Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/sI3owle2SK5hDtoXgnXqvnb2Lig.roa
File:                     sI3owle2SK5hDtoXgnXqvnb2Lig.roa (raw, json)
Hash identifier:          h/A8g/6518BnZmSBn+Xa4u50/hcauxf7ASYtMTXTA3I=
Subject key identifier:   B0:8D:E8:C2:57:B6:48:AE:61:0E:DA:17:82:75:EA:BE:76:F6:2E:28
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       0199B5E9C733200DE45DC6E0CA66B1429FE7
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/sI3owle2SK5hDtoXgnXqvnb2Lig.roa
Signing time:             Sun 05 Oct 2025 19:47:00 +0000
ROA not before:           Sun 05 Oct 2025 19:47:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208972
IP address blocks:        91.102.160.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b5:e9:c7:33:20:0d:e4:5d:c6:e0:ca:66:b1:42:9f:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Oct  5 19:47:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b08de8c257b648ae610eda178275eabe76f62e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d4:4f:0a:b8:fe:87:ee:e5:5b:b7:ab:25:a0:
                    e1:ce:00:10:b7:df:78:c2:f1:bd:cd:2e:19:31:76:
                    b6:e8:24:35:1e:b8:df:49:87:95:42:4d:f5:8d:2f:
                    9f:b1:69:bb:94:e7:c1:17:ce:f8:d1:42:46:fc:80:
                    ac:12:2d:e1:d1:f5:3b:11:64:51:f3:2d:80:c5:c0:
                    4c:10:e1:5b:0b:58:14:9b:e8:a2:fb:86:20:e9:19:
                    12:16:7a:54:93:78:bf:54:47:7b:12:21:1b:03:dd:
                    92:ab:c1:5d:2f:9e:b7:a7:d6:ab:2d:ab:29:a0:fb:
                    51:3c:fc:d6:e1:83:f7:08:54:bf:b2:79:bb:32:fe:
                    01:70:28:75:88:af:06:a2:17:15:8c:fe:47:52:27:
                    91:e7:c0:ff:ca:08:27:78:76:6f:db:ee:64:8f:ac:
                    2a:05:3b:e7:23:79:42:cd:4f:84:7c:ab:0f:13:62:
                    fc:12:4c:ba:6c:98:41:c1:f4:e1:8b:53:3c:c9:80:
                    fe:56:e8:58:04:88:37:99:61:ad:e8:5b:2e:b9:f1:
                    5c:22:30:37:e0:56:78:e8:0c:97:60:0c:37:6c:a3:
                    8c:ab:f2:1c:ed:b7:dd:b9:d4:ea:b1:a5:52:76:eb:
                    cc:5f:a9:03:fb:6a:9f:ae:64:d1:e7:7d:52:47:8c:
                    89:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:8D:E8:C2:57:B6:48:AE:61:0E:DA:17:82:75:EA:BE:76:F6:2E:28
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/sI3owle2SK5hDtoXgnXqvnb2Lig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:04:d8:8a:86:04:98:28:fe:d4:c6:c7:9c:98:ec:ba:62:c3:
         99:8e:2b:56:e9:d1:21:c8:2f:c3:5c:28:bb:dd:61:28:7b:c2:
         59:1b:dc:6d:cc:67:6f:53:61:54:a5:80:3a:6c:46:22:48:5b:
         62:2c:3d:50:87:f9:34:2c:98:e1:b0:53:58:dd:63:11:32:51:
         e0:90:e8:2b:da:46:5d:69:41:95:26:8a:e6:6c:03:e2:0a:c4:
         b8:e5:7b:35:d3:1e:a3:3d:5d:8b:1a:56:7b:a3:5a:27:f9:bc:
         24:6d:5e:07:e6:e6:83:12:f9:68:e6:27:ac:c6:6e:0e:ed:98:
         17:ac:2d:60:5f:5b:8e:26:45:15:31:f0:5b:45:7f:73:95:88:
         43:54:a3:79:d9:c5:dd:c1:7c:89:71:73:47:56:2c:60:4c:6f:
         87:0a:66:d3:b7:97:a5:c4:18:a5:53:ce:39:81:86:71:5a:8b:
         69:f3:72:22:de:03:f7:6f:6e:37:36:12:40:10:54:3d:14:8b:
         5a:6d:cd:77:49:34:d5:29:b0:50:5a:8d:62:b1:e8:49:78:a2:
         e7:5a:0e:ae:f2:f8:4a:07:0d:3b:de:79:63:32:75:85:9b:f1:
         2c:ff:2c:bd:91:28:a4:54:63:dc:21:f6:4c:71:6d:0a:60:5c:
         08:da:81:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm16cczIA3kXcbgymaxQp/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjUxMDA1MTk0NzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDhkZThjMjU3YjY0OGFlNjEwZWRhMTc4Mjc1ZWFiZTc2ZjYyZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNRPCrj+h+7lW7erJaDhzgAQt994
wvG9zS4ZMXa26CQ1HrjfSYeVQk31jS+fsWm7lOfBF8740UJG/ICsEi3h0fU7EWRR
8y2AxcBMEOFbC1gUm+ii+4Yg6RkSFnpUk3i/VEd7EiEbA92Sq8FdL563p9arLasp
oPtRPPzW4YP3CFS/snm7Mv4BcCh1iK8GohcVjP5HUieR58D/yggneHZv2+5kj6wq
BTvnI3lCzU+EfKsPE2L8Eky6bJhBwfThi1M8yYD+VuhYBIg3mWGt6FsuufFcIjA3
4FZ46AyXYAw3bKOMq/Ic7bfdudTqsaVSduvMX6kD+2qfrmTR531SR4yJxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCN6MJXtkiuYQ7aF4J16r529i4oMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvc0kzb3dsZTJTSzVoRHRvWGduWHF2bmIyTGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW2agMA0G
CSqGSIb3DQEBCwUAA4IBAQA2BNiKhgSYKP7UxsecmOy6YsOZjitW6dEhyC/DXCi7
3WEoe8JZG9xtzGdvU2FUpYA6bEYiSFtiLD1Qh/k0LJjhsFNY3WMRMlHgkOgr2kZd
aUGVJormbAPiCsS45Xs10x6jPV2LGlZ7o1on+bwkbV4H5uaDEvlo5iesxm4O7ZgX
rC1gX1uOJkUVMfBbRX9zlYhDVKN52cXdwXyJcXNHVixgTG+HCmbTt5elxBilU845
gYZxWotp83Ii3gP3b243NhJAEFQ9FItabc13STTVKbBQWo1isehJeKLnWg6u8vhK
Bw073nljMnWFm/Es/yy9kSikVGPcIfZMcW0KYFwI2oG9
-----END CERTIFICATE-----