Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/lREmYeBzk04tbp8GeH-LaDXphtg.roa
File:                     lREmYeBzk04tbp8GeH-LaDXphtg.roa (raw, json)
Hash identifier:          zft8RW61aCX4pWyWaUhcgfulMxE/7ocT5F98zoTjm/E=
Subject key identifier:   95:11:26:61:E0:73:93:4E:2D:6E:9F:06:78:7F:8B:68:35:E9:86:D8
Certificate issuer:       /CN=f521e174f84f7165961d41b68ea7262e28337d69
Certificate serial:       019940F3AD7E69A892C1C3D69372CA53A03F
Authority key identifier: F5:21:E1:74:F8:4F:71:65:96:1D:41:B6:8E:A7:26:2E:28:33:7D:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9SHhdPhPcWWWHUG2jqcmLigzfWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/lREmYeBzk04tbp8GeH-LaDXphtg.roa
Signing time:             Sat 13 Sep 2025 02:42:15 +0000
ROA not before:           Sat 13 Sep 2025 02:42:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.246.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/9SHhdPhPcWWWHUG2jqcmLigzfWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/9SHhdPhPcWWWHUG2jqcmLigzfWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9SHhdPhPcWWWHUG2jqcmLigzfWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:40:f3:ad:7e:69:a8:92:c1:c3:d6:93:72:ca:53:a0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f521e174f84f7165961d41b68ea7262e28337d69
        Validity
            Not Before: Sep 13 02:42:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95112661e073934e2d6e9f06787f8b6835e986d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d2:26:32:45:ea:20:23:99:98:21:39:d0:6a:
                    b4:f1:de:82:ad:2a:fc:a5:a2:66:5b:cd:6e:5d:02:
                    5a:0b:5b:b4:db:cf:bb:17:d8:ed:d0:c3:27:c0:05:
                    f7:93:c1:f8:78:6e:e0:06:91:99:5a:f6:0c:1e:ea:
                    c9:e2:a7:5d:fb:3c:f5:a5:21:8b:fc:ca:57:be:49:
                    f7:27:f3:18:eb:e9:57:e0:06:a2:80:22:6f:4b:8a:
                    c4:de:27:6f:0d:b7:e8:77:80:32:0d:d4:fe:67:cc:
                    1f:a5:99:4c:e8:7e:74:df:d3:14:80:40:c2:41:ca:
                    48:7b:1b:f9:fc:6b:30:ce:31:17:cb:ae:88:c4:c6:
                    41:fa:23:ec:e5:8c:b2:8c:15:35:0f:98:62:d0:59:
                    3f:05:4c:15:68:0b:2e:38:0e:b1:3e:2e:58:69:a4:
                    b5:f6:63:2e:d1:43:cc:1d:35:3f:4e:67:a6:ec:f5:
                    08:b3:ba:59:68:79:87:7a:7e:cd:b9:a9:04:cc:cf:
                    38:91:40:ab:d5:42:c4:ed:61:b7:c1:8e:ba:50:d3:
                    3f:10:f5:75:f1:39:24:ea:4f:7c:76:f0:9a:61:2e:
                    6f:20:88:d7:12:d7:6e:6d:1c:fa:f9:ac:1b:fd:e8:
                    6b:07:ef:dd:a1:dc:ff:4d:be:6a:2b:27:ef:b2:94:
                    69:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:11:26:61:E0:73:93:4E:2D:6E:9F:06:78:7F:8B:68:35:E9:86:D8
            X509v3 Authority Key Identifier:
                keyid:F5:21:E1:74:F8:4F:71:65:96:1D:41:B6:8E:A7:26:2E:28:33:7D:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9SHhdPhPcWWWHUG2jqcmLigzfWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/lREmYeBzk04tbp8GeH-LaDXphtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/d9a010-d5f7-4661-8d32-dd06111f3f96/1/9SHhdPhPcWWWHUG2jqcmLigzfWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:87:42:61:aa:02:fd:66:8f:52:f5:ab:07:84:86:a3:65:5f:
         c7:c4:ff:3d:4c:58:17:1e:fc:89:78:74:12:5a:6d:52:e8:41:
         b7:01:ea:57:38:e6:93:0c:ec:d2:fb:bd:20:93:93:e1:95:ea:
         97:2a:48:1f:b8:bb:9f:e3:97:2d:1e:57:89:1e:66:9f:c1:67:
         1b:1a:11:d1:3f:2e:b0:8e:e4:7b:59:1b:6d:ff:a2:4c:f6:e4:
         be:aa:4c:a7:f4:36:a5:9c:dc:60:08:b5:71:68:0f:b1:24:de:
         89:8e:1e:72:b7:48:d3:aa:b0:c7:40:66:ed:95:cd:3a:56:ae:
         b7:e2:6a:dd:c3:0f:b9:65:42:cb:fc:53:83:23:71:de:d8:37:
         6e:54:2d:f3:58:35:91:02:ff:40:f1:fb:35:0a:a4:16:6f:1e:
         ad:00:5e:18:04:c1:32:29:6c:89:65:42:f0:6c:1b:52:5c:d5:
         56:9c:b7:9e:d7:e0:b8:db:e3:cb:e1:dc:8d:68:ec:71:c0:42:
         a3:f1:b0:db:24:72:96:03:f2:a0:f7:e5:24:dc:03:26:db:05:
         3d:87:f7:f0:92:80:b1:c7:b6:a7:b6:fc:6e:f1:72:5d:b5:43:
         af:4d:68:9c:3a:cf:37:8d:27:1d:69:e3:e9:e7:3f:35:94:15:
         85:59:dd:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlA861+aaiSwcPWk3LKU6A/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MjFlMTc0Zjg0ZjcxNjU5NjFkNDFiNjhlYTcyNjJlMjgz
MzdkNjkwHhcNMjUwOTEzMDI0MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTExMjY2MWUwNzM5MzRlMmQ2ZTlmMDY3ODdmOGI2ODM1ZTk4NmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNImMkXqICOZmCE50Gq08d6CrSr8
paJmW81uXQJaC1u028+7F9jt0MMnwAX3k8H4eG7gBpGZWvYMHurJ4qdd+zz1pSGL
/MpXvkn3J/MY6+lX4AaigCJvS4rE3idvDbfod4AyDdT+Z8wfpZlM6H5039MUgEDC
QcpIexv5/GswzjEXy66IxMZB+iPs5YyyjBU1D5hi0Fk/BUwVaAsuOA6xPi5YaaS1
9mMu0UPMHTU/Tmem7PUIs7pZaHmHen7NuakEzM84kUCr1ULE7WG3wY66UNM/EPV1
8Tkk6k98dvCaYS5vIIjXEtdubRz6+awb/ehrB+/dodz/Tb5qKyfvspRpxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJURJmHgc5NOLW6fBnh/i2g16YbYMB8GA1UdIwQY
MBaAFPUh4XT4T3Fllh1Bto6nJi4oM31pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVNIaGRQaFBjV1dXSFVHMmpxY21MaWd6ZldrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9kOWEwMTAtZDVmNy00NjYxLThkMzIt
ZGQwNjExMWYzZjk2LzEvbFJFbVllQnprMDR0YnA4R2VILUxhRFhwaHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9kOWEwMTAtZDVmNy00NjYxLThkMzItZGQwNjExMWYzZjk2
LzEvOVNIaGRQaFBjV1dXSFVHMmpxY21MaWd6ZldrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufYrMA0G
CSqGSIb3DQEBCwUAA4IBAQCyh0JhqgL9Zo9S9asHhIajZV/HxP89TFgXHvyJeHQS
Wm1S6EG3AepXOOaTDOzS+70gk5PhleqXKkgfuLuf45ctHleJHmafwWcbGhHRPy6w
juR7WRtt/6JM9uS+qkyn9DalnNxgCLVxaA+xJN6Jjh5yt0jTqrDHQGbtlc06Vq63
4mrdww+5ZULL/FODI3He2DduVC3zWDWRAv9A8fs1CqQWbx6tAF4YBMEyKWyJZULw
bBtSXNVWnLee1+C42+PL4dyNaOxxwEKj8bDbJHKWA/Kg9+Uk3AMm2wU9h/fwkoCx
x7antvxu8XJdtUOvTWicOs83jScdaePp5z81lBWFWd0k
-----END CERTIFICATE-----