Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/iDpQNT2zENvZBdlwmVa2eahg-4w.roa
File:                     iDpQNT2zENvZBdlwmVa2eahg-4w.roa (raw, json)
Hash identifier:          +pNICRMdPczLNv2a8Zb+PvZ8F7nTaRrJXFaN803DnT8=
Subject key identifier:   88:3A:50:35:3D:B3:10:DB:D9:05:D9:70:99:56:B6:79:A8:60:FB:8C
Certificate issuer:       /CN=320b24a740f2e61632050adc146c1ee6a3e686c5
Certificate serial:       0199EC5E7B24CCD4154EBC7D4A37ED9D1E61
Authority key identifier: 32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/iDpQNT2zENvZBdlwmVa2eahg-4w.roa
Signing time:             Thu 16 Oct 2025 09:33:58 +0000
ROA not before:           Thu 16 Oct 2025 09:33:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208995
IP address blocks:        92.240.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ec:5e:7b:24:cc:d4:15:4e:bc:7d:4a:37:ed:9d:1e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=320b24a740f2e61632050adc146c1ee6a3e686c5
        Validity
            Not Before: Oct 16 09:33:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=883a50353db310dbd905d9709956b679a860fb8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:00:ae:66:ff:a8:b7:f0:90:71:5d:5c:86:4d:
                    73:89:5b:a3:63:07:b5:4c:1f:5b:fd:39:8d:a4:ac:
                    41:67:8e:83:2a:0b:5f:1a:ac:fe:64:4b:92:aa:9e:
                    e2:90:a2:fe:eb:22:67:89:09:5b:d9:32:f8:f3:63:
                    d6:d3:ad:f5:e6:00:e7:e1:9d:d6:9d:2b:cf:58:a1:
                    6b:4d:d9:78:6b:94:c5:58:76:d0:24:e2:f8:29:6f:
                    ac:62:d6:af:0d:c0:5e:be:85:70:9a:42:8a:af:4b:
                    4f:cc:dd:14:db:1a:90:67:dc:a8:a4:5a:a1:53:c7:
                    42:c3:58:64:2b:a3:22:66:ea:8e:1e:ec:e9:39:89:
                    3f:e6:82:8a:19:9e:eb:e0:d1:94:2c:11:4f:4d:bb:
                    ff:0b:5e:98:b1:b2:97:5a:9f:5a:d1:47:60:e5:b1:
                    e5:54:5e:8e:40:ba:4e:ae:03:6f:91:5e:50:69:19:
                    bf:ed:4d:c7:eb:ef:24:85:68:5c:cc:bb:68:46:97:
                    8d:71:e6:68:94:5b:86:6f:ec:ae:ad:18:30:3c:64:
                    84:80:2e:40:11:8f:ff:2e:d2:e2:26:3b:45:a9:56:
                    a3:87:68:46:6c:60:41:ee:f8:c2:bb:e4:41:76:e0:
                    79:8b:4a:4e:ce:f6:b3:49:07:59:ce:9e:5b:aa:ea:
                    d6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:3A:50:35:3D:B3:10:DB:D9:05:D9:70:99:56:B6:79:A8:60:FB:8C
            X509v3 Authority Key Identifier:
                keyid:32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/iDpQNT2zENvZBdlwmVa2eahg-4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.240.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:16:d0:0d:7b:58:88:1d:12:93:63:2f:2d:b4:06:2a:3a:0d:
         95:c8:0b:ba:94:54:9c:c9:0a:6a:32:95:79:0b:c9:69:8a:6d:
         ff:4e:25:83:24:65:6c:a2:28:aa:6f:5b:c5:cf:b4:fe:35:f3:
         ca:27:cb:01:6b:09:26:c2:26:54:06:bd:cd:69:9d:bd:e4:ad:
         38:9c:35:fa:30:c9:7c:83:4f:d5:fa:b1:2b:a4:27:19:a5:42:
         ac:d8:09:96:46:5c:d6:19:10:14:0e:40:91:bf:42:07:52:7e:
         2a:b0:fa:a1:27:61:69:42:81:7c:ba:83:4e:05:06:85:ef:32:
         00:8e:1e:a1:f4:3b:8e:90:08:23:93:0c:f2:f3:b2:cf:39:30:
         f3:55:23:0a:76:fb:ff:3c:33:88:10:89:aa:a5:6b:d3:62:56:
         54:9a:47:e4:63:a3:93:c4:8f:6d:8b:1e:bc:b8:9b:25:e7:d5:
         31:bc:88:bc:91:4f:76:39:e7:a6:5f:a6:45:19:00:af:f9:c1:
         dc:cb:b3:5d:8d:c1:1e:2b:d5:c9:f0:93:e2:f1:a6:7e:67:4b:
         11:87:4c:2d:fd:d4:81:f6:48:ec:8c:75:bd:ed:7a:da:96:87:
         c0:87:b4:cc:69:1f:16:61:6f:b0:f5:a8:fd:7a:d6:0e:49:fd:
         c0:18:87:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnsXnskzNQVTrx9SjftnR5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMGIyNGE3NDBmMmU2MTYzMjA1MGFkYzE0NmMxZWU2YTNl
Njg2YzUwHhcNMjUxMDE2MDkzMzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODNhNTAzNTNkYjMxMGRiZDkwNWQ5NzA5OTU2YjY3OWE4NjBmYjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmACuZv+ot/CQcV1chk1ziVujYwe1
TB9b/TmNpKxBZ46DKgtfGqz+ZEuSqp7ikKL+6yJniQlb2TL482PW06315gDn4Z3W
nSvPWKFrTdl4a5TFWHbQJOL4KW+sYtavDcBevoVwmkKKr0tPzN0U2xqQZ9yopFqh
U8dCw1hkK6MiZuqOHuzpOYk/5oKKGZ7r4NGULBFPTbv/C16YsbKXWp9a0Udg5bHl
VF6OQLpOrgNvkV5QaRm/7U3H6+8khWhczLtoRpeNceZolFuGb+yurRgwPGSEgC5A
EY//LtLiJjtFqVajh2hGbGBB7vjCu+RBduB5i0pOzvazSQdZzp5bqurWIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIg6UDU9sxDb2QXZcJlWtnmoYPuMMB8GA1UdIwQY
MBaAFDILJKdA8uYWMgUK3BRsHuaj5obFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYt
OTQ5MTRmNWRkYjNjLzEvaURwUU5UMnpFTnZaQmRsd21WYTJlYWhnLTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYtOTQ5MTRmNWRkYjNj
LzEvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPBYMA0G
CSqGSIb3DQEBCwUAA4IBAQCAFtANe1iIHRKTYy8ttAYqOg2VyAu6lFScyQpqMpV5
C8lpim3/TiWDJGVsoiiqb1vFz7T+NfPKJ8sBawkmwiZUBr3NaZ295K04nDX6MMl8
g0/V+rErpCcZpUKs2AmWRlzWGRAUDkCRv0IHUn4qsPqhJ2FpQoF8uoNOBQaF7zIA
jh6h9DuOkAgjkwzy87LPOTDzVSMKdvv/PDOIEImqpWvTYlZUmkfkY6OTxI9tix68
uJsl59UxvIi8kU92OeemX6ZFGQCv+cHcy7NdjcEeK9XJ8JPi8aZ+Z0sRh0wt/dSB
9kjsjHW97XralofAh7TMaR8WYW+w9aj9etYOSf3AGIe7
-----END CERTIFICATE-----