Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/R7q2gktvFsNXXsx_b10S5ynAXaw.roa
File:                     R7q2gktvFsNXXsx_b10S5ynAXaw.roa (raw, json)
Hash identifier:          +bf2vfop1BjTPFaIwsRZHC/bhXQwlqn19Fh+mJR9npc=
Subject key identifier:   47:BA:B6:82:4B:6F:16:C3:57:5E:CC:7F:6F:5D:12:E7:29:C0:5D:AC
Certificate issuer:       /CN=69b7f3bf8e0a7b590a0ffaa1c9c0ac580a0b119e
Certificate serial:       0199E726DF581DE2FBE2DDAEE98F962D885E
Authority key identifier: 69:B7:F3:BF:8E:0A:7B:59:0A:0F:FA:A1:C9:C0:AC:58:0A:0B:11:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/abfzv44Ke1kKD_qhycCsWAoLEZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/R7q2gktvFsNXXsx_b10S5ynAXaw.roa
Signing time:             Wed 15 Oct 2025 09:15:08 +0000
ROA not before:           Wed 15 Oct 2025 09:15:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21013
IP address blocks:        91.210.140.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/abfzv44Ke1kKD_qhycCsWAoLEZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/abfzv44Ke1kKD_qhycCsWAoLEZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/abfzv44Ke1kKD_qhycCsWAoLEZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e7:26:df:58:1d:e2:fb:e2:dd:ae:e9:8f:96:2d:88:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69b7f3bf8e0a7b590a0ffaa1c9c0ac580a0b119e
        Validity
            Not Before: Oct 15 09:15:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47bab6824b6f16c3575ecc7f6f5d12e729c05dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a1:78:75:c1:20:6d:06:67:a2:14:0d:45:39:
                    1d:66:a4:71:a6:0b:e9:c7:7d:4f:a1:6d:89:56:12:
                    86:f5:2f:e7:ca:62:75:63:8b:11:ba:40:ae:ac:4e:
                    81:ea:55:21:22:18:34:65:22:a1:02:52:5e:90:16:
                    66:f5:5b:5c:ba:76:a9:20:52:6a:b5:bb:1e:e8:12:
                    bf:ef:aa:80:1b:e7:5f:ef:4c:70:9b:47:bc:bd:3a:
                    94:17:dd:55:c9:5c:84:c2:53:72:b4:44:8d:7a:f2:
                    54:95:c6:14:5c:93:ea:e9:3c:07:04:b5:b1:de:0e:
                    85:15:42:40:c2:4b:e2:cb:e7:8d:c2:0d:cd:15:6b:
                    aa:ea:92:51:da:7e:fc:68:31:69:16:64:5b:4a:9d:
                    b8:15:07:d8:91:dc:d9:93:ce:96:c8:a8:cb:8b:d2:
                    67:c8:da:de:3d:34:c2:ba:67:63:a1:55:2b:18:9d:
                    56:cf:d7:74:c8:fc:8e:68:ae:12:ef:2d:24:e3:fa:
                    73:4f:95:f6:0f:be:14:c4:f3:e9:3a:12:2a:d0:1b:
                    28:fa:0b:aa:85:49:78:88:b2:36:cf:e2:6f:55:9c:
                    9a:1e:4e:42:ab:9a:de:96:de:f4:96:64:31:c2:ff:
                    31:13:7d:ca:ad:93:fe:16:10:c8:9e:e3:2b:70:bd:
                    01:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BA:B6:82:4B:6F:16:C3:57:5E:CC:7F:6F:5D:12:E7:29:C0:5D:AC
            X509v3 Authority Key Identifier:
