Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/vkMtx0iH2ditYOsc7bVpRJWZ70Q.roa
File:                     vkMtx0iH2ditYOsc7bVpRJWZ70Q.roa (raw, json)
Hash identifier:          7KAQHgMSezL1YcfEWojGi9XjUX3sRvjuf26EdqtBLpU=
Subject key identifier:   BE:43:2D:C7:48:87:D9:D8:AD:60:EB:1C:ED:B5:69:44:95:99:EF:44
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       01994DE7B89541C24ABBB34E0C6B3451CBEC
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/vkMtx0iH2ditYOsc7bVpRJWZ70Q.roa
Signing time:             Mon 15 Sep 2025 15:04:15 +0000
ROA not before:           Mon 15 Sep 2025 15:04:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213945
IP address blocks:        193.35.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4d:e7:b8:95:41:c2:4a:bb:b3:4e:0c:6b:34:51:cb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Sep 15 15:04:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be432dc74887d9d8ad60eb1cedb569449599ef44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a4:ae:b4:7a:66:96:95:0d:0a:4b:d9:2d:63:
                    77:8c:7a:41:ce:47:6c:05:3c:3a:9a:d5:7a:1c:47:
                    ce:f3:7f:7f:e9:56:3d:86:ce:61:00:3e:fa:b0:e1:
                    90:6a:15:b3:bb:8b:71:53:02:b7:68:e4:09:5c:d7:
                    9f:61:b8:a2:ed:d6:f6:65:33:11:56:b7:59:c6:2b:
                    3b:74:42:16:7f:12:03:2c:7a:ff:0c:9e:a0:72:99:
                    f7:7a:15:9d:a4:59:a3:72:c9:21:85:aa:5d:00:e3:
                    a9:0e:73:5a:41:57:e7:82:f4:7c:bf:47:0f:b5:a0:
                    49:62:da:23:a2:d3:c4:8c:bb:6e:3e:e9:58:86:77:
                    e5:f8:81:17:30:aa:15:e9:da:c8:7c:06:7c:b4:dc:
                    46:50:36:e4:94:85:a4:9d:c6:c6:71:34:0d:ed:0e:
                    d6:1e:09:e9:55:4d:75:cc:7f:2e:93:28:d4:c0:fe:
                    5b:45:81:80:0f:05:de:52:1a:e3:cb:35:4b:1e:86:
                    68:5b:f6:dc:f9:c2:26:ca:ab:14:2a:12:b1:f9:c6:
                    a3:5f:75:74:30:f0:43:ff:99:65:4c:bd:4d:ee:d7:
                    c1:c0:15:5c:f2:92:ee:77:8b:e7:81:38:ab:97:87:
                    91:86:ae:97:7a:cf:7b:75:47:e0:a3:38:f5:de:5b:
                    a1:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:43:2D:C7:48:87:D9:D8:AD:60:EB:1C:ED:B5:69:44:95:99:EF:44
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/vkMtx0iH2ditYOsc7bVpRJWZ70Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:4a:40:56:8b:1f:b0:81:ba:b2:6d:79:fa:69:ca:01:d3:b4:
         9e:de:28:be:c3:db:6a:98:91:c2:c9:f8:da:0f:15:ea:20:26:
         14:03:eb:0d:df:f5:72:91:fd:29:1a:e7:82:21:b7:63:63:ce:
         6f:d7:fa:aa:4c:7c:92:57:6f:39:24:ce:55:dd:9d:8e:4a:eb:
         cd:94:7c:42:e7:91:44:3b:9f:4c:00:58:2e:cf:18:c7:7e:f2:
         36:73:1e:e0:48:38:dc:ea:14:d3:d6:51:dd:74:86:e2:e4:bd:
         28:f4:7e:49:d8:8f:53:3c:ee:e2:3b:34:0a:72:1a:ea:61:80:
         7d:c9:a8:1f:ce:d4:0d:98:81:eb:83:f5:03:96:10:f4:39:21:
         24:13:a9:15:98:e4:e1:9b:03:bb:3a:66:8c:fe:aa:d2:10:94:
         f5:ef:ae:67:e4:c9:7b:1c:2e:f6:12:45:fe:0d:f1:da:a6:63:
         dc:f2:86:3e:78:d3:d2:31:e0:f0:8d:2f:e3:59:7c:d3:dd:6e:
         83:92:f3:bd:a4:80:9a:36:2a:82:7b:2f:13:4d:fe:31:c0:39:
         84:ea:75:61:c4:33:4d:b9:11:02:b0:4e:a3:bd:48:f1:9d:af:
         43:e6:71:1d:fd:fd:db:b8:0c:57:9e:ee:33:db:d1:64:18:5b:
         b7:13:54:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlN57iVQcJKu7NODGs0UcvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwOTE1MTUwNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQzMmRjNzQ4ODdkOWQ4YWQ2MGViMWNlZGI1Njk0NDk1OTllZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqSutHpmlpUNCkvZLWN3jHpBzkds
BTw6mtV6HEfO839/6VY9hs5hAD76sOGQahWzu4txUwK3aOQJXNefYbii7db2ZTMR
VrdZxis7dEIWfxIDLHr/DJ6gcpn3ehWdpFmjcskhhapdAOOpDnNaQVfngvR8v0cP
taBJYtojotPEjLtuPulYhnfl+IEXMKoV6drIfAZ8tNxGUDbklIWkncbGcTQN7Q7W
HgnpVU11zH8ukyjUwP5bRYGADwXeUhrjyzVLHoZoW/bc+cImyqsUKhKx+cajX3V0
MPBD/5llTL1N7tfBwBVc8pLud4vngTirl4eRhq6Xes97dUfgozj13luhNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5DLcdIh9nYrWDrHO21aUSVme9EMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvdmtNdHgwaUgyZGl0WU9zYzdiVnBSSldaNzBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSObMA0G
CSqGSIb3DQEBCwUAA4IBAQCTSkBWix+wgbqybXn6acoB07Se3ii+w9tqmJHCyfja
DxXqICYUA+sN3/Vykf0pGueCIbdjY85v1/qqTHySV285JM5V3Z2OSuvNlHxC55FE
O59MAFguzxjHfvI2cx7gSDjc6hTT1lHddIbi5L0o9H5J2I9TPO7iOzQKchrqYYB9
yagfztQNmIHrg/UDlhD0OSEkE6kVmOThmwO7OmaM/qrSEJT1765n5Ml7HC72EkX+
DfHapmPc8oY+eNPSMeDwjS/jWXzT3W6DkvO9pICaNiqCey8TTf4xwDmE6nVhxDNN
uRECsE6jvUjxna9D5nEd/f3buAxXnu4z29FkGFu3E1Rs
-----END CERTIFICATE-----