Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/9f490d-9c01-4d2f-a9ed-381704012ce2/1/F8wvoV2Msd-SeHr6PBjzhXHOGKU.roa
File:                     F8wvoV2Msd-SeHr6PBjzhXHOGKU.roa (raw, json)
Hash identifier:          GfnGToHeyWjARTLRd2eGQHQuQH+P8p0dtRcm2xvmJe4=
Subject key identifier:   17:CC:2F:A1:5D:8C:B1:DF:92:78:7A:FA:3C:18:F3:85:71:CE:18:A5
Certificate issuer:       /CN=774f7bda2303e03e8034fe7631f5048b9985f67e
Certificate serial:       0199AB711C1637B29175B928B578CB3A4D77
Authority key identifier: 77:4F:7B:DA:23:03:E0:3E:80:34:FE:76:31:F5:04:8B:99:85:F6:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d0972iMD4D6ANP52MfUEi5mF9n4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/9f490d-9c01-4d2f-a9ed-381704012ce2/1/F8wvoV2Msd-SeHr6PBjzhXHOGKU.roa
Signing time:             Fri 03 Oct 2025 18:59:00 +0000
ROA not before:           Fri 03 Oct 2025 18:59:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211167
IP address blocks:        195.35.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/9f490d-9c01-4d2f-a9ed-381704012ce2/1/d0972iMD4D6ANP52MfUEi5mF9n4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/9f490d-9c01-4d2f-a9ed-381704012ce2/1/d0972iMD4D6ANP52MfUEi5mF9n4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d0972iMD4D6ANP52MfUEi5mF9n4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ab:71:1c:16:37:b2:91:75:b9:28:b5:78:cb:3a:4d:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=774f7bda2303e03e8034fe7631f5048b9985f67e
        Validity
            Not Before: Oct  3 18:59:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17cc2fa15d8cb1df92787afa3c18f38571ce18a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:c3:2e:5f:0b:28:a3:e5:4c:c6:f1:9b:a6:97:
                    5f:bf:e6:0a:5a:ea:32:8f:55:6d:55:69:11:de:4a:
                    87:0f:00:c6:dd:39:a0:cb:46:e6:5c:83:62:78:8e:
                    bd:dc:f4:ff:5f:67:7d:53:d0:14:88:51:a4:6e:5e:
                    7f:e2:d3:2a:40:69:8b:2e:24:3e:1e:a5:71:b3:ed:
                    52:9a:15:3d:75:00:1d:39:2c:39:9d:1f:57:46:5e:
                    ef:3f:56:b8:1c:dc:11:66:40:61:4c:d4:18:07:cd:
                    ac:00:0e:5b:89:7e:85:f2:42:12:15:8f:ad:12:d1:
                    b4:f3:89:eb:3c:38:ec:a6:e5:76:a2:7f:bd:1a:09:
                    8c:87:14:07:04:6f:ef:77:af:ad:6e:1d:ae:e0:48:
                    10:02:1b:1b:73:50:98:f5:cc:bd:93:c5:75:99:e6:
                    34:8d:8d:eb:10:0f:96:e4:3d:28:c8:61:c1:0e:1b:
                    75:af:28:15:7d:15:a0:b4:63:3b:26:48:99:51:e7:
                    8a:4f:97:11:6c:01:f2:68:e8:55:30:55:9f:7d:cf:
                    54:b2:c9:19:1e:ce:88:91:2c:71:58:15:be:bd:a7:
                    ae:67:de:02:37:c6:27:78:70:0f:92:39:34:a3:27:
                    b0:7e:4b:e5:92:f7:66:e6:34:00:38:64:99:30:fb:
                    47:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:CC:2F:A1:5D:8C:B1:DF:92:78:7A:FA:3C:18:F3:85:71:CE:18:A5
            X509v3 Authority Key Identifier:
                keyid:77:4F:7B:DA:23:03:E0:3E:80:34:FE:76:31:F5:04:8B:99:85:F6:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0972iMD4D6ANP52MfUEi5mF9n4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/9f490d-9c01-4d2f-a9ed-381704012ce2/1/F8wvoV2Msd-SeHr6PBjzhXHOGKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/9f490d-9c01-4d2f-a9ed-381704012ce2/1/d0972iMD4D6ANP52MfUEi5mF9n4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:83:4a:ba:23:94:b3:74:63:f2:42:8d:a9:ed:52:99:5c:b0:
         82:2c:ed:94:fc:6c:34:cb:da:6e:71:7c:26:b4:75:a3:31:07:
         63:d4:f7:66:56:1a:84:8c:f6:2f:14:06:dd:7f:71:e3:5d:c3:
         10:6c:8f:60:6c:8b:4f:7b:2f:73:39:3a:3f:d2:cb:cd:8d:d9:
         4a:c2:5c:a7:73:66:6c:21:6a:9b:90:62:d9:df:9e:41:f8:b5:
         53:96:97:24:a9:13:2d:0b:e9:db:10:b9:1e:5e:13:d2:d7:1f:
         62:4a:66:36:bc:8a:60:9f:1e:9f:54:b3:63:3a:77:ec:a6:9e:
         01:28:3d:17:bf:57:3e:a8:1b:22:a4:b6:71:0a:36:94:f3:e2:
         79:2d:db:07:c8:18:95:4b:93:25:76:45:12:40:36:18:42:a9:
         d2:9a:c2:c4:e0:9d:03:19:62:94:a8:9a:c2:6d:c5:ec:4c:5e:
         ba:da:29:c6:ff:2a:e8:ab:52:d5:1c:a0:06:f4:1b:06:6a:e1:
         da:93:f7:33:24:ec:3f:9f:ad:fc:68:32:2b:da:56:03:f2:ab:
         aa:4d:7d:17:13:26:af:ec:58:00:47:5d:cc:73:1f:21:80:ca:
         1b:90:cf:62:cc:73:14:2f:d4:71:c9:d3:d3:6c:20:f7:73:b8:
         12:9e:3b:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmrcRwWN7KRdbkotXjLOk13MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NGY3YmRhMjMwM2UwM2U4MDM0ZmU3NjMxZjUwNDhiOTk4
NWY2N2UwHhcNMjUxMDAzMTg1OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2NjMmZhMTVkOGNiMWRmOTI3ODdhZmEzYzE4ZjM4NTcxY2UxOGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sMuXwsoo+VMxvGbppdfv+YKWuoy
j1VtVWkR3kqHDwDG3Tmgy0bmXINieI693PT/X2d9U9AUiFGkbl5/4tMqQGmLLiQ+
HqVxs+1SmhU9dQAdOSw5nR9XRl7vP1a4HNwRZkBhTNQYB82sAA5biX6F8kISFY+t
EtG084nrPDjspuV2on+9GgmMhxQHBG/vd6+tbh2u4EgQAhsbc1CY9cy9k8V1meY0
jY3rEA+W5D0oyGHBDht1rygVfRWgtGM7JkiZUeeKT5cRbAHyaOhVMFWffc9UsskZ
Hs6IkSxxWBW+vaeuZ94CN8YneHAPkjk0oyewfkvlkvdm5jQAOGSZMPtHdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfML6FdjLHfknh6+jwY84VxzhilMB8GA1UdIwQY
MBaAFHdPe9ojA+A+gDT+djH1BIuZhfZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDA5NzJpTUQ0RDZBTlA1Mk1mVUVpNW1GOW40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi85ZjQ5MGQtOWMwMS00ZDJmLWE5ZWQt
MzgxNzA0MDEyY2UyLzEvRjh3dm9WMk1zZC1TZUhyNlBCanpoWEhPR0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi85ZjQ5MGQtOWMwMS00ZDJmLWE5ZWQtMzgxNzA0MDEyY2Uy
LzEvZDA5NzJpTUQ0RDZBTlA1Mk1mVUVpNW1GOW40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyNwMA0G
CSqGSIb3DQEBCwUAA4IBAQAKg0q6I5SzdGPyQo2p7VKZXLCCLO2U/Gw0y9pucXwm
tHWjMQdj1PdmVhqEjPYvFAbdf3HjXcMQbI9gbItPey9zOTo/0svNjdlKwlync2Zs
IWqbkGLZ355B+LVTlpckqRMtC+nbELkeXhPS1x9iSmY2vIpgnx6fVLNjOnfspp4B
KD0Xv1c+qBsipLZxCjaU8+J5LdsHyBiVS5MldkUSQDYYQqnSmsLE4J0DGWKUqJrC
bcXsTF662inG/yroq1LVHKAG9BsGauHak/czJOw/n638aDIr2lYD8quqTX0XEyav
7FgAR13Mcx8hgMobkM9izHMUL9RxydPTbCD3c7gSnjuX
-----END CERTIFICATE-----