Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/XtP9uPkBbHpNbcrbfiapaGNstI0.roa
File:                     XtP9uPkBbHpNbcrbfiapaGNstI0.roa (raw, json)
Hash identifier:          RHc/YYxPI6eAj3ZZsuy3p2bKIUCYpGJbMLwSSRkfsBM=
Subject key identifier:   5E:D3:FD:B8:F9:01:6C:7A:4D:6D:CA:DB:7E:26:A9:68:63:6C:B4:8D
Certificate issuer:       /CN=f62654658f672aacf37133b5c71cf4b11c1869da
Certificate serial:       0198EDC3DEE7A9C5E5DA866BA407A7E0DCF1
Authority key identifier: F6:26:54:65:8F:67:2A:AC:F3:71:33:B5:C7:1C:F4:B1:1C:18:69:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9iZUZY9nKqzzcTO1xxz0sRwYado.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/XtP9uPkBbHpNbcrbfiapaGNstI0.roa
Signing time:             Wed 27 Aug 2025 23:01:33 +0000
ROA not before:           Wed 27 Aug 2025 23:01:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29534
IP address blocks:        195.140.244.0/22 maxlen: 24
                          195.140.244.0/24 maxlen: 24
                          195.140.245.0/24 maxlen: 24
                          195.140.246.0/24 maxlen: 24
                          195.140.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/9iZUZY9nKqzzcTO1xxz0sRwYado.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/9iZUZY9nKqzzcTO1xxz0sRwYado.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9iZUZY9nKqzzcTO1xxz0sRwYado.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ed:c3:de:e7:a9:c5:e5:da:86:6b:a4:07:a7:e0:dc:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f62654658f672aacf37133b5c71cf4b11c1869da
        Validity
            Not Before: Aug 27 23:01:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ed3fdb8f9016c7a4d6dcadb7e26a968636cb48d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3b:b3:ed:f3:ba:4d:14:69:44:fd:0a:65:84:
                    b8:2e:2d:60:a2:0f:07:9f:fb:25:46:75:f0:4d:e4:
                    fd:c3:28:e4:9c:31:a4:61:83:65:5c:ea:5c:ed:bb:
                    53:ba:9b:c0:6a:22:69:13:33:93:58:39:1a:64:99:
                    3c:e6:88:e0:2c:50:a0:8e:c5:77:04:1d:45:92:e1:
                    10:42:4c:db:bc:2d:e2:7d:39:cb:8e:df:aa:49:cd:
                    c8:05:80:0a:46:4c:80:0c:d9:98:d0:00:c7:cc:85:
                    4d:6d:30:41:fe:81:b0:fc:24:b7:88:2c:19:25:cc:
                    c7:e9:1e:d4:5d:03:f2:1b:27:dd:f9:1a:82:02:05:
                    80:19:f7:00:ea:a1:e1:a5:49:4f:94:83:d6:1e:9d:
                    b9:b0:2c:d4:88:f2:a1:42:8a:71:b7:c4:7e:b9:24:
                    f9:0e:0f:b7:52:23:15:b0:4c:83:a6:9f:a8:18:7d:
                    8e:e4:1b:7a:3f:00:6f:3f:e7:a6:18:0e:3f:ad:63:
                    32:74:53:fb:b9:11:91:ff:48:49:bb:fb:86:72:49:
                    42:ec:a4:69:a7:49:44:33:5f:9f:03:2c:1d:2c:f0:
                    68:a0:32:c0:5f:15:f8:bc:17:51:1c:5c:86:99:02:
                    b4:a2:ac:df:a5:ed:9a:c4:ff:d3:a8:83:21:91:9a:
                    5f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D3:FD:B8:F9:01:6C:7A:4D:6D:CA:DB:7E:26:A9:68:63:6C:B4:8D
            X509v3 Authority Key Identifier:
                keyid:F6:26:54:65:8F:67:2A:AC:F3:71:33:B5:C7:1C:F4:B1:1C:18:69:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9iZUZY9nKqzzcTO1xxz0sRwYado.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/XtP9uPkBbHpNbcrbfiapaGNstI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/9iZUZY9nKqzzcTO1xxz0sRwYado.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.140.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:66:d5:37:f4:2e:00:07:01:db:59:27:99:86:3c:d4:74:7c:
         fa:b6:48:bd:6d:29:14:5d:84:ad:0c:0f:4b:0b:a9:fa:a3:f5:
         d6:b6:36:c2:ea:c9:6b:3b:65:d5:4d:24:54:d2:85:33:4a:80:
         b5:21:00:13:d7:30:4a:14:40:2d:de:44:db:3a:e7:c3:ca:05:
         50:4b:6a:28:6a:7c:c3:38:e9:95:73:59:c6:e9:61:15:36:91:
         c0:30:c2:fe:b5:f2:3d:3a:d0:39:ea:b8:ad:34:ec:c6:4a:bb:
         6a:5e:34:59:d0:8e:11:63:61:78:ff:82:f4:56:5d:e5:a5:fe:
         2c:e8:99:cf:69:38:23:fd:06:b9:60:40:5e:9d:d4:17:d7:c6:
         59:c7:46:92:10:15:dc:76:8f:06:6e:0c:1c:a0:2f:76:8d:76:
         75:b9:a5:6c:f8:ff:27:ab:ec:38:e5:8e:02:fc:e4:06:c2:a7:
         c0:a8:80:8d:18:98:36:a5:a0:08:24:d4:91:13:5a:bb:b0:84:
         54:02:ff:c6:13:5c:fb:d9:a9:20:19:57:d6:35:bb:ad:03:20:
         a7:72:3d:cf:a6:31:de:f1:2c:ed:8b:27:10:37:3a:7a:ac:ea:
         56:45:eb:e6:16:fd:34:a4:94:47:bc:a1:2e:72:e6:3b:c1:c7:
         62:1a:46:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjtw97nqcXl2oZrpAen4NzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MjY1NDY1OGY2NzJhYWNmMzcxMzNiNWM3MWNmNGIxMWMx
ODY5ZGEwHhcNMjUwODI3MjMwMTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQzZmRiOGY5MDE2YzdhNGQ2ZGNhZGI3ZTI2YTk2ODYzNmNiNDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTuz7fO6TRRpRP0KZYS4Li1gog8H
n/slRnXwTeT9wyjknDGkYYNlXOpc7btTupvAaiJpEzOTWDkaZJk85ojgLFCgjsV3
BB1FkuEQQkzbvC3ifTnLjt+qSc3IBYAKRkyADNmY0ADHzIVNbTBB/oGw/CS3iCwZ
JczH6R7UXQPyGyfd+RqCAgWAGfcA6qHhpUlPlIPWHp25sCzUiPKhQopxt8R+uST5
Dg+3UiMVsEyDpp+oGH2O5Bt6PwBvP+emGA4/rWMydFP7uRGR/0hJu/uGcklC7KRp
p0lEM1+fAywdLPBooDLAXxX4vBdRHFyGmQK0oqzfpe2axP/TqIMhkZpfLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7T/bj5AWx6TW3K234mqWhjbLSNMB8GA1UdIwQY
MBaAFPYmVGWPZyqs83Eztccc9LEcGGnaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWlaVVpZOW5LcXp6Y1RPMXh4ejBzUndZYWRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9hNjhlMjYtOTJlNS00ZjQ5LWFkYjgt
NjY0Nzc4ODQ1YjE2LzEvWHRQOXVQa0JiSHBOYmNyYmZpYXBhR05zdEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9hNjhlMjYtOTJlNS00ZjQ5LWFkYjgtNjY0Nzc4ODQ1YjE2
LzEvOWlaVVpZOW5LcXp6Y1RPMXh4ejBzUndZYWRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4z0MA0G
CSqGSIb3DQEBCwUAA4IBAQCeZtU39C4ABwHbWSeZhjzUdHz6tki9bSkUXYStDA9L
C6n6o/XWtjbC6slrO2XVTSRU0oUzSoC1IQAT1zBKFEAt3kTbOufDygVQS2ooanzD
OOmVc1nG6WEVNpHAMML+tfI9OtA56ritNOzGSrtqXjRZ0I4RY2F4/4L0Vl3lpf4s
6JnPaTgj/Qa5YEBendQX18ZZx0aSEBXcdo8GbgwcoC92jXZ1uaVs+P8nq+w45Y4C
/OQGwqfAqICNGJg2paAIJNSRE1q7sIRUAv/GE1z72akgGVfWNbutAyCncj3PpjHe
8SztiycQNzp6rOpWRevmFv00pJRHvKEucuY7wcdiGkbs
-----END CERTIFICATE-----