Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/o6Df57wPEW_mMSWXqhmbUzWM-Tw.roa
File:                     o6Df57wPEW_mMSWXqhmbUzWM-Tw.roa (raw, json)
Hash identifier:          XaRxY66ijEsPFeO9Qxy1APcchEXB8vr83lhiiBObI6s=
Subject key identifier:   A3:A0:DF:E7:BC:0F:11:6F:E6:31:25:97:AA:19:9B:53:35:8C:F9:3C
Certificate issuer:       /CN=f7bed33ff01e8e09dc4fedcd01139c0e77854aae
Certificate serial:       0199DED979A4484A77BD2A9318F651DBF1E4
Authority key identifier: F7:BE:D3:3F:F0:1E:8E:09:DC:4F:ED:CD:01:13:9C:0E:77:85:4A:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/977TP_AejgncT-3NAROcDneFSq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/o6Df57wPEW_mMSWXqhmbUzWM-Tw.roa
Signing time:             Mon 13 Oct 2025 18:33:38 +0000
ROA not before:           Mon 13 Oct 2025 18:33:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57152
IP address blocks:        185.70.85.0/24 maxlen: 24
                          185.70.86.0/24 maxlen: 24
                          185.70.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/977TP_AejgncT-3NAROcDneFSq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/977TP_AejgncT-3NAROcDneFSq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/977TP_AejgncT-3NAROcDneFSq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:de:d9:79:a4:48:4a:77:bd:2a:93:18:f6:51:db:f1:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7bed33ff01e8e09dc4fedcd01139c0e77854aae
        Validity
            Not Before: Oct 13 18:33:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3a0dfe7bc0f116fe6312597aa199b53358cf93c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:bb:35:21:cd:01:6f:16:e9:36:13:53:22:f4:
                    99:c0:a4:5f:aa:0a:06:b4:8e:12:4f:6f:c1:c7:70:
                    45:52:23:46:9b:32:5d:ca:ae:f3:08:1e:8d:58:40:
                    50:af:48:e7:c7:83:99:d3:7b:e5:70:5d:39:92:17:
                    21:74:80:47:1f:10:5b:78:2e:45:d1:72:c8:df:18:
                    12:77:cb:67:e0:bc:a7:b5:c0:14:7f:92:67:18:94:
                    8d:e6:82:5d:50:b8:34:e5:19:50:60:f8:13:90:77:
                    7c:fe:86:2d:9f:78:f4:27:83:77:ea:32:f8:27:aa:
                    cc:c8:d8:b0:c9:4c:3c:ad:98:46:6b:09:07:8f:7c:
                    72:58:87:51:ab:56:9e:59:32:14:99:b3:ae:f7:33:
                    61:d3:e0:fe:da:6a:88:b5:10:06:83:ee:7e:e3:1e:
                    b6:b8:fc:66:56:b5:8f:17:d7:29:6a:19:c5:92:7b:
                    28:8e:bf:9a:c5:97:c9:e2:02:1a:49:b4:0a:a6:f4:
                    92:47:88:2c:31:cd:f6:f2:30:00:c6:81:01:31:62:
                    f9:3a:ec:ef:32:84:c0:e5:36:8b:7f:1c:b5:ce:65:
                    c1:78:e0:e1:7f:89:cb:41:5b:a4:1d:92:d5:0c:f6:
                    0b:fe:28:ee:9e:cd:ba:46:56:25:92:89:2a:4e:de:
                    83:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A0:DF:E7:BC:0F:11:6F:E6:31:25:97:AA:19:9B:53:35:8C:F9:3C
            X509v3 Authority Key Identifier:
                keyid:F7:BE:D3:3F:F0:1E:8E:09:DC:4F:ED:CD:01:13:9C:0E:77:85:4A:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/977TP_AejgncT-3NAROcDneFSq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/o6Df57wPEW_mMSWXqhmbUzWM-Tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5a6d01-a375-4e11-871e-99e6141de7f1/1/977TP_AejgncT-3NAROcDneFSq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.85.0-185.70.87.255

    Signature Algorithm: sha256WithRSAEncryption
         2c:9b:9a:f0:8c:8a:7c:68:82:c9:76:37:a3:85:85:6a:31:97:
         9e:23:71:3f:28:b5:c2:6d:45:69:96:ea:77:39:74:6c:43:a4:
         37:07:3b:d5:51:d4:d2:69:84:33:94:5e:61:ad:6a:76:04:e8:
         fd:8a:e0:6c:b0:76:24:b2:7a:02:5c:25:3a:6f:93:25:86:c3:
         ee:1d:c9:0c:d7:11:85:83:18:8e:44:f3:65:b8:ff:96:74:f5:
         f4:35:c1:b8:95:73:26:b8:d8:37:8a:e8:f4:79:56:eb:3b:74:
         ed:d6:b6:85:58:50:22:f6:ee:8d:91:c5:44:89:4d:10:c4:7a:
         0e:9f:9e:f3:8a:9b:70:32:10:d6:65:d3:1c:e8:77:87:cc:04:
         79:38:13:f8:ab:23:ba:8b:ef:8d:77:44:81:89:8e:2d:bc:ba:
         65:02:6c:26:26:d1:b4:7d:e9:d9:9c:58:51:38:d5:e6:6a:3f:
         64:76:30:13:e3:92:5b:3f:be:36:cd:7b:01:f0:e4:89:7a:ba:
         cb:54:a8:bb:fa:1f:fc:ab:5e:5b:34:b3:da:d0:a6:62:7a:c7:
         16:4a:50:53:64:fe:92:1f:a8:7a:ee:dd:31:76:df:a8:2d:3c:
         ec:1b:74:bb:b0:f9:31:9d:7e:ce:4d:31:d2:3c:2f:3c:59:e6:
         43:e8:15:93
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZne2XmkSEp3vSqTGPZR2/HkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YmVkMzNmZjAxZThlMDlkYzRmZWRjZDAxMTM5YzBlNzc4
NTRhYWUwHhcNMjUxMDEzMTgzMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2EwZGZlN2JjMGYxMTZmZTYzMTI1OTdhYTE5OWI1MzM1OGNmOTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrs1Ic0BbxbpNhNTIvSZwKRfqgoG
tI4ST2/Bx3BFUiNGmzJdyq7zCB6NWEBQr0jnx4OZ03vlcF05khchdIBHHxBbeC5F
0XLI3xgSd8tn4LyntcAUf5JnGJSN5oJdULg05RlQYPgTkHd8/oYtn3j0J4N36jL4
J6rMyNiwyUw8rZhGawkHj3xyWIdRq1aeWTIUmbOu9zNh0+D+2mqItRAGg+5+4x62
uPxmVrWPF9cpahnFknsojr+axZfJ4gIaSbQKpvSSR4gsMc328jAAxoEBMWL5Ouzv
MoTA5TaLfxy1zmXBeODhf4nLQVukHZLVDPYL/ijuns26RlYlkokqTt6DewIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKOg3+e8DxFv5jEll6oZm1M1jPk8MB8GA1UdIwQY
MBaAFPe+0z/wHo4J3E/tzQETnA53hUquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTc3VFBfQWVqZ25jVC0zTkFST2NEbmVGU3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81YTZkMDEtYTM3NS00ZTExLTg3MWUt
OTllNjE0MWRlN2YxLzEvbzZEZjU3d1BFV19tTVNXWHFobWJVeldNLVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81YTZkMDEtYTM3NS00ZTExLTg3MWUtOTllNjE0MWRlN2Yx
LzEvOTc3VFBfQWVqZ25jVC0zTkFST2NEbmVGU3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5RlUD
BAO5RlAwDQYJKoZIhvcNAQELBQADggEBACybmvCMinxogsl2N6OFhWoxl54jcT8o
tcJtRWmW6nc5dGxDpDcHO9VR1NJphDOUXmGtanYE6P2K4GywdiSyegJcJTpvkyWG
w+4dyQzXEYWDGI5E82W4/5Z09fQ1wbiVcya42DeK6PR5Vus7dO3WtoVYUCL27o2R
xUSJTRDEeg6fnvOKm3AyENZl0xzod4fMBHk4E/irI7qL7413RIGJji28umUCbCYm
0bR96dmcWFE41eZqP2R2MBPjkls/vjbNewHw5Il6ustUqLv6H/yrXls0s9rQpmJ6
xxZKUFNk/pIfqHru3TF236gtPOwbdLuw+TGdfs5NMdI8LzxZ5kPoFZM=
-----END CERTIFICATE-----