Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/KOQt4Fdw-Mbd2H2laDLh-QtpT_A.roa
File:                     KOQt4Fdw-Mbd2H2laDLh-QtpT_A.roa (raw, json)
Hash identifier:          E+ao0zcz+gKQCFRR+32WIwFe4k6aZm0mJuIHZG8OTjY=
Subject key identifier:   28:E4:2D:E0:57:70:F8:C6:DD:D8:7D:A5:68:32:E1:F9:0B:69:4F:F0
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       019859E668CD77418DC0533EC182935DA85C
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/KOQt4Fdw-Mbd2H2laDLh-QtpT_A.roa
Signing time:             Wed 30 Jul 2025 05:55:29 +0000
ROA not before:           Wed 30 Jul 2025 05:55:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        62.164.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:59:e6:68:cd:77:41:8d:c0:53:3e:c1:82:93:5d:a8:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Jul 30 05:55:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28e42de05770f8c6ddd87da56832e1f90b694ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:92:53:3b:06:9c:d6:13:a4:5a:cd:c7:22:df:
                    69:0c:bd:c9:54:df:b3:fc:57:76:80:1a:ba:0c:d2:
                    79:0d:fb:9b:b4:b2:47:b7:8f:bd:b7:3c:0f:4d:72:
                    20:ae:26:78:7f:c0:d2:7d:12:9b:e6:4d:9b:24:d3:
                    cb:6b:e7:a7:99:6d:0c:80:a4:a4:97:f5:d1:f1:24:
                    18:44:0f:02:b3:1b:4f:4e:fa:91:48:d7:af:65:eb:
                    57:a0:57:94:26:58:8b:a2:84:24:28:ed:06:72:1d:
                    f3:d6:2b:2d:b7:db:3c:cc:da:55:ee:0e:0c:6f:e4:
                    e2:2e:6d:56:b9:80:85:6f:bb:2d:fc:9c:07:99:75:
                    f3:90:f8:35:9c:70:c6:90:f0:1a:6c:ac:29:b2:a2:
                    40:54:f3:99:f1:a8:d2:86:70:72:d3:2a:d2:90:87:
                    8e:74:27:bb:1d:dc:70:67:ad:f5:70:9a:05:b0:d1:
                    20:e8:b7:3a:33:46:fc:97:d6:3d:37:5d:17:4c:d8:
                    b0:29:d6:82:8b:17:49:c8:39:56:9f:d8:ef:cf:e5:
                    b9:67:52:9f:35:2f:c4:75:db:42:ee:95:cc:99:e3:
                    d4:d0:3e:3b:4e:ed:46:17:e6:38:82:68:0c:6c:92:
                    ae:d7:91:8d:06:82:fa:03:15:87:42:ec:ed:8f:75:
                    25:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:E4:2D:E0:57:70:F8:C6:DD:D8:7D:A5:68:32:E1:F9:0B:69:4F:F0
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/KOQt4Fdw-Mbd2H2laDLh-QtpT_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:b0:07:70:d0:1a:47:db:d2:ee:10:08:42:8d:35:e6:fb:9e:
         cd:04:4c:90:aa:06:70:a0:c3:59:6c:d9:cf:dc:d7:18:a6:b2:
         1b:2c:39:db:68:66:02:df:01:55:4f:6b:8d:b0:80:5b:81:41:
         40:ef:a5:de:30:e4:b7:8e:c6:32:37:e2:bb:10:e4:e0:53:e6:
         38:cc:ca:ba:4b:91:76:65:43:28:f4:68:37:b5:2c:89:c9:cc:
         2e:3f:02:b6:12:9e:65:a6:6a:a8:72:93:18:2b:f6:4d:46:ec:
         64:e5:79:83:24:92:e2:29:d6:37:75:30:8b:ce:fc:13:2d:e1:
         91:ac:73:84:4f:5a:24:15:f4:2f:be:43:f7:55:a2:79:a0:f1:
         77:92:bd:8c:a1:d9:25:26:4b:25:ba:55:e8:20:9d:ba:97:2a:
         c7:59:89:0c:9c:93:ad:a0:4c:e6:96:c1:03:29:17:e3:a1:f5:
         2b:10:56:06:80:96:b9:53:59:ea:b0:87:36:f2:7c:1d:02:e3:
         ad:04:32:7a:e9:a8:f9:b1:f4:41:63:0c:3e:a0:48:7b:54:21:
         d2:89:b6:51:a9:3f:08:e1:c7:a0:23:cd:89:77:65:56:3d:0c:
         a8:e5:12:1f:cd:e1:46:15:b9:ce:48:5a:b1:ac:fb:9a:b4:98:
         21:53:98:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhZ5mjNd0GNwFM+wYKTXahcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjUwNzMwMDU1NTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGU0MmRlMDU3NzBmOGM2ZGRkODdkYTU2ODMyZTFmOTBiNjk0ZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJJTOwac1hOkWs3HIt9pDL3JVN+z
/Fd2gBq6DNJ5DfubtLJHt4+9tzwPTXIgriZ4f8DSfRKb5k2bJNPLa+enmW0MgKSk
l/XR8SQYRA8CsxtPTvqRSNevZetXoFeUJliLooQkKO0Gch3z1istt9s8zNpV7g4M
b+TiLm1WuYCFb7st/JwHmXXzkPg1nHDGkPAabKwpsqJAVPOZ8ajShnBy0yrSkIeO
dCe7HdxwZ631cJoFsNEg6Lc6M0b8l9Y9N10XTNiwKdaCixdJyDlWn9jvz+W5Z1Kf
NS/EddtC7pXMmePU0D47Tu1GF+Y4gmgMbJKu15GNBoL6AxWHQuztj3Ul1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjkLeBXcPjG3dh9pWgy4fkLaU/wMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvS09RdDRGZHctTWJkMkgybGFETGgtUXRwVF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqTBMA0G
CSqGSIb3DQEBCwUAA4IBAQBYsAdw0BpH29LuEAhCjTXm+57NBEyQqgZwoMNZbNnP
3NcYprIbLDnbaGYC3wFVT2uNsIBbgUFA76XeMOS3jsYyN+K7EOTgU+Y4zMq6S5F2
ZUMo9Gg3tSyJycwuPwK2Ep5lpmqocpMYK/ZNRuxk5XmDJJLiKdY3dTCLzvwTLeGR
rHOET1okFfQvvkP3VaJ5oPF3kr2ModklJkslulXoIJ26lyrHWYkMnJOtoEzmlsED
KRfjofUrEFYGgJa5U1nqsIc28nwdAuOtBDJ66aj5sfRBYww+oEh7VCHSibZRqT8I
4cegI82Jd2VWPQyo5RIfzeFGFbnOSFqxrPuatJghU5i2
-----END CERTIFICATE-----