Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/6gcOziku0v8dQBqn9i7TAquuuxA.roa
File:                     6gcOziku0v8dQBqn9i7TAquuuxA.roa (raw, json)
Hash identifier:          HoHuSuzHO0O4IyS+Skat8F4V/48rWZQkHaRFBSVNWLE=
Subject key identifier:   EA:07:0E:CE:29:2E:D2:FF:1D:40:1A:A7:F6:2E:D3:02:AB:AE:BB:10
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       0198BF200875FC300317F6E6AE15F2E581DD
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/6gcOziku0v8dQBqn9i7TAquuuxA.roa
Signing time:             Mon 18 Aug 2025 21:40:04 +0000
ROA not before:           Mon 18 Aug 2025 21:40:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401163
IP address blocks:        85.239.153.0/24 maxlen: 24
                          85.239.159.0/24 maxlen: 24
                          92.62.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bf:20:08:75:fc:30:03:17:f6:e6:ae:15:f2:e5:81:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Aug 18 21:40:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea070ece292ed2ff1d401aa7f62ed302abaebb10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e1:ea:a0:35:db:85:af:ea:2d:c0:ce:54:01:
                    39:8d:de:5a:ec:c7:19:89:9b:ca:be:78:66:83:02:
                    86:f4:68:54:11:7a:25:1f:6b:44:14:ae:2f:4f:6f:
                    67:85:b7:26:51:90:fa:8b:52:c5:d7:f2:53:12:5c:
                    c6:5e:9e:c0:03:61:c5:46:a5:b1:da:ae:10:8d:5d:
                    0c:0a:f5:67:25:f5:5e:8e:a0:cf:fa:f6:65:d3:fb:
                    f9:fd:01:17:eb:47:73:68:70:8a:96:ba:9d:e8:96:
                    65:70:6f:b0:1f:35:fa:3f:d4:f0:b4:77:9c:7b:02:
                    ce:4c:60:ca:cf:81:fd:e3:be:9e:d4:62:af:90:17:
                    e1:6b:9b:03:7d:cf:c1:c9:54:c2:03:21:dd:50:5d:
                    db:c9:67:08:d7:5a:e4:fb:91:f8:8e:19:d7:d9:3c:
                    3c:b9:2a:8a:ea:49:b2:c4:d8:ec:b9:dd:42:12:30:
                    2f:0b:2c:6b:89:06:1c:49:52:31:ce:e3:a5:37:da:
                    bf:58:9f:63:39:ba:a4:82:a2:b6:e5:b9:e0:0c:64:
                    2f:0a:cd:bd:2f:65:d7:47:85:93:79:34:a1:a9:5e:
                    2b:47:d8:33:cb:4b:97:e9:35:07:04:3e:1b:68:d8:
                    66:d1:5d:00:59:cb:d7:ad:75:6c:8a:83:f6:71:35:
                    b3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:07:0E:CE:29:2E:D2:FF:1D:40:1A:A7:F6:2E:D3:02:AB:AE:BB:10
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/6gcOziku0v8dQBqn9i7TAquuuxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.153.0/24
                  85.239.159.0/24
                  92.62.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:30:bc:f4:dc:64:df:5c:49:ae:0a:00:bc:06:d2:92:a8:49:
         51:e4:10:48:03:ab:c1:d6:ee:aa:ee:08:c2:d8:94:36:c8:37:
         d7:39:2d:68:ab:3e:54:29:2d:74:23:59:f5:bc:dc:64:2c:b9:
         99:50:83:a9:65:77:f1:66:40:1c:fd:c0:c5:d5:64:c3:6e:62:
         b8:cd:81:85:ad:f5:34:12:d0:4f:62:66:82:a3:46:61:47:31:
         b4:59:bb:c6:d7:ba:5c:89:85:d6:01:4b:67:60:32:e8:75:29:
         f3:b3:4a:c9:85:8f:82:ee:5d:65:52:ee:ed:4b:ec:cd:42:e2:
         f4:49:fc:67:c6:7e:4b:bd:e1:2a:4f:1c:f6:98:08:b4:74:48:
         f2:a3:04:dd:99:52:07:18:9d:56:cc:97:8c:b8:6f:47:b7:df:
         d5:df:2f:2a:c2:21:63:e2:2e:c4:f4:3d:7f:5c:e2:dd:d3:f8:
         81:e5:71:47:0c:e4:71:8c:4e:a8:c2:cc:3e:01:c2:ec:b0:6c:
         65:c4:ba:d3:8e:d4:02:03:45:27:71:4c:51:02:62:04:bf:d0:
         e5:ce:d1:26:f6:59:0d:0e:c7:0b:44:19:da:80:48:1c:2f:b0:
         6f:73:45:ac:70:8f:d3:0f:87:c6:46:07:25:8c:98:48:fb:c1:
         39:dc:95:3c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZi/IAh1/DADF/bmrhXy5YHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwODE4MjE0MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTA3MGVjZTI5MmVkMmZmMWQ0MDFhYTdmNjJlZDMwMmFiYWViYjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eHqoDXbha/qLcDOVAE5jd5a7McZ
iZvKvnhmgwKG9GhUEXolH2tEFK4vT29nhbcmUZD6i1LF1/JTElzGXp7AA2HFRqWx
2q4QjV0MCvVnJfVejqDP+vZl0/v5/QEX60dzaHCKlrqd6JZlcG+wHzX6P9TwtHec
ewLOTGDKz4H9476e1GKvkBfha5sDfc/ByVTCAyHdUF3byWcI11rk+5H4jhnX2Tw8
uSqK6kmyxNjsud1CEjAvCyxriQYcSVIxzuOlN9q/WJ9jObqkgqK25bngDGQvCs29
L2XXR4WTeTShqV4rR9gzy0uX6TUHBD4baNhm0V0AWcvXrXVsioP2cTWzWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOoHDs4pLtL/HUAap/Yu0wKrrrsQMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvNmdjT3ppa3UwdjhkUUJxbjlpN1RBcXV1dXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVe+ZAwQA
Ve+fAwQAXD76MA0GCSqGSIb3DQEBCwUAA4IBAQArMLz03GTfXEmuCgC8BtKSqElR
5BBIA6vB1u6q7gjC2JQ2yDfXOS1oqz5UKS10I1n1vNxkLLmZUIOpZXfxZkAc/cDF
1WTDbmK4zYGFrfU0EtBPYmaCo0ZhRzG0WbvG17pciYXWAUtnYDLodSnzs0rJhY+C
7l1lUu7tS+zNQuL0Sfxnxn5LveEqTxz2mAi0dEjyowTdmVIHGJ1WzJeMuG9Ht9/V
3y8qwiFj4i7E9D1/XOLd0/iB5XFHDORxjE6owsw+AcLssGxlxLrTjtQCA0UncUxR
AmIEv9DlztEm9lkNDscLRBnagEgcL7Bvc0WscI/TD4fGRgcljJhI+8E53JU8
-----END CERTIFICATE-----