Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/nIGj6cCRVPA1M2NrgdI3HuOdqrQ.roa
File:                     nIGj6cCRVPA1M2NrgdI3HuOdqrQ.roa (raw, json)
Hash identifier:          AYOfi9knKrYVyGkEyMV/F9b+beX1mBx79YurnuuMQBs=
Subject key identifier:   9C:81:A3:E9:C0:91:54:F0:35:33:63:6B:81:D2:37:1E:E3:9D:AA:B4
Certificate issuer:       /CN=c0e1b8b7a1da640348493b9c6f4ead496e3861cf
Certificate serial:       019961F9C7DD22B994F4C8C2A7FDC4216C69
Authority key identifier: C0:E1:B8:B7:A1:DA:64:03:48:49:3B:9C:6F:4E:AD:49:6E:38:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOG4t6HaZANISTucb06tSW44Yc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/nIGj6cCRVPA1M2NrgdI3HuOdqrQ.roa
Signing time:             Fri 19 Sep 2025 12:36:23 +0000
ROA not before:           Fri 19 Sep 2025 12:36:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        62.164.204.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/wOG4t6HaZANISTucb06tSW44Yc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/wOG4t6HaZANISTucb06tSW44Yc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOG4t6HaZANISTucb06tSW44Yc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:61:f9:c7:dd:22:b9:94:f4:c8:c2:a7:fd:c4:21:6c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e1b8b7a1da640348493b9c6f4ead496e3861cf
        Validity
            Not Before: Sep 19 12:36:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c81a3e9c09154f03533636b81d2371ee39daab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6f:04:50:89:ee:a4:9c:01:1a:6a:8a:58:1b:
                    81:82:d7:ed:2b:d1:98:8c:0d:24:0c:c7:71:c2:d3:
                    11:7d:74:99:29:53:a9:f8:d3:87:11:4e:40:8b:f6:
                    66:47:42:70:22:b6:61:65:e5:a0:61:d7:a3:fd:5c:
                    84:56:ec:59:18:59:85:1b:1e:1a:ff:df:b7:08:86:
                    4e:ca:ad:63:d9:9c:c5:fc:a1:42:bf:bc:b4:33:e4:
                    ed:c3:34:7c:11:84:09:1c:b0:df:7a:e5:b5:ec:3e:
                    dc:0f:b5:b3:6c:1d:e0:05:3a:32:af:dd:31:8a:a4:
                    41:90:67:4c:fc:10:9e:d9:11:7b:2f:c4:73:d0:44:
                    38:61:a1:99:d2:13:3e:e9:3f:18:de:fb:b5:9a:3d:
                    ff:89:96:97:22:55:97:c9:50:4b:c8:e7:77:ce:8d:
                    96:b2:62:f1:68:92:96:ea:fa:26:71:56:98:fb:ce:
                    6b:bd:67:cd:3b:53:40:ee:79:fd:dc:46:9a:76:9d:
                    78:35:75:a0:e8:e9:01:9b:3c:e2:c4:87:9b:5d:f6:
                    aa:dd:00:37:57:08:30:5d:df:17:bf:14:a3:21:51:
                    2e:8c:b9:99:cb:43:85:2f:61:17:df:ca:bb:54:17:
                    a5:9c:49:66:21:00:bb:18:d1:a8:e5:8e:61:a3:9d:
                    00:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:81:A3:E9:C0:91:54:F0:35:33:63:6B:81:D2:37:1E:E3:9D:AA:B4
            X509v3 Authority Key Identifier:
                keyid:C0:E1:B8:B7:A1:DA:64:03:48:49:3B:9C:6F:4E:AD:49:6E:38:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOG4t6HaZANISTucb06tSW44Yc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/nIGj6cCRVPA1M2NrgdI3HuOdqrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/afced8-5c48-4740-a635-1611c90ba33b/1/wOG4t6HaZANISTucb06tSW44Yc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:cd:1e:70:46:a9:1e:80:1c:21:72:80:21:fb:e3:96:f9:b1:
         15:bd:35:72:fc:f8:22:ca:fe:12:50:68:49:ee:c3:35:e3:3d:
         8c:4c:d0:e2:ac:b9:e9:78:1d:b4:25:dd:79:a4:9b:1b:70:2b:
         55:c2:d6:1d:80:c0:bf:40:4c:58:f4:f4:d1:2d:8f:fa:c6:e6:
         89:90:a3:3f:2b:28:d7:cd:ae:d9:12:f9:17:c2:ea:18:c2:a4:
         70:7b:ad:c5:e0:b2:18:e7:da:4a:19:96:eb:25:9b:7f:55:ee:
         be:a9:4c:da:4e:c1:80:98:af:cd:2b:87:78:db:00:dc:a0:ab:
         c9:4b:64:f5:70:6a:cf:b4:d4:cd:a0:da:5a:b7:81:98:cb:f6:
         05:ee:70:d1:f2:fc:76:d9:59:66:7f:ed:0e:7e:3e:a7:68:ca:
         fe:80:62:c1:92:8b:4d:f7:9e:b0:6b:50:83:cf:7e:91:f2:30:
         b3:a0:10:28:09:3c:51:c0:35:e3:fe:a0:bf:68:7b:06:e0:36:
         fe:ab:49:74:da:cb:63:3b:94:dc:e5:b8:25:64:4b:7c:ee:58:
         e0:f6:16:b4:dd:0b:62:c8:9d:ea:81:a5:53:85:5c:68:7f:0a:
         ee:2b:78:ac:f3:e7:de:72:a7:e2:1b:a3:a3:54:74:cd:60:db:
         5d:be:93:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlh+cfdIrmU9MjCp/3EIWxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTFiOGI3YTFkYTY0MDM0ODQ5M2I5YzZmNGVhZDQ5NmUz
ODYxY2YwHhcNMjUwOTE5MTIzNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzgxYTNlOWMwOTE1NGYwMzUzMzYzNmI4MWQyMzcxZWUzOWRhYWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA428EUInupJwBGmqKWBuBgtftK9GY
jA0kDMdxwtMRfXSZKVOp+NOHEU5Ai/ZmR0JwIrZhZeWgYdej/VyEVuxZGFmFGx4a
/9+3CIZOyq1j2ZzF/KFCv7y0M+TtwzR8EYQJHLDfeuW17D7cD7WzbB3gBToyr90x
iqRBkGdM/BCe2RF7L8Rz0EQ4YaGZ0hM+6T8Y3vu1mj3/iZaXIlWXyVBLyOd3zo2W
smLxaJKW6vomcVaY+85rvWfNO1NA7nn93Eaadp14NXWg6OkBmzzixIebXfaq3QA3
VwgwXd8XvxSjIVEujLmZy0OFL2EX38q7VBelnElmIQC7GNGo5Y5ho50AtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyBo+nAkVTwNTNja4HSNx7jnaq0MB8GA1UdIwQY
MBaAFMDhuLeh2mQDSEk7nG9OrUluOGHPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09HNHQ2SGFaQU5JU1R1Y2IwNnRTVzQ0WWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hZmNlZDgtNWM0OC00NzQwLWE2MzUt
MTYxMWM5MGJhMzNiLzEvbklHajZjQ1JWUEExTTJOcmdkSTNIdU9kcXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hZmNlZDgtNWM0OC00NzQwLWE2MzUtMTYxMWM5MGJhMzNi
LzEvd09HNHQ2SGFaQU5JU1R1Y2IwNnRTVzQ0WWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPqTMMA0G
CSqGSIb3DQEBCwUAA4IBAQAUzR5wRqkegBwhcoAh++OW+bEVvTVy/Pgiyv4SUGhJ
7sM14z2MTNDirLnpeB20Jd15pJsbcCtVwtYdgMC/QExY9PTRLY/6xuaJkKM/KyjX
za7ZEvkXwuoYwqRwe63F4LIY59pKGZbrJZt/Ve6+qUzaTsGAmK/NK4d42wDcoKvJ
S2T1cGrPtNTNoNpat4GYy/YF7nDR8vx22Vlmf+0Ofj6naMr+gGLBkotN956wa1CD
z36R8jCzoBAoCTxRwDXj/qC/aHsG4Db+q0l02stjO5Tc5bglZEt87ljg9ha03Qti
yJ3qgaVThVxofwruK3is8+fecqfiG6OjVHTNYNtdvpOi
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:44 2025 by rpki-client