Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/2fxk-csv6V5rX-CMe_DFR8a4JVM.roa
File:                     2fxk-csv6V5rX-CMe_DFR8a4JVM.roa (raw, json)
Hash identifier:          aLAVdijVROuQTvAqCbXuXEZ8OKPl15hM/XdRngnEREE=
Subject key identifier:   D9:FC:64:F9:CB:2F:E9:5E:6B:5F:E0:8C:7B:F0:C5:47:C6:B8:25:53
Certificate issuer:       /CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
Certificate serial:       0198CBDDAE4F3C433731861CF7CA4980C814
Authority key identifier: FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/2fxk-csv6V5rX-CMe_DFR8a4JVM.roa
Signing time:             Thu 21 Aug 2025 09:02:39 +0000
ROA not before:           Thu 21 Aug 2025 09:02:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43180
IP address blocks:        91.239.77.0/24 maxlen: 24
                          213.111.158.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:dd:ae:4f:3c:43:37:31:86:1c:f7:ca:49:80:c8:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
        Validity
            Not Before: Aug 21 09:02:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9fc64f9cb2fe95e6b5fe08c7bf0c547c6b82553
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:43:c6:ba:66:c9:60:ad:06:96:1a:6b:18:a6:
                    f7:74:24:ab:ea:07:e8:ba:51:1b:7e:22:35:7b:f6:
                    dd:e1:be:bb:26:b8:b9:79:ca:e1:65:e0:81:36:01:
                    b1:8d:35:8c:88:56:88:53:34:c4:7a:be:84:21:11:
                    18:a6:5d:b0:b6:3e:01:87:d9:99:ee:d2:18:2d:41:
                    24:88:67:ab:26:e7:84:d9:93:5a:fc:91:76:05:69:
                    b5:7e:65:9a:2f:19:58:aa:54:7e:72:75:82:b6:30:
                    ff:fa:f1:6c:e9:0f:f0:1f:e4:a4:3a:7e:65:87:0d:
                    12:04:0f:3e:0d:77:f3:59:94:97:91:7c:bc:72:ec:
                    a0:5d:88:5b:ae:51:81:ce:ee:8e:c5:67:1c:83:64:
                    99:55:36:a9:c9:4d:18:37:1d:e4:01:07:e1:4a:12:
                    91:db:82:9c:81:ab:e5:a7:a1:6b:62:22:65:37:84:
                    0d:51:0d:a3:ab:84:1a:da:39:03:02:bd:96:1a:72:
                    aa:66:fb:21:20:ec:4d:7e:0b:a9:f3:bb:9b:50:1c:
                    92:a1:03:f0:ad:cf:3c:16:4b:05:ec:87:af:a3:e5:
                    15:cd:32:fa:ce:47:6f:e7:38:7b:c3:2f:d9:e5:43:
                    4b:fd:f6:f7:af:ae:13:d1:d8:9c:2f:36:1e:71:cc:
                    a2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:FC:64:F9:CB:2F:E9:5E:6B:5F:E0:8C:7B:F0:C5:47:C6:B8:25:53
            X509v3 Authority Key Identifier:
                keyid:FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/2fxk-csv6V5rX-CMe_DFR8a4JVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.77.0/24
                  213.111.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:06:fe:6d:a4:aa:32:1b:d6:55:9b:08:a3:5b:41:96:8a:7e:
         5c:21:45:ff:be:22:05:72:7d:78:d0:0a:13:dd:3b:46:9b:69:
         01:bf:51:3c:df:c4:45:7a:89:2f:75:e6:f0:7b:d5:ad:52:e6:
         3a:20:ac:52:6c:90:3b:34:fe:c2:dc:d9:3f:08:e0:c6:cb:08:
         9c:64:c3:73:49:56:b8:eb:68:d3:82:c5:84:bf:06:97:84:a8:
         c3:06:0d:42:21:2c:c8:0c:dc:04:4a:3b:82:35:c3:6d:f8:77:
         92:f9:8a:e0:b4:e9:a8:e0:c5:15:c8:4b:83:29:ff:45:60:c8:
         05:a3:ca:e3:77:88:eb:d0:1b:c1:a6:63:50:9f:50:42:fe:70:
         64:2e:82:40:a7:23:83:9d:e7:f9:72:b2:88:5d:f1:61:96:6b:
         2b:94:32:1f:de:b0:42:54:5c:02:b4:4a:57:c3:d8:e5:49:a0:
         aa:ec:63:ab:89:9c:3d:98:42:6e:98:72:c8:84:94:af:40:ca:
         09:18:94:b6:2e:8f:3d:d7:46:16:36:90:6c:6d:9e:9a:69:44:
         d9:97:56:e6:62:1c:25:f4:67:88:87:f4:02:b2:5b:95:31:fb:
         eb:2d:34:bf:08:50:7e:8f:3f:bf:b2:fb:3b:48:d1:f5:81:0f:
         49:eb:fb:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjL3a5PPEM3MYYc98pJgMgUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmN2Q4YTc5YmFkNGY5ODNkMGM0OTg5NWFmNTBlYThhMDNl
YmM3MGQwHhcNMjUwODIxMDkwMjM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWZjNjRmOWNiMmZlOTVlNmI1ZmUwOGM3YmYwYzU0N2M2YjgyNTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0PGumbJYK0GlhprGKb3dCSr6gfo
ulEbfiI1e/bd4b67Jri5ecrhZeCBNgGxjTWMiFaIUzTEer6EIREYpl2wtj4Bh9mZ
7tIYLUEkiGerJueE2ZNa/JF2BWm1fmWaLxlYqlR+cnWCtjD/+vFs6Q/wH+SkOn5l
hw0SBA8+DXfzWZSXkXy8cuygXYhbrlGBzu6OxWccg2SZVTapyU0YNx3kAQfhShKR
24Kcgavlp6FrYiJlN4QNUQ2jq4Qa2jkDAr2WGnKqZvshIOxNfgup87ubUBySoQPw
rc88FksF7Ievo+UVzTL6zkdv5zh7wy/Z5UNL/fb3r64T0dicLzYeccyiiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNn8ZPnLL+lea1/gjHvwxUfGuCVTMB8GA1UdIwQY
MBaAFP99inm61PmD0MSYla9Q6ooD68cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2Mt
MDg3M2UzOTk0ZDBlLzEvMmZ4ay1jc3Y2VjVyWC1DTWVfREZSOGE0SlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2MtMDg3M2UzOTk0ZDBl
LzEvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+9NAwQB
1W+eMA0GCSqGSIb3DQEBCwUAA4IBAQCOBv5tpKoyG9ZVmwijW0GWin5cIUX/viIF
cn140AoT3TtGm2kBv1E838RFeokvdebwe9WtUuY6IKxSbJA7NP7C3Nk/CODGywic
ZMNzSVa462jTgsWEvwaXhKjDBg1CISzIDNwESjuCNcNt+HeS+YrgtOmo4MUVyEuD
Kf9FYMgFo8rjd4jr0BvBpmNQn1BC/nBkLoJApyODnef5crKIXfFhlmsrlDIf3rBC
VFwCtEpXw9jlSaCq7GOriZw9mEJumHLIhJSvQMoJGJS2Lo8910YWNpBsbZ6aaUTZ
l1bmYhwl9GeIh/QCsluVMfvrLTS/CFB+jz+/svs7SNH1gQ9J6/ug
-----END CERTIFICATE-----