Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/EfqHhOpSbdvk4vRd6AoUUz_8WfQ.roa
File:                     EfqHhOpSbdvk4vRd6AoUUz_8WfQ.roa (raw, json)
Hash identifier:          ukcwrYd2+moXnS9YT6V63pq5QVLeUXmGImJ7Hr0HbMM=
Subject key identifier:   11:FA:87:84:EA:52:6D:DB:E4:E2:F4:5D:E8:0A:14:53:3F:FC:59:F4
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0199ED29BB5A4B1BFC0E0AB2DC8205417824
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/EfqHhOpSbdvk4vRd6AoUUz_8WfQ.roa
Signing time:             Thu 16 Oct 2025 13:15:59 +0000
ROA not before:           Thu 16 Oct 2025 13:15:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206247
IP address blocks:        109.248.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:29:bb:5a:4b:1b:fc:0e:0a:b2:dc:82:05:41:78:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Oct 16 13:15:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11fa8784ea526ddbe4e2f45de80a14533ffc59f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7a:84:14:da:61:a2:37:72:25:4f:52:a9:60:
                    5e:10:4e:8e:4c:a7:56:87:4c:68:c1:01:03:c5:8c:
                    a0:3f:0b:13:71:45:ae:cd:f9:94:cf:63:09:f8:ba:
                    e3:bc:98:f0:44:3e:4f:c9:b4:67:69:fe:29:da:1c:
                    5c:2e:cf:84:a8:08:d4:11:b3:59:e6:7b:dd:cd:09:
                    7e:6a:2c:d5:a0:ab:1f:34:6b:dc:da:26:8d:14:e2:
                    85:b3:ac:c0:c0:a3:a0:69:f8:50:5c:70:11:f2:27:
                    ba:a4:a0:c3:23:43:0f:9c:68:9b:f7:26:df:a7:cf:
                    c0:c8:c3:e2:0b:36:9d:9e:92:d7:10:e4:a9:75:f0:
                    62:8e:b8:bb:63:e8:29:85:3f:a6:98:fa:36:4c:3b:
                    db:3e:1c:3c:d8:c0:f5:c9:d2:23:5a:32:87:65:6a:
                    87:4b:27:52:af:f4:d4:20:3e:c0:e9:ca:ae:5c:3c:
                    47:42:ee:41:b8:8a:b2:0e:b6:bc:15:ba:ff:ab:0d:
                    ea:c2:44:30:cb:81:9e:17:d2:95:3e:ce:30:22:a2:
                    58:fd:48:38:c8:76:8a:f4:f7:ad:33:df:3b:dc:44:
                    74:cc:d1:70:cf:44:ed:24:93:67:a6:fc:f9:04:fe:
                    59:92:8e:6b:29:34:ae:bc:1a:d5:13:79:6e:26:f1:
                    62:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:FA:87:84:EA:52:6D:DB:E4:E2:F4:5D:E8:0A:14:53:3F:FC:59:F4
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/EfqHhOpSbdvk4vRd6AoUUz_8WfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:30:05:db:73:59:fe:06:c5:be:87:27:46:ab:f1:89:19:2f:
         6e:c9:e7:68:6e:7c:c2:92:ba:6f:e0:fb:00:7e:1d:0d:67:b4:
         43:42:95:7a:1d:88:a9:fe:1e:bb:0a:80:ee:f8:55:c1:00:47:
         a6:c2:be:a9:4f:8c:4f:ee:68:94:86:95:7a:f3:7b:5a:a9:e2:
         b5:91:2b:60:69:d6:bd:19:8e:fb:57:82:5b:e0:aa:94:bd:a0:
         94:07:8a:1c:f7:dd:55:fe:62:a0:58:db:bb:07:98:a9:53:72:
         98:66:05:02:d7:51:0b:e7:98:aa:29:33:88:46:1e:87:d6:ec:
         40:4a:00:71:d2:fa:8b:0c:dd:b3:7a:f7:9d:dc:5b:2b:2b:19:
         f2:a2:d3:51:fa:8e:b0:84:7a:81:d1:bb:36:cb:49:a7:ad:13:
         92:64:33:5e:60:32:75:6e:e3:93:88:a9:58:89:01:0f:96:f4:
         f9:de:06:2a:09:b0:c9:09:5f:86:2f:26:8a:6c:c0:36:d9:dd:
         a6:72:6a:b2:51:12:1b:29:e2:7f:7d:6c:29:e9:8b:c5:32:e1:
         b2:1a:c9:11:82:bf:7e:23:db:b2:11:39:45:06:04:c3:5a:ef:
         81:f2:9d:b6:38:07:4b:14:33:2f:93:e4:7f:d3:65:bb:01:71:
         d0:2c:fa:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZntKbtaSxv8Dgqy3IIFQXgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUxMDE2MTMxNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWZhODc4NGVhNTI2ZGRiZTRlMmY0NWRlODBhMTQ1MzNmZmM1OWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnqEFNphojdyJU9SqWBeEE6OTKdW
h0xowQEDxYygPwsTcUWuzfmUz2MJ+LrjvJjwRD5PybRnaf4p2hxcLs+EqAjUEbNZ
5nvdzQl+aizVoKsfNGvc2iaNFOKFs6zAwKOgafhQXHAR8ie6pKDDI0MPnGib9ybf
p8/AyMPiCzadnpLXEOSpdfBijri7Y+gphT+mmPo2TDvbPhw82MD1ydIjWjKHZWqH
SydSr/TUID7A6cquXDxHQu5BuIqyDra8Fbr/qw3qwkQwy4GeF9KVPs4wIqJY/Ug4
yHaK9PetM9873ER0zNFwz0TtJJNnpvz5BP5Zko5rKTSuvBrVE3luJvFiewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBH6h4TqUm3b5OL0XegKFFM//Fn0MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvRWZxSGhPcFNiZHZrNHZSZDZBb1VVel84V2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfgFMA0G
CSqGSIb3DQEBCwUAA4IBAQAZMAXbc1n+BsW+hydGq/GJGS9uyedobnzCkrpv4PsA
fh0NZ7RDQpV6HYip/h67CoDu+FXBAEemwr6pT4xP7miUhpV683taqeK1kStgada9
GY77V4Jb4KqUvaCUB4oc991V/mKgWNu7B5ipU3KYZgUC11EL55iqKTOIRh6H1uxA
SgBx0vqLDN2zeved3FsrKxnyotNR+o6whHqB0bs2y0mnrROSZDNeYDJ1buOTiKlY
iQEPlvT53gYqCbDJCV+GLyaKbMA22d2mcmqyURIbKeJ/fWwp6YvFMuGyGskRgr9+
I9uyETlFBgTDWu+B8p22OAdLFDMvk+R/02W7AXHQLPqX
-----END CERTIFICATE-----