                keyid:69:B7:F3:BF:8E:0A:7B:59:0A:0F:FA:A1:C9:C0:AC:58:0A:0B:11:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/abfzv44Ke1kKD_qhycCsWAoLEZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/R7q2gktvFsNXXsx_b10S5ynAXaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/16d85f-85b5-42e3-ad9f-eec05f49ac86/1/abfzv44Ke1kKD_qhycCsWAoLEZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:8c:13:ac:34:85:54:9d:70:56:ea:d8:5c:26:92:1b:c0:2b:
         0b:94:71:e2:ab:ec:8b:b1:99:b5:c9:5a:0a:0a:c1:72:4e:7f:
         94:44:d6:70:cd:d5:b7:d8:c2:1a:d0:7b:72:ee:3c:4f:34:5c:
         51:b3:b5:8e:db:42:0f:e8:b3:4e:b9:0e:4a:42:ac:2e:bb:3c:
         e0:44:2a:fc:39:b2:0f:5e:36:db:c6:23:7d:dc:9c:6d:71:cb:
         39:c2:9c:d2:48:70:2b:70:4b:05:ae:69:82:15:46:bb:e5:c0:
         05:a9:be:42:db:e8:c6:d4:0c:e2:60:5a:66:52:7b:30:c0:89:
         13:ad:71:6c:e3:c8:d6:a8:46:65:47:4c:94:4b:f9:6a:55:fe:
         8a:fb:c5:c2:80:4a:7c:b3:03:5d:ce:bd:4a:80:bb:d1:8d:f0:
         e5:17:77:bd:90:f4:d2:a5:98:83:58:c6:a5:76:f0:71:48:dd:
         61:d8:b0:7e:46:8f:c3:0d:b3:99:e9:c7:c3:3b:6d:00:0a:ab:
         3b:74:1a:a7:9c:3c:73:fc:0e:c1:46:d7:c0:d0:e9:e6:8d:28:
         b9:75:5d:4f:4a:f9:fd:40:aa:8a:d5:64:d1:c2:f8:98:08:09:
         65:88:fa:9c:81:3e:c5:dd:39:13:c4:7f:50:58:8a:1e:ae:92:
         dc:28:9b:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnnJt9YHeL74t2u6Y+WLYheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YjdmM2JmOGUwYTdiNTkwYTBmZmFhMWM5YzBhYzU4MGEw
YjExOWUwHhcNMjUxMDE1MDkxNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JhYjY4MjRiNmYxNmMzNTc1ZWNjN2Y2ZjVkMTJlNzI5YzA1ZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKF4dcEgbQZnohQNRTkdZqRxpgvp
x31PoW2JVhKG9S/nymJ1Y4sRukCurE6B6lUhIhg0ZSKhAlJekBZm9VtcunapIFJq
tbse6BK/76qAG+df70xwm0e8vTqUF91VyVyEwlNytESNevJUlcYUXJPq6TwHBLWx
3g6FFUJAwkviy+eNwg3NFWuq6pJR2n78aDFpFmRbSp24FQfYkdzZk86WyKjLi9Jn
yNrePTTCumdjoVUrGJ1Wz9d0yPyOaK4S7y0k4/pzT5X2D74UxPPpOhIq0Bso+guq
hUl4iLI2z+JvVZyaHk5Cq5relt70lmQxwv8xE33KrZP+FhDInuMrcL0BWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEe6toJLbxbDV17Mf29dEucpwF2sMB8GA1UdIwQY
MBaAFGm387+OCntZCg/6ocnArFgKCxGeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWJmenY0NEtlMWtLRF9xaHljQ3NXQW9MRVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xNmQ4NWYtODViNS00MmUzLWFkOWYt
ZWVjMDVmNDlhYzg2LzEvUjdxMmdrdHZGc05YWHN4X2IxMFM1eW5BWGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xNmQ4NWYtODViNS00MmUzLWFkOWYtZWVjMDVmNDlhYzg2
LzEvYWJmenY0NEtlMWtLRF9xaHljQ3NXQW9MRVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9KMMA0G
CSqGSIb3DQEBCwUAA4IBAQAvjBOsNIVUnXBW6thcJpIbwCsLlHHiq+yLsZm1yVoK
CsFyTn+URNZwzdW32MIa0Hty7jxPNFxRs7WO20IP6LNOuQ5KQqwuuzzgRCr8ObIP
XjbbxiN93Jxtccs5wpzSSHArcEsFrmmCFUa75cAFqb5C2+jG1AziYFpmUnswwIkT
rXFs48jWqEZlR0yUS/lqVf6K+8XCgEp8swNdzr1KgLvRjfDlF3e9kPTSpZiDWMal
dvBxSN1h2LB+Ro/DDbOZ6cfDO20ACqs7dBqnnDxz/A7BRtfA0OnmjSi5dV1PSvn9
QKqK1WTRwviYCAlliPqcgT7F3TkTxH9QWIoerpLcKJu8
-----END CERTIFICATE-----