Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/oLz2eFbmpRFR5A5oj9_IzGOfqTg.roa
File:                     oLz2eFbmpRFR5A5oj9_IzGOfqTg.roa (raw, json)
Hash identifier:          K42AQKk/5JQbpER6nQEE4PNnPHJ5tbcZAd8Cz+zivrw=
Subject key identifier:   A0:BC:F6:78:56:E6:A5:11:51:E4:0E:68:8F:DF:C8:CC:63:9F:A9:38
Certificate issuer:       /CN=75f5286ee38559bdd989c764f5a6474347b03b6f
Certificate serial:       0199C4637BD3391380B9081DF0BFA9D6FFC3
Authority key identifier: 75:F5:28:6E:E3:85:59:BD:D9:89:C7:64:F5:A6:47:43:47:B0:3B:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dfUobuOFWb3Zicdk9aZHQ0ewO28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/oLz2eFbmpRFR5A5oj9_IzGOfqTg.roa
Signing time:             Wed 08 Oct 2025 15:14:37 +0000
ROA not before:           Wed 08 Oct 2025 15:14:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        194.126.158.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/dfUobuOFWb3Zicdk9aZHQ0ewO28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/dfUobuOFWb3Zicdk9aZHQ0ewO28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dfUobuOFWb3Zicdk9aZHQ0ewO28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c4:63:7b:d3:39:13:80:b9:08:1d:f0:bf:a9:d6:ff:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75f5286ee38559bdd989c764f5a6474347b03b6f
        Validity
            Not Before: Oct  8 15:14:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0bcf67856e6a51151e40e688fdfc8cc639fa938
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7a:ec:ec:29:a1:35:19:3f:88:7d:a9:79:0b:
                    65:03:11:03:aa:7c:d1:85:19:9e:46:54:ee:5d:76:
                    01:a8:88:cc:f5:8a:39:8b:54:7e:88:9e:f7:60:82:
                    ee:06:72:e1:7c:27:5a:7f:0d:9a:d4:a2:7e:8d:a6:
                    89:c0:a6:8b:4f:f6:6b:5d:41:f1:c9:98:51:3c:ae:
                    81:e3:86:b4:68:83:25:2b:70:ed:2b:87:13:74:95:
                    4f:e8:aa:30:87:c1:e0:18:7d:11:47:8d:ee:72:87:
                    ab:bd:44:b7:ba:c3:bb:e0:c7:37:dd:7f:04:22:df:
                    17:f5:0c:40:f3:aa:7a:98:6b:46:b1:e5:a5:8f:a8:
                    64:8f:be:8d:d8:96:a7:a7:5e:1e:ee:33:2e:02:2c:
                    91:c5:67:d4:24:81:f7:38:20:cd:b3:69:95:2f:2e:
                    4b:90:7f:b8:b8:73:47:55:7f:40:1f:e8:c0:45:e5:
                    6c:2e:bb:d6:5c:a2:f8:4e:08:9d:7b:ba:d8:38:c1:
                    c9:9f:1d:2c:f3:c2:3a:60:95:35:c1:33:be:96:f0:
                    76:80:4a:6a:00:60:0a:5d:73:03:3a:26:c8:6a:f5:
                    b8:00:e2:51:50:0c:d0:67:71:e3:35:4a:c4:75:a7:
                    d5:d4:02:7d:60:f8:de:d3:0a:0f:00:26:01:bf:e7:
                    09:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:BC:F6:78:56:E6:A5:11:51:E4:0E:68:8F:DF:C8:CC:63:9F:A9:38
            X509v3 Authority Key Identifier:
                keyid:75:F5:28:6E:E3:85:59:BD:D9:89:C7:64:F5:A6:47:43:47:B0:3B:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dfUobuOFWb3Zicdk9aZHQ0ewO28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/oLz2eFbmpRFR5A5oj9_IzGOfqTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/dfUobuOFWb3Zicdk9aZHQ0ewO28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:d9:51:fc:cb:da:39:db:0b:c8:26:17:e4:a7:a4:d0:b8:9a:
         8b:a7:b8:ba:95:0e:b7:02:da:e6:74:19:19:76:18:83:df:4f:
         fe:3b:07:50:5f:86:e2:5c:b9:66:f7:19:80:b7:1d:fb:60:26:
         7b:60:46:00:a1:19:d7:19:95:b4:06:88:8c:cb:45:1d:fd:50:
         8f:c5:00:9b:45:89:ae:3b:2f:03:a7:93:ce:de:4f:ed:3f:3f:
         aa:6c:84:ae:70:7a:95:ba:17:06:2a:b8:cc:55:f2:32:aa:06:
         37:ab:fa:1d:82:af:c1:31:de:26:10:7a:10:76:f8:d7:65:cf:
         31:0a:ee:aa:dc:2f:7a:d7:dd:90:0c:be:1f:b7:7c:69:53:27:
         68:cb:36:39:22:d6:bb:8c:b1:46:a9:4a:68:78:36:e3:12:41:
         66:45:73:db:68:c0:52:15:d0:b1:1a:02:48:5a:37:5e:54:ee:
         7b:38:2a:a9:55:05:f0:d5:f8:dc:97:5d:41:4c:09:80:70:f6:
         61:2a:cf:76:f2:95:93:1d:93:28:85:4d:a2:8c:49:dc:48:8e:
         92:3c:00:d3:28:13:ab:f5:7f:1e:ac:01:fa:6c:54:b0:88:d6:
         1d:b7:9e:01:b9:7d:d8:1f:1e:15:e9:d0:7c:ae:3e:bb:15:1f:
         7a:c5:c8:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnEY3vTOROAuQgd8L+p1v/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZjUyODZlZTM4NTU5YmRkOTg5Yzc2NGY1YTY0NzQzNDdi
MDNiNmYwHhcNMjUxMDA4MTUxNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGJjZjY3ODU2ZTZhNTExNTFlNDBlNjg4ZmRmYzhjYzYzOWZhOTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3rs7CmhNRk/iH2peQtlAxEDqnzR
hRmeRlTuXXYBqIjM9Yo5i1R+iJ73YILuBnLhfCdafw2a1KJ+jaaJwKaLT/ZrXUHx
yZhRPK6B44a0aIMlK3DtK4cTdJVP6Kowh8HgGH0RR43ucoervUS3usO74Mc33X8E
It8X9QxA86p6mGtGseWlj6hkj76N2Janp14e7jMuAiyRxWfUJIH3OCDNs2mVLy5L
kH+4uHNHVX9AH+jAReVsLrvWXKL4Tgide7rYOMHJnx0s88I6YJU1wTO+lvB2gEpq
AGAKXXMDOibIavW4AOJRUAzQZ3HjNUrEdafV1AJ9YPje0woPACYBv+cJ0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC89nhW5qURUeQOaI/fyMxjn6k4MB8GA1UdIwQY
MBaAFHX1KG7jhVm92YnHZPWmR0NHsDtvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGZVb2J1T0ZXYjNaaWNkazlhWkhRMGV3TzI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8yOWJmNjEtZmRjOC00OWU2LTg0ZDkt
MDM4NTM0OWZmMWU4LzEvb0x6MmVGYm1wUkZSNUE1b2o5X0l6R09mcVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8yOWJmNjEtZmRjOC00OWU2LTg0ZDktMDM4NTM0OWZmMWU4
LzEvZGZVb2J1T0ZXYjNaaWNkazlhWkhRMGV3TzI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwn6eMA0G
CSqGSIb3DQEBCwUAA4IBAQAi2VH8y9o52wvIJhfkp6TQuJqLp7i6lQ63AtrmdBkZ
dhiD30/+OwdQX4biXLlm9xmAtx37YCZ7YEYAoRnXGZW0BoiMy0Ud/VCPxQCbRYmu
Oy8Dp5PO3k/tPz+qbISucHqVuhcGKrjMVfIyqgY3q/odgq/BMd4mEHoQdvjXZc8x
Cu6q3C96192QDL4ft3xpUydoyzY5Ita7jLFGqUpoeDbjEkFmRXPbaMBSFdCxGgJI
WjdeVO57OCqpVQXw1fjcl11BTAmAcPZhKs928pWTHZMohU2ijEncSI6SPADTKBOr
9X8erAH6bFSwiNYdt54BuX3YHx4V6dB8rj67FR96xcga
-----END CERTIFICATE-----