da:
         9c:36:4d:be:e9:90:b5:9f:1e:2d:e4:c8:30:65:6d:39:00:23:
         f2:5a:6d:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlRyCXtKI7OIuACfPI3ah21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1Y2FmZTFlM2FlYTJmNmQ5MTFlZDEwN2EwOGFhZmVlOTc5
YTRmNTEwHhcNMjUwOTE2MDkwODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTRlMjg0YjgyNzBhMmViNzQ0YzhjOTZiNzA0ZTlhYzFiYzQwYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6mcgk4itnZx+nzyfSpaLiSbEdUDU
VzB6gh6kkKQXv6HDSwIskbAszeMK+PYqbxjVeYW0U3odCLEpC1hHoVySFvPb+bjz
D8ssEtNSba3kiH0owzcRh/2pgXWwrnuOAuKWwTPO/2QwQ+zpkAoWVvT1WAUxe8n2
103tQwPxOJxE9uimDQsbil85EjcynI5rz1ImXVviTCiAxtGaLgsBYn3jeLNzyvJi
wXXrvXGwZGotaiFlRvHKV3z+J9DWJ/fK1XgkLk7zNtG3c+pRirl5B7ZzwrF7/2Bn
NrOAaEJ0FDCIM4f3DidzOc5Fb7TRnVCB7QEJriK4I40EvfPMPNC5+7i+DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEpOKEuCcKLrdEyMlrcE6awbxAsPMB8GA1UdIwQY
MBaAFLXK/h466i9tkR7RB6CKr+6Xmk9RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNyLUhqcnFMMjJSSHRFSG9JcXY3cGVhVDFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi83N2Y5OWMtMzVjYi00N2E2LWJhYzMt
Y2FiYTgxYzlhMTUyLzEvU2s0b1M0SndvdXQwVEl5V3R3VHByQnZFQ3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi83N2Y5OWMtMzVjYi00N2E2LWJhYzMtY2FiYTgxYzlhMTUy
LzEvdGNyLUhqcnFMMjJSSHRFSG9JcXY3cGVhVDFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8+GAwQB
w+oAMA0GCSqGSIb3DQEBCwUAA4IBAQCleOS14yZ8h4KhIDMamEkgkgHzvj5g+eS0
7LGyxfv+5HdBDw6DgF7ueEsFN1Zv1JFrysKWOwBFi+cXcWp8HO0K+hoTJPaMsre5
3PsbZ75hPaCmvovLLfp6HHPLENjZSqWiF1pAcAibg+0q0wgRrUj6xzZNhT4X6DSm
3NvY3q3k5lzx2HTRpda+QlFTbZj7CSpoEL+pMUS7ZnC1oC6iEGsN4xdeeUmU2mgO
UOFQykNOHOnn9WGRMuy36VzCAxEwKkzsVCjF12Q9brSCHrkKD/uCeRItDL3Okg+Q
Af0VzLyzBN+GyvhyMqLEkNqcNk2+6ZC1nx4t5MgwZW05ACPyWm15
-----END CERTIFICATE-----