Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/10aa3d-1952-4dde-80d7-1163fc3a221e/1/X8EmhkaAzLrZGF0PLTQTQ3F7TQY.roa
File:                     X8EmhkaAzLrZGF0PLTQTQ3F7TQY.roa (raw, json)
Hash identifier:          wTbEC33NFOM4jNYeqPZkMZltYqmbT0A3haddap6K47g=
Subject key identifier:   5F:C1:26:86:46:80:CC:BA:D9:18:5D:0F:2D:34:13:43:71:7B:4D:06
Certificate issuer:       /CN=c4b315f26ca1cdb844111680c3cf0437b4c127e6
Certificate serial:       0199BB788541D5AD2090027C02A555E01361
Authority key identifier: C4:B3:15:F2:6C:A1:CD:B8:44:11:16:80:C3:CF:04:37:B4:C1:27:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xLMV8myhzbhEERaAw88EN7TBJ-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/10aa3d-1952-4dde-80d7-1163fc3a221e/1/X8EmhkaAzLrZGF0PLTQTQ3F7TQY.roa
Signing time:             Mon 06 Oct 2025 21:41:01 +0000
ROA not before:           Mon 06 Oct 2025 21:41:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213342
IP address blocks:        194.116.239.0/24 maxlen: 24
                          2a0e:9b42::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/10aa3d-1952-4dde-80d7-1163fc3a221e/1/xLMV8myhzbhEERaAw88EN7TBJ-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/10aa3d-1952-4dde-80d7-1163fc3a221e/1/xLMV8myhzbhEERaAw88EN7TBJ-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xLMV8myhzbhEERaAw88EN7TBJ-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bb:78:85:41:d5:ad:20:90:02:7c:02:a5:55:e0:13:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4b315f26ca1cdb844111680c3cf0437b4c127e6
        Validity
            Not Before: Oct  6 21:41:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fc126864680ccbad9185d0f2d341343717b4d06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:56:4d:dc:07:ec:32:35:b3:2b:3a:f6:af:1c:
                    e1:0a:19:8d:6e:86:02:67:5c:2f:89:41:74:0c:02:
                    cb:19:89:77:c9:36:41:d0:a3:d5:4d:26:18:1b:fe:
                    29:af:b3:aa:7d:fe:3c:ad:08:03:65:0d:83:bb:a9:
                    41:ed:87:b0:3a:0b:ef:f5:26:d3:c4:3e:27:a4:ba:
                    f2:1f:b4:46:04:7e:72:c1:f3:f6:52:c0:09:b1:8e:
                    59:9b:b3:c7:36:d6:19:12:d5:71:3a:14:2c:8c:f8:
                    45:7e:9d:41:a4:58:a5:28:5f:dd:f6:83:b0:0a:4f:
                    9b:53:d8:37:29:f4:dc:e3:bb:86:e2:02:cc:a9:4e:
                    d8:11:9d:e3:8b:3d:a7:f5:3c:e6:5a:84:7a:b7:18:
                    8d:b3:ef:70:73:8c:ba:f9:65:78:4d:e7:13:df:0c:
                    0c:89:21:49:10:30:0b:22:bd:77:c3:d6:46:c7:88:
                    14:2f:c2:66:af:03:65:36:fc:8a:87:7a:39:c6:9e:
                    98:4e:80:4f:1f:37:63:ef:75:8f:d4:fe:2c:63:09:
                    ab:af:52:34:58:70:f5:40:a4:f7:6b:b9:44:32:83:
                    a3:f2:a4:43:15:31:7d:69:2d:4b:c5:54:ab:4d:f4:
                    42:8d:31:f9:71:11:aa:be:f7:75:a1:89:2f:38:5b:
                    42:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C1:26:86:46:80:CC:BA:D9:18:5D:0F:2D:34:13:43:71:7B:4D:06
            X509v3 Authority Key Identifier:
                keyid:C4:B3:15:F2:6C:A1:CD:B8:44:11:16:80:C3:CF:04:37:B4:C1:27:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xLMV8myhzbhEERaAw88EN7TBJ-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/10aa3d-1952-4dde-80d7-1163fc3a221e/1/X8EmhkaAzLrZGF0PLTQTQ3F7TQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/10aa3d-1952-4dde-80d7-1163fc3a221e/1/xLMV8myhzbhEERaAw88EN7TBJ-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.239.0/24
                IPv6:
                  2a0e:9b42::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:9b:3a:63:e7:9c:f0:98:ef:40:6d:29:69:85:80:0a:58:ea:
         e4:91:44:ea:de:6a:3b:dc:17:fb:fc:17:9a:49:f7:db:e4:55:
         b7:f0:8a:f8:6f:e9:f6:7c:9c:37:66:46:b2:e4:47:98:a8:84:
         7f:04:e0:03:57:00:39:bd:58:cb:b2:23:95:2d:25:7a:86:97:
         a8:ea:f4:97:b7:ab:bc:29:5c:3a:69:9d:5d:8c:55:97:c1:82:
         6d:0f:36:5f:8e:c4:35:10:15:50:f4:e9:31:d5:1f:0b:1a:40:
         fa:c8:c3:8b:10:66:7c:c0:72:6d:08:59:1f:c7:52:f2:c4:1b:
         38:c0:cf:92:16:ea:8f:57:18:88:4b:64:8f:bd:83:f4:45:d9:
         4f:72:1d:8d:bb:8a:c6:2a:6a:f9:40:8c:28:42:7e:5a:07:bf:
         91:1c:0b:0c:35:38:90:e2:db:22:56:78:a4:27:63:88:3f:01:
         fc:63:21:c6:f1:b2:aa:86:e8:19:29:62:fe:f0:65:8e:44:c9:
         91:b4:c3:67:19:ae:54:60:e9:a0:ad:d9:8d:da:8a:44:d8:1e:
         0b:a0:5a:35:09:89:0d:95:1e:db:d7:5e:14:5e:f0:91:41:9d:
         ac:15:7f:84:ca:27:7f:31:ca:ac:55:da:76:63:1b:df:62:31:
         1b:31:b2:ff
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZm7eIVB1a0gkAJ8AqVV4BNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YjMxNWYyNmNhMWNkYjg0NDExMTY4MGMzY2YwNDM3YjRj
MTI3ZTYwHhcNMjUxMDA2MjE0MTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmMxMjY4NjQ2ODBjY2JhZDkxODVkMGYyZDM0MTM0MzcxN2I0ZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVZN3AfsMjWzKzr2rxzhChmNboYC
Z1wviUF0DALLGYl3yTZB0KPVTSYYG/4pr7Oqff48rQgDZQ2Du6lB7YewOgvv9SbT
xD4npLryH7RGBH5ywfP2UsAJsY5Zm7PHNtYZEtVxOhQsjPhFfp1BpFilKF/d9oOw
Ck+bU9g3KfTc47uG4gLMqU7YEZ3jiz2n9TzmWoR6txiNs+9wc4y6+WV4TecT3wwM
iSFJEDALIr13w9ZGx4gUL8JmrwNlNvyKh3o5xp6YToBPHzdj73WP1P4sYwmrr1I0
WHD1QKT3a7lEMoOj8qRDFTF9aS1LxVSrTfRCjTH5cRGqvvