Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lRzYVb2NbPGy8-SOPLd691TFnnk.roa
File:                     lRzYVb2NbPGy8-SOPLd691TFnnk.roa (raw, json)
Hash identifier:          tdwTGZnp8RtUWEisnY3iwZ4EzkptbqNwDa9mhzccwOk=
Subject key identifier:   95:1C:D8:55:BD:8D:6C:F1:B2:F3:E4:8E:3C:B7:7A:F7:54:C5:9E:79
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0199C786BAFFF0D1C3760377E8ACD8DC154F
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lRzYVb2NbPGy8-SOPLd691TFnnk.roa
Signing time:             Thu 09 Oct 2025 05:51:59 +0000
ROA not before:           Thu 09 Oct 2025 05:51:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215230
IP address blocks:        81.181.64.0/24 maxlen: 24
                          81.181.188.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:86:ba:ff:f0:d1:c3:76:03:77:e8:ac:d8:dc:15:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Oct  9 05:51:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=951cd855bd8d6cf1b2f3e48e3cb77af754c59e79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0c:24:c9:61:23:2a:62:dd:70:c0:ac:8f:4a:
                    de:8d:b3:2e:f6:7a:77:a7:01:e1:ce:2d:12:2b:79:
                    e3:32:32:ad:6a:e2:43:be:dd:a8:ab:51:fb:26:03:
                    97:db:b9:71:e2:5d:a3:e9:53:a9:da:7d:5e:60:1b:
                    bb:6c:e6:9c:56:60:dc:c4:dc:6a:24:ad:12:8d:d0:
                    3a:ce:22:d6:ed:c8:b8:aa:50:aa:e3:bc:50:34:43:
                    27:a0:bb:b5:6b:06:7b:4c:1d:87:96:a3:1a:06:cf:
                    79:43:cb:01:b3:2a:06:9b:cc:45:33:40:21:1c:1f:
                    98:33:18:97:54:68:aa:92:08:9a:dd:35:09:74:22:
                    47:bc:f3:b4:8a:5b:92:dd:82:a4:74:27:a7:19:b6:
                    77:63:4b:4f:da:62:4c:d2:72:39:73:1e:fb:99:d6:
                    8f:d1:d8:48:b2:81:09:95:63:7c:11:67:d5:39:6e:
                    8b:f1:2b:2e:32:f2:8c:a8:83:90:22:a3:1e:f1:e2:
                    da:f6:85:c9:3c:b1:77:44:13:d4:bf:71:32:6b:4a:
                    5b:37:73:3b:10:b2:cd:d6:77:60:68:d4:5f:b6:21:
                    9a:05:e1:f3:6b:cf:f1:4d:86:9c:30:c3:2c:14:74:
                    e1:5b:48:d9:5f:f3:0f:b7:60:2d:d9:41:8e:c7:e8:
                    7b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:1C:D8:55:BD:8D:6C:F1:B2:F3:E4:8E:3C:B7:7A:F7:54:C5:9E:79
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lRzYVb2NbPGy8-SOPLd691TFnnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.64.0/24
                  81.181.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:6c:3e:11:ec:4b:c6:97:78:69:29:12:ca:30:c6:eb:3f:6e:
         f2:a6:fc:78:8c:e3:0f:db:99:05:fe:0e:bb:7d:89:09:20:99:
         fd:ad:67:98:a2:08:1e:f6:b9:5d:5e:a2:e8:0d:0e:e4:71:99:
         77:6a:c9:a0:f2:da:91:53:7b:a3:9c:b5:0d:e9:24:49:f4:47:
         f4:21:4b:2a:bf:85:bf:bf:1d:a7:d1:e6:f7:38:6f:37:8a:c1:
         2e:6a:a8:86:e2:43:05:f1:2e:4b:90:1d:05:eb:72:4d:5e:78:
         76:27:97:2d:28:39:44:34:8c:3c:8f:78:eb:27:45:11:5a:4d:
         cf:09:05:ed:73:06:86:20:14:98:39:f6:25:44:cc:b5:6f:2e:
         6e:71:24:c2:3a:7e:44:34:51:38:fb:7c:83:f8:96:72:a4:e7:
         a7:b1:5c:c4:d0:87:10:25:04:83:73:49:0a:1a:c4:6f:83:fa:
         7d:93:8f:e6:c3:20:e1:6d:22:01:25:6b:0e:21:af:37:14:e9:
         e0:2d:12:88:c5:ab:a9:45:35:fd:b7:c2:10:9f:24:a9:4b:7f:
         9b:a7:e9:89:8e:d4:66:dc:ea:5e:8a:f0:5f:60:6c:b3:a1:3f:
         3c:68:6b:6d:a3:33:28:90:d9:59:cc:94:7c:4c:07:5e:32:e3:
         c0:5e:c3:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnHhrr/8NHDdgN36KzY3BVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUxMDA5MDU1MTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTFjZDg1NWJkOGQ2Y2YxYjJmM2U0OGUzY2I3N2FmNzU0YzU5ZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugwkyWEjKmLdcMCsj0rejbMu9np3
pwHhzi0SK3njMjKtauJDvt2oq1H7JgOX27lx4l2j6VOp2n1eYBu7bOacVmDcxNxq
JK0SjdA6ziLW7ci4qlCq47xQNEMnoLu1awZ7TB2HlqMaBs95Q8sBsyoGm8xFM0Ah
HB+YMxiXVGiqkgia3TUJdCJHvPO0iluS3YKkdCenGbZ3Y0tP2mJM0nI5cx77mdaP
0dhIsoEJlWN8EWfVOW6L8SsuMvKMqIOQIqMe8eLa9oXJPLF3RBPUv3Eya0pbN3M7
ELLN1ndgaNRftiGaBeHza8/xTYacMMMsFHThW0jZX/MPt2At2UGOx+h7DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJUc2FW9jWzxsvPkjjy3evdUxZ55MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvbFJ6WVZiMk5iUEd5OC1TT1BMZDY5MVRGbm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUbVAAwQB
UbW8MA0GCSqGSIb3DQEBCwUAA4IBAQBfbD4R7EvGl3hpKRLKMMbrP27ypvx4jOMP
25kF/g67fYkJIJn9rWeYogge9rldXqLoDQ7kcZl3asmg8tqRU3ujnLUN6SRJ9Ef0
IUsqv4W/vx2n0eb3OG83isEuaqiG4kMF8S5LkB0F63JNXnh2J5ctKDlENIw8j3jr
J0URWk3PCQXtcwaGIBSYOfYlRMy1by5ucSTCOn5ENFE4+3yD+JZypOensVzE0IcQ
JQSDc0kKGsRvg/p9k4/mwyDhbSIBJWsOIa83FOngLRKIxaupRTX9t8IQnySpS3+b
p+mJjtRm3OpeivBfYGyzoT88aGttozMokNlZzJR8TAdeMuPAXsMP
-----END CERTIFICATE-----