Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/pSyaNNQfHIxFiSnrATHPuSm-jfo.roa
File:                     pSyaNNQfHIxFiSnrATHPuSm-jfo.roa (raw, json)
Hash identifier:          OeYszJRRDpsrfoggTZzuEZA5/POYAPXra4Ky725R5xQ=
Subject key identifier:   A5:2C:9A:34:D4:1F:1C:8C:45:89:29:EB:01:31:CF:B9:29:BE:8D:FA
Certificate issuer:       /CN=15ffa042114301368b4069abd68a1efbac47fdce
Certificate serial:       0199F767CD310D70312CD82C30664352BE8E
Authority key identifier: 15:FF:A0:42:11:43:01:36:8B:40:69:AB:D6:8A:1E:FB:AC:47:FD:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/pSyaNNQfHIxFiSnrATHPuSm-jfo.roa
Signing time:             Sat 18 Oct 2025 12:59:58 +0000
ROA not before:           Sat 18 Oct 2025 12:59:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29357
IP address blocks:        83.96.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f7:67:cd:31:0d:70:31:2c:d8:2c:30:66:43:52:be:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15ffa042114301368b4069abd68a1efbac47fdce
        Validity
            Not Before: Oct 18 12:59:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a52c9a34d41f1c8c458929eb0131cfb929be8dfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:56:e5:1a:d5:27:18:a2:fa:21:cf:80:d8:90:
                    e4:81:cf:58:3e:61:a6:84:51:32:60:10:0f:16:04:
                    9e:58:dd:07:b6:97:49:4e:a4:2c:29:70:a4:08:57:
                    fa:52:63:79:90:15:94:2d:9c:57:c1:82:b4:c7:4e:
                    9a:c7:ac:85:8b:4b:86:2f:41:7a:d4:0c:9d:70:fc:
                    12:1d:0b:b6:ab:5a:25:50:2a:d0:d1:76:61:0c:a5:
                    4e:0c:c6:c8:fe:34:6f:9d:5f:ee:90:4e:3d:96:bf:
                    aa:24:d0:14:55:75:0b:6c:35:b3:3d:f2:84:64:f6:
                    60:ed:ad:9a:62:c6:0b:0c:2e:6a:d6:90:e7:78:a0:
                    b5:b6:b3:b3:ef:2f:68:fd:61:bf:6e:72:6f:f6:7c:
                    77:22:d3:39:e5:5d:df:5f:d3:61:ac:99:20:f5:1f:
                    76:00:7f:7e:f1:56:e8:21:9c:f5:4c:0d:08:fb:b1:
                    3f:38:b8:77:02:16:60:40:a3:4e:78:06:0d:22:30:
                    d1:48:81:e7:3f:e2:d4:f5:61:6a:5b:35:27:be:5d:
                    18:86:4f:19:27:3a:8f:f3:26:2d:bc:93:03:23:21:
                    51:44:96:48:b6:f7:cb:28:53:e4:11:c2:9c:d7:c7:
                    ac:da:99:08:a9:50:e8:9a:03:14:5b:fb:81:c4:c8:
                    0d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:2C:9A:34:D4:1F:1C:8C:45:89:29:EB:01:31:CF:B9:29:BE:8D:FA
            X509v3 Authority Key Identifier:
                keyid:15:FF:A0:42:11:43:01:36:8B:40:69:AB:D6:8A:1E:FB:AC:47:FD:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/pSyaNNQfHIxFiSnrATHPuSm-jfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.96.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:61:e6:ad:88:04:24:63:79:dd:a1:d9:68:37:8a:37:65:1a:
         10:06:45:d1:88:d2:dc:1b:dc:3c:b4:5e:e9:95:72:5e:ad:50:
         9f:a3:cc:4d:a8:1e:67:45:11:dd:e8:5e:9d:22:c1:68:4c:7f:
         ec:13:f1:47:bf:f4:63:b6:07:e3:1c:fe:73:d9:80:1e:5c:73:
         ae:97:60:1d:4a:fe:b6:86:50:64:51:e3:c7:7f:f4:94:d9:c8:
         08:ca:8f:72:5a:dd:51:ec:13:ff:75:35:20:d8:13:f0:bc:80:
         56:3d:ee:e7:51:24:de:4b:90:9e:30:4f:29:49:03:8a:55:bb:
         94:18:25:94:d1:2b:6c:3d:e7:21:d4:ab:a8:e4:91:6b:7a:b4:
         ff:57:8e:37:71:7b:da:03:48:3e:ba:a1:61:2e:2b:f3:5a:a7:
         9a:cd:39:01:f6:36:63:f8:25:88:9c:d3:6c:70:55:b2:aa:6b:
         b2:20:c5:49:4d:b4:7b:b7:69:21:e2:b6:99:a7:58:d3:6e:7b:
         08:4c:70:c6:87:04:1d:85:b4:b5:ad:ad:f3:94:24:57:cf:91:
         2e:d3:fd:01:52:79:f1:ef:35:ae:f1:46:b5:32:26:5e:ba:a3:
         8a:6f:6e:dd:bd:af:d8:65:e6:b8:f3:b0:89:fa:d9:87:28:44:
         40:58:09:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn3Z80xDXAxLNgsMGZDUr6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZmZhMDQyMTE0MzAxMzY4YjQwNjlhYmQ2OGExZWZiYWM0
N2ZkY2UwHhcNMjUxMDE4MTI1OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTJjOWEzNGQ0MWYxYzhjNDU4OTI5ZWIwMTMxY2ZiOTI5YmU4ZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1blGtUnGKL6Ic+A2JDkgc9YPmGm
hFEyYBAPFgSeWN0HtpdJTqQsKXCkCFf6UmN5kBWULZxXwYK0x06ax6yFi0uGL0F6
1AydcPwSHQu2q1olUCrQ0XZhDKVODMbI/jRvnV/ukE49lr+qJNAUVXULbDWzPfKE
ZPZg7a2aYsYLDC5q1pDneKC1trOz7y9o/WG/bnJv9nx3ItM55V3fX9NhrJkg9R92
AH9+8VboIZz1TA0I+7E/OLh3AhZgQKNOeAYNIjDRSIHnP+LU9WFqWzUnvl0Yhk8Z
JzqP8yYtvJMDIyFRRJZItvfLKFPkEcKc18es2pkIqVDomgMUW/uBxMgN5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUsmjTUHxyMRYkp6wExz7kpvo36MB8GA1UdIwQY
MBaAFBX/oEIRQwE2i0Bpq9aKHvusR/3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmYtZ1FoRkRBVGFMUUdtcjFvb2UtNnhIX2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8xNDliYzUtNTFhYS00ZTdiLThmMDMt
YjczYTM2ZDkzOWIyLzEvcFN5YU5OUWZISXhGaVNuckFUSFB1U20tamZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8xNDliYzUtNTFhYS00ZTdiLThmMDMtYjczYTM2ZDkzOWIy
LzEvRmYtZ1FoRkRBVGFMUUdtcjFvb2UtNnhIX2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU2AwMA0G
CSqGSIb3DQEBCwUAA4IBAQAXYeatiAQkY3ndodloN4o3ZRoQBkXRiNLcG9w8tF7p
lXJerVCfo8xNqB5nRRHd6F6dIsFoTH/sE/FHv/RjtgfjHP5z2YAeXHOul2AdSv62
hlBkUePHf/SU2cgIyo9yWt1R7BP/dTUg2BPwvIBWPe7nUSTeS5CeME8pSQOKVbuU
GCWU0StsPech1Kuo5JFrerT/V443cXvaA0g+uqFhLivzWqeazTkB9jZj+CWInNNs
cFWyqmuyIMVJTbR7t2kh4raZp1jTbnsITHDGhwQdhbS1ra3zlCRXz5Eu0/0BUnnx
7zWu8Ua1MiZeuqOKb27dva/YZea487CJ+tmHKERAWAlg
-----END CERTIFICATE-----