Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/taeDw9RW8HvsYXrOqqTDJ80VR30.roa
File:                     taeDw9RW8HvsYXrOqqTDJ80VR30.roa (raw, json)
Hash identifier:          1W3/AMRkO5ZrM8JjZnDlNP0Qz3/F1UlCB8epuYiTNf0=
Subject key identifier:   B5:A7:83:C3:D4:56:F0:7B:EC:61:7A:CE:AA:A4:C3:27:CD:15:47:7D
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       0199CE861820738746A364D7F126C2367A9F
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/taeDw9RW8HvsYXrOqqTDJ80VR30.roa
Signing time:             Fri 10 Oct 2025 14:28:38 +0000
ROA not before:           Fri 10 Oct 2025 14:28:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        144.56.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:86:18:20:73:87:46:a3:64:d7:f1:26:c2:36:7a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Oct 10 14:28:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5a783c3d456f07bec617aceaaa4c327cd15477d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:74:d7:b9:89:5e:d1:0e:fa:bb:8a:3d:ce:93:
                    f0:48:73:a5:a8:f2:5c:7d:f6:cc:6f:21:92:07:2f:
                    e2:a3:c1:22:26:3f:ce:37:03:c7:84:5b:42:9a:c1:
                    fa:8d:f2:ed:ba:76:3f:dd:0b:1b:7a:b1:59:c9:35:
                    40:b8:8f:58:01:90:28:50:12:b4:aa:ce:5b:af:37:
                    89:56:ff:ee:6b:c2:ad:99:e1:20:9d:fd:72:c7:e8:
                    49:46:96:9a:c2:14:4e:da:9e:6f:11:a9:e4:ee:ac:
                    b0:e7:f1:f9:61:14:4c:4a:ff:91:e6:56:1c:01:49:
                    98:36:bc:07:bd:b5:96:2f:82:ad:d2:84:9b:d9:bd:
                    ed:e4:5e:3a:78:f4:5f:3c:df:e5:15:3c:07:71:6d:
                    5d:1a:fe:b9:07:58:5c:2e:47:6c:0a:d7:a3:f8:21:
                    1e:e2:91:98:e0:56:e2:ed:96:a0:8b:32:01:c2:94:
                    db:60:45:29:78:d0:ea:46:4e:cc:00:53:57:d1:81:
                    e6:a3:c3:75:e7:f0:3d:a1:39:ed:29:5c:3b:5d:c5:
                    42:86:bf:af:f4:e5:27:a8:7a:6b:3b:f2:b4:c1:63:
                    ad:1f:44:26:32:f6:7a:68:6b:c3:d2:27:72:48:00:
                    02:38:7e:c3:31:c7:0c:76:f3:a1:7d:f7:6a:40:db:
                    26:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:A7:83:C3:D4:56:F0:7B:EC:61:7A:CE:AA:A4:C3:27:CD:15:47:7D
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/taeDw9RW8HvsYXrOqqTDJ80VR30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:3e:b6:78:75:ac:36:87:6b:f0:e2:c9:a1:9e:a8:ea:0c:65:
         ff:da:6c:43:d4:7a:2a:8a:1b:dd:63:13:a9:4b:43:3b:8f:87:
         7b:62:b9:6b:bd:0d:c5:81:ae:e9:d3:3d:87:a2:89:c4:d9:28:
         be:74:d6:7a:24:ea:74:dc:23:7e:54:2a:69:31:a2:d0:7c:45:
         e6:67:a3:45:c9:c8:c7:5e:84:62:a6:d5:9b:83:45:1e:1e:40:
         f3:5e:5d:a4:88:ce:02:55:91:c6:52:f5:d0:17:53:71:db:05:
         c2:7d:3a:f1:4e:2e:d6:62:21:c3:b4:02:ef:b4:92:b1:e1:d1:
         46:61:c9:46:02:ae:b8:ee:9b:d7:78:44:a4:0b:47:15:76:e2:
         f1:d9:aa:7e:6c:98:a0:9f:52:ce:a6:63:97:ed:1d:9b:8b:d2:
         13:91:75:68:48:22:4f:e7:8c:3f:ce:21:a3:19:e8:1f:5b:2c:
         f6:37:0d:6b:8f:3e:72:50:2c:d1:0d:21:61:92:87:31:24:6c:
         77:4f:33:70:a6:e7:75:f1:d6:8d:53:9b:a0:6d:1b:9b:aa:a9:
         26:fc:3a:3f:51:c8:75:5a:85:2d:46:38:dd:eb:fe:cd:8c:44:
         c9:e8:66:4f:d2:2f:02:95:21:e4:8b:0a:4e:54:3e:3f:ae:36:
         7f:b0:7d:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOhhggc4dGo2TX8SbCNnqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUxMDEwMTQyODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWE3ODNjM2Q0NTZmMDdiZWM2MTdhY2VhYWE0YzMyN2NkMTU0NzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXTXuYle0Q76u4o9zpPwSHOlqPJc
ffbMbyGSBy/io8EiJj/ONwPHhFtCmsH6jfLtunY/3QsberFZyTVAuI9YAZAoUBK0
qs5brzeJVv/ua8KtmeEgnf1yx+hJRpaawhRO2p5vEank7qyw5/H5YRRMSv+R5lYc
AUmYNrwHvbWWL4Kt0oSb2b3t5F46ePRfPN/lFTwHcW1dGv65B1hcLkdsCtej+CEe
4pGY4Fbi7ZagizIBwpTbYEUpeNDqRk7MAFNX0YHmo8N15/A9oTntKVw7XcVChr+v
9OUnqHprO/K0wWOtH0QmMvZ6aGvD0idySAACOH7DMccMdvOhffdqQNsm6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWng8PUVvB77GF6zqqkwyfNFUd9MB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvdGFlRHc5Ulc4SHZzWVhyT3FxVERKODBWUjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDgHMA0G
CSqGSIb3DQEBCwUAA4IBAQAJPrZ4daw2h2vw4smhnqjqDGX/2mxD1HoqihvdYxOp
S0M7j4d7YrlrvQ3Fga7p0z2HoonE2Si+dNZ6JOp03CN+VCppMaLQfEXmZ6NFycjH
XoRiptWbg0UeHkDzXl2kiM4CVZHGUvXQF1Nx2wXCfTrxTi7WYiHDtALvtJKx4dFG
YclGAq647pvXeESkC0cVduLx2ap+bJign1LOpmOX7R2bi9ITkXVoSCJP54w/ziGj
GegfWyz2Nw1rjz5yUCzRDSFhkocxJGx3TzNwpud18daNU5ugbRubqqkm/Do/Uch1
WoUtRjjd6/7NjETJ6GZP0i8ClSHkiwpOVD4/rjZ/sH2p
-----END CERTIFICATE-----