Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/DyZ7ybIOztB4ECY2V3FC-Jmj20o.roa
File:                     DyZ7ybIOztB4ECY2V3FC-Jmj20o.roa (raw, json)
Hash identifier:          EKnRk97RdaioorYgaBLLuYpqqDf1Vm0E5dnuyWkxoAs=
Subject key identifier:   0F:26:7B:C9:B2:0E:CE:D0:78:10:26:36:57:71:42:F8:99:A3:DB:4A
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       0198A76312FFCE73B6F3B41F32CC79874CAF
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/DyZ7ybIOztB4ECY2V3FC-Jmj20o.roa
Signing time:             Thu 14 Aug 2025 07:02:24 +0000
ROA not before:           Thu 14 Aug 2025 07:02:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54339
IP address blocks:        159.148.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:63:12:ff:ce:73:b6:f3:b4:1f:32:cc:79:87:4c:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Aug 14 07:02:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f267bc9b20eced078102636577142f899a3db4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:38:90:d0:fa:b1:8c:88:92:84:9f:9d:5b:c4:
                    28:46:ff:d4:52:c1:5f:08:af:0c:10:78:de:8d:1b:
                    67:8e:c3:7f:95:44:65:86:11:93:38:63:92:27:3f:
                    a4:28:57:42:42:60:40:da:aa:cf:94:45:ff:5d:02:
                    23:8c:33:b3:fc:dd:78:a1:ef:32:e1:50:8c:a4:d4:
                    66:e9:92:18:23:c7:6b:92:59:e9:90:ec:d0:89:0c:
                    f8:3c:cd:ae:49:d0:05:17:64:6e:ba:fc:12:32:83:
                    3d:b9:da:45:80:c2:89:5d:0d:f6:00:d0:64:e3:be:
                    14:97:d3:c9:42:d1:b0:00:92:e4:2c:5d:1c:59:7a:
                    80:85:a0:22:63:46:b4:22:ff:dc:8c:05:45:63:c0:
                    93:1f:6f:cc:79:ac:66:a0:de:4b:ee:57:5a:c0:7c:
                    f4:a5:79:0a:16:90:1d:06:d9:4c:e9:85:a1:cf:36:
                    c6:0b:27:32:fb:a6:db:44:88:42:db:82:a0:b8:70:
                    cd:c2:e6:6a:8f:c1:67:4c:a3:ba:47:e7:b1:ff:ad:
                    26:d2:5b:7d:ad:32:23:35:b4:0b:7e:ad:94:c9:b5:
                    70:6e:7d:62:a1:e5:78:6e:0f:e2:75:75:08:1d:d7:
                    b2:2a:c6:91:56:72:82:e0:33:a6:da:01:a0:fa:a1:
                    99:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:26:7B:C9:B2:0E:CE:D0:78:10:26:36:57:71:42:F8:99:A3:DB:4A
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/DyZ7ybIOztB4ECY2V3FC-Jmj20o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:18:1b:37:75:9e:e2:8e:90:ea:50:f5:57:09:d8:fd:a7:9b:
         7d:f9:76:bb:e0:c5:c4:d3:4b:aa:f9:f6:07:21:d6:d2:3d:02:
         c2:2e:f3:3a:d3:91:2b:55:7b:09:28:0e:1d:f3:bf:05:22:04:
         9e:de:13:84:f4:f7:25:db:88:a4:72:94:4e:a2:f3:41:7b:5f:
         58:3b:3f:e6:2e:8a:e3:c2:0c:3f:11:c0:80:67:88:4e:ae:83:
         f9:d9:01:2b:a9:76:61:18:4a:a2:e6:13:c2:25:fb:88:71:04:
         77:91:bf:5f:dc:a8:19:4e:57:49:b5:e1:d8:b1:34:c6:87:24:
         7c:1c:4d:37:eb:3c:4e:45:6b:50:46:d8:32:8e:5e:44:4a:60:
         fb:0c:c9:18:b3:ac:6a:a8:d0:6d:88:07:99:19:e9:0e:f4:0b:
         58:29:91:d5:37:6a:de:ef:0b:68:ef:11:a2:9d:b3:46:cd:fa:
         0f:97:7e:c0:dc:ed:42:7c:30:1c:1d:0d:d5:35:62:24:41:6f:
         0b:1c:6a:4b:6d:03:cb:6d:c8:fb:e0:ef:5e:a8:4c:78:ff:f1:
         5a:c9:d4:85:bc:88:b8:9d:19:5a:d9:28:70:0b:bc:0b:99:79:
         55:8d:a0:82:c7:29:02:7e:90:15:e5:47:a9:46:5a:29:96:fe:
         de:b1:b1:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZinYxL/znO287QfMsx5h0yvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwODE0MDcwMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjI2N2JjOWIyMGVjZWQwNzgxMDI2MzY1NzcxNDJmODk5YTNkYjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TiQ0PqxjIiShJ+dW8QoRv/UUsFf
CK8MEHjejRtnjsN/lURlhhGTOGOSJz+kKFdCQmBA2qrPlEX/XQIjjDOz/N14oe8y
4VCMpNRm6ZIYI8drklnpkOzQiQz4PM2uSdAFF2RuuvwSMoM9udpFgMKJXQ32ANBk
474Ul9PJQtGwAJLkLF0cWXqAhaAiY0a0Iv/cjAVFY8CTH2/MeaxmoN5L7ldawHz0
pXkKFpAdBtlM6YWhzzbGCycy+6bbRIhC24KguHDNwuZqj8FnTKO6R+ex/60m0lt9
rTIjNbQLfq2UybVwbn1ioeV4bg/idXUIHdeyKsaRVnKC4DOm2gGg+qGZrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8me8myDs7QeBAmNldxQviZo9tKMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvRHlaN3liSU96dEI0RUNZMlYzRkMtSm1qMjBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5T/MA0G
CSqGSIb3DQEBCwUAA4IBAQC1GBs3dZ7ijpDqUPVXCdj9p5t9+Xa74MXE00uq+fYH
IdbSPQLCLvM605ErVXsJKA4d878FIgSe3hOE9Pcl24ikcpROovNBe19YOz/mLorj
wgw/EcCAZ4hOroP52QErqXZhGEqi5hPCJfuIcQR3kb9f3KgZTldJteHYsTTGhyR8
HE036zxORWtQRtgyjl5ESmD7DMkYs6xqqNBtiAeZGekO9AtYKZHVN2re7wto7xGi
nbNGzfoPl37A3O1CfDAcHQ3VNWIkQW8LHGpLbQPLbcj74O9eqEx4//FaydSFvIi4
nRla2ShwC7wLmXlVjaCCxykCfpAV5UepRloplv7esbEN
-----END CERTIFICATE-----