Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/jUgC83mUmkAxVv1zYM8eVUl3B2I.roa
File:                     jUgC83mUmkAxVv1zYM8eVUl3B2I.roa (raw, json)
Hash identifier:          TbrVyz1F3Zucrk7JvzBEfW2HXuwxYmk5yt5FpTZUU0Q=
Subject key identifier:   8D:48:02:F3:79:94:9A:40:31:56:FD:73:60:CF:1E:55:49:77:07:62
Certificate issuer:       /CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
Certificate serial:       01992A2DBB208C77692877B6CF81751F5E27
Authority key identifier: 7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/jUgC83mUmkAxVv1zYM8eVUl3B2I.roa
Signing time:             Mon 08 Sep 2025 16:34:24 +0000
ROA not before:           Mon 08 Sep 2025 16:34:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        62.164.160.0/21 maxlen: 21
                          116.199.224.0/21 maxlen: 21
                          116.199.232.0/23 maxlen: 23
                          116.199.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2a:2d:bb:20:8c:77:69:28:77:b6:cf:81:75:1f:5e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
        Validity
            Not Before: Sep  8 16:34:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d4802f379949a403156fd7360cf1e5549770762
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:30:d6:87:6a:a8:65:e5:4d:c7:85:46:ef:73:
                    b1:14:78:55:b3:c2:e2:d8:21:98:90:b4:63:d5:0f:
                    6b:76:60:49:b6:72:76:1f:25:68:0d:21:25:f1:2b:
                    cc:cb:9f:f1:9a:36:c7:21:93:09:ca:00:ae:85:59:
                    1b:f5:ce:13:91:79:bc:37:4f:57:e9:28:0f:85:f6:
                    92:a9:0b:5b:51:f8:50:3e:0a:c5:84:d5:c0:aa:a4:
                    20:9a:c9:77:b1:8e:d3:13:c1:5e:be:9c:08:fb:37:
                    3a:cd:15:36:2b:19:b8:a0:0a:af:25:3f:17:48:49:
                    8d:c7:fa:6f:cc:68:07:08:26:de:38:30:05:e2:9d:
                    e4:d9:49:86:e9:ab:78:5f:bc:d1:27:0f:12:4f:40:
                    2b:ee:e5:b0:7d:7c:ed:ab:bf:c0:2c:2c:47:33:51:
                    b8:af:4d:cd:48:45:49:81:81:74:76:11:25:9f:99:
                    76:bc:ce:a3:48:e7:4a:80:70:59:ac:e3:ac:e4:64:
                    15:ee:d1:b2:b9:a1:8b:49:9f:d4:c5:7a:34:dd:f2:
                    9a:17:59:71:98:96:a1:e8:c2:1b:5f:d6:8a:20:0d:
                    bd:44:41:0c:88:c8:34:85:e6:4a:ee:c6:6b:9f:a3:
                    cd:41:85:96:a7:6d:f5:94:fc:e4:ea:2f:d7:56:a0:
                    14:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:48:02:F3:79:94:9A:40:31:56:FD:73:60:CF:1E:55:49:77:07:62
            X509v3 Authority Key Identifier:
                keyid:7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/jUgC83mUmkAxVv1zYM8eVUl3B2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.160.0/21
                  116.199.224.0-116.199.234.255

    Signature Algorithm: sha256WithRSAEncryption
         80:a2:37:a2:6e:fb:ac:35:c6:8f:42:f0:a2:77:6f:cd:6d:e4:
         af:f1:16:bd:d6:91:59:c7:36:20:a3:5a:6f:a4:38:30:1d:fd:
         77:6a:a9:d4:c8:a5:7e:77:1e:5f:10:de:34:0c:d8:2f:41:67:
         6d:a3:24:21:25:c4:36:7a:c9:59:bd:26:42:a5:99:99:8c:d7:
         4e:61:ea:dc:df:15:fc:c6:d6:ca:ee:7b:e4:22:9a:f1:45:b7:
         01:48:a7:dc:cd:de:d4:15:14:55:68:87:8e:53:b9:1b:bb:16:
         45:51:e9:7d:3d:a6:aa:bd:ec:12:5b:d7:8f:61:c1:57:ce:8b:
         81:01:3e:30:9f:a1:f4:f3:98:36:0b:db:5f:08:30:8c:3c:97:
         1b:13:fe:2a:af:fb:36:2b:f7:51:c0:ed:66:57:b2:52:ea:4c:
         bd:d6:cc:73:b7:33:17:c6:25:54:7a:49:a8:bf:26:99:40:9a:
         ff:9a:cf:3b:c9:d3:be:5d:8e:23:bb:64:17:b7:88:f1:10:60:
         c8:f5:33:9b:ae:08:36:d6:26:9d:66:b7:a6:bd:b7:3a:c7:d7:
         be:44:eb:55:a7:4e:90:27:41:45:3b:9f:a7:8d:0e:bc:46:fb:
         e7:80:50:d5:b8:2c:24:c7:3a:a0:41:1c:35:bf:0a:37:78:60:
         ff:40:8a:c6
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZkqLbsgjHdpKHe2z4F1H14nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZmI1NDQxZDhlZjhlNDFhYTI4ZGQ1MWNkZGU5MjU5NDNh
ZWY3ZmEwHhcNMjUwOTA4MTYzNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDQ4MDJmMzc5OTQ5YTQwMzE1NmZkNzM2MGNmMWU1NTQ5NzcwNzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zDWh2qoZeVNx4VG73OxFHhVs8Li
2CGYkLRj1Q9rdmBJtnJ2HyVoDSEl8SvMy5/xmjbHIZMJygCuhVkb9c4TkXm8N09X
6SgPhfaSqQtbUfhQPgrFhNXAqqQgmsl3sY7TE8FevpwI+zc6zRU2Kxm4oAqvJT8X
SEmNx/pvzGgHCCbeODAF4p3k2UmG6at4X7zRJw8ST0Ar7uWwfXztq7/ALCxHM1G4
r03NSEVJgYF0dhEln5l2vM6jSOdKgHBZrOOs5GQV7tGyuaGLSZ/UxXo03fKaF1lx
mJah6MIbX9aKIA29REEMiMg0heZK7sZrn6PNQYWWp231lPzk6i/XVqAUmwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFI1IAvN5lJpAMVb9c2DPHlVJdwdiMB8GA1UdIwQY
MBaAFHr7VEHY745BqijdUc3ekllDrvf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTIt
ZDg5NzNhY2FmNDFkLzEvalVnQzgzbVVta0F4VnYxellNOGVWVWwzQjJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTItZDg5NzNhY2FmNDFk
LzEvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDPqSgMAwD
BAV0x+ADBAB0x+owDQYJKoZIhvcNAQELBQADggEBAICiN6Ju+6w1xo9C8KJ3b81t
5K/xFr3WkVnHNiCjWm+kODAd/XdqqdTIpX53Hl8Q3jQM2C9BZ22jJCElxDZ6yVm9
JkKlmZmM105h6tzfFfzG1srue+QimvFFtwFIp9zN3tQVFFVoh45TuRu7FkVR6X09
pqq97BJb149hwVfOi4EBPjCfofTzmDYL218IMIw8lxsT/iqv+zYr91HA7WZXslLq
TL3WzHO3MxfGJVR6Sai/JplAmv+azzvJ075djiO7ZBe3iPEQYMj1M5uuCDbWJp1m
t6a9tzrH175E61WnTpAnQUU7n6eNDrxG++eAUNW4LCTHOqBBHDW/Cjd4YP9AisY=
-----END CERTIFICATE-----