Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/FY7QWCuQ2yFMrpW5CuJdxAmkzSw.roa
File:                     FY7QWCuQ2yFMrpW5CuJdxAmkzSw.roa (raw, json)
Hash identifier:          AB9HFdZnng1zkUR8S06NGbzzkAsazP428CDB2YNMgMs=
Subject key identifier:   15:8E:D0:58:2B:90:DB:21:4C:AE:95:B9:0A:E2:5D:C4:09:A4:CD:2C
Certificate issuer:       /CN=78e98dee9aadc86b4dfa9e168d921bd80ba3f3a6
Certificate serial:       01999B0E328F940206A0C9887FF56225425D
Authority key identifier: 78:E9:8D:EE:9A:AD:C8:6B:4D:FA:9E:16:8D:92:1B:D8:0B:A3:F3:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eOmN7pqtyGtN-p4WjZIb2Auj86Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/FY7QWCuQ2yFMrpW5CuJdxAmkzSw.roa
Signing time:             Tue 30 Sep 2025 14:37:02 +0000
ROA not before:           Tue 30 Sep 2025 14:37:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8528
IP address blocks:        138.21.0.0/16 maxlen: 24
                          138.21.37.0/24 maxlen: 24
                          138.21.47.0/24 maxlen: 24
                          193.194.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/eOmN7pqtyGtN-p4WjZIb2Auj86Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/eOmN7pqtyGtN-p4WjZIb2Auj86Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eOmN7pqtyGtN-p4WjZIb2Auj86Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:0e:32:8f:94:02:06:a0:c9:88:7f:f5:62:25:42:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78e98dee9aadc86b4dfa9e168d921bd80ba3f3a6
        Validity
            Not Before: Sep 30 14:37:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=158ed0582b90db214cae95b90ae25dc409a4cd2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6c:5f:aa:10:bc:5c:68:6d:3f:f3:6f:3c:71:
                    10:77:5b:97:4c:e7:b5:68:cc:0f:a1:a0:ac:3d:e8:
                    e4:f1:b9:0c:ef:19:e4:4f:98:b0:e2:f3:55:e6:64:
                    54:ec:18:99:a4:70:05:52:d4:29:5c:44:af:81:b5:
                    89:b0:6d:ea:d5:2f:74:96:f2:b7:1e:66:14:26:22:
                    9a:a2:15:2a:a1:f5:eb:b1:e5:45:f4:bb:2d:c1:1b:
                    e8:c5:b5:53:68:12:ed:23:75:56:f7:29:b7:69:23:
                    95:f0:95:c0:6d:a1:e9:c8:95:df:49:fe:94:0d:f3:
                    c2:51:5b:62:8c:84:92:f3:1c:9c:c1:0b:a3:b2:f3:
                    c3:81:42:5c:23:1b:67:b4:ab:c7:e2:47:76:13:f0:
                    a3:7b:d6:d7:d0:86:9b:fb:65:87:4f:09:5c:b1:33:
                    b6:f4:71:71:23:31:e6:a8:d2:1c:d4:83:30:db:a5:
                    a5:f7:9b:a0:b2:30:6d:25:97:3e:95:e6:92:aa:e7:
                    a8:61:9a:53:a4:a5:4c:8b:38:f1:68:bb:9c:7d:79:
                    9b:cd:03:13:08:1f:25:a4:ef:26:08:f9:08:ce:b5:
                    00:a0:00:00:ef:a6:cc:22:b7:8e:d5:12:86:96:84:
                    a9:b5:03:43:99:92:20:ec:32:48:45:a9:f5:05:53:
                    5f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:8E:D0:58:2B:90:DB:21:4C:AE:95:B9:0A:E2:5D:C4:09:A4:CD:2C
            X509v3 Authority Key Identifier:
                keyid:78:E9:8D:EE:9A:AD:C8:6B:4D:FA:9E:16:8D:92:1B:D8:0B:A3:F3:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eOmN7pqtyGtN-p4WjZIb2Auj86Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/FY7QWCuQ2yFMrpW5CuJdxAmkzSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c1cc95-7529-4270-a6ec-5c71956a5377/1/eOmN7pqtyGtN-p4WjZIb2Auj86Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.21.0.0/16
                  193.194.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:ac:2e:ff:70:5c:30:57:00:f4:11:bd:9b:8b:2f:98:36:0a:
         b5:fd:a9:63:48:31:e3:e4:6c:ab:d4:09:96:9a:8d:f1:fe:54:
         6d:0b:15:ac:72:89:08:18:70:dd:5d:ee:71:be:d8:6f:4c:44:
         2d:65:6c:f8:87:0a:b4:4e:b8:f1:e7:fc:a6:8a:d4:cd:c5:d9:
         25:61:e9:b7:49:8f:d2:73:3a:1a:e3:5b:6e:78:31:f2:46:f8:
         a2:3b:f9:7b:f4:39:28:bb:56:d8:ad:7c:02:cf:81:60:2a:b9:
         9e:20:ec:f3:bd:48:b3:54:04:f0:f0:33:2a:00:83:a5:2f:62:
         d2:c6:26:b5:33:14:95:62:6b:64:47:af:02:80:eb:23:ae:02:
         ff:a2:9b:b8:5e:b4:4b:49:d1:f1:7c:1d:32:64:ad:0f:2c:8a:
         43:6a:ad:cf:cc:33:aa:08:06:ea:85:34:e0:1f:ff:d7:2d:ae:
         12:78:aa:f3:4e:2b:8e:06:54:d4:11:fe:36:f6:ae:00:8c:24:
         6e:68:e2:29:f3:76:12:3c:eb:09:d5:0d:21:0e:9a:54:f5:f1:
         4f:62:ac:92:6e:d9:9d:18:09:e8:b2:3f:1e:61:b4:d4:40:aa:
         43:f2:0f:d9:94:3e:60:43:09:2e:64:91:6e:1e:0b:87:27:b1:
         20:3d:4e:22
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZmbDjKPlAIGoMmIf/ViJUJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZTk4ZGVlOWFhZGM4NmI0ZGZhOWUxNjhkOTIxYmQ4MGJh
M2YzYTYwHhcNMjUwOTMwMTQzNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNThlZDA1ODJiOTBkYjIxNGNhZTk1YjkwYWUyNWRjNDA5YTRjZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mxfqhC8XGhtP/NvPHEQd1uXTOe1
aMwPoaCsPejk8bkM7xnkT5iw4vNV5mRU7BiZpHAFUtQpXESvgbWJsG3q1S90lvK3
HmYUJiKaohUqofXrseVF9LstwRvoxbVTaBLtI3VW9ym3aSOV8JXAbaHpyJXfSf6U
DfPCUVtijISS8xycwQujsvPDgUJcIxtntKvH4kd2E/Cje9bX0Iab+2WHTwlcsTO2
9HFxIzHmqNIc1IMw26Wl95ugsjBtJZc+leaSqueoYZpTpKVMizjxaLucfXmbzQMT
CB8lpO8mCPkIzrUAoAAA76bMIreO1RKGloSptQNDmZIg7DJIRan1BVNfuwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFBWO0FgrkNshTK6VuQriXcQJpM0sMB8GA1UdIwQY
MBaAFHjpje6archrTfqeFo2SG9gLo/OmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU9tTjdwcXR5R3ROLXA0V2paSWIyQXVqODZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jMWNjOTUtNzUyOS00MjcwLWE2ZWMt
NWM3MTk1NmE1Mzc3LzEvRlk3UVdDdVEyeUZNcnBXNUN1SmR4QW1relN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jMWNjOTUtNzUyOS00MjcwLWE2ZWMtNWM3MTk1NmE1Mzc3
LzEvZU9tTjdwcXR5R3ROLXA0V2paSWIyQXVqODZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAihUDBADB
woYwDQYJKoZIhvcNAQELBQADggEBACusLv9wXDBXAPQRvZuLL5g2CrX9qWNIMePk
bKvUCZaajfH+VG0LFaxyiQgYcN1d7nG+2G9MRC1lbPiHCrROuPHn/KaK1M3F2SVh
6bdJj9JzOhrjW254MfJG+KI7+Xv0OSi7VtitfALPgWAquZ4g7PO9SLNUBPDwMyoA
g6UvYtLGJrUzFJVia2RHrwKA6yOuAv+im7hetEtJ0fF8HTJkrQ8sikNqrc/MM6oI
BuqFNOAf/9ctrhJ4qvNOK44GVNQR/jb2rgCMJG5o4inzdhI86wnVDSEOmlT18U9i
rJJu2Z0YCeiyPx5htNRAqkPyD9mUPmBDCS5kkW4eC4cnsSA9TiI=
-----END CERTIFICATE-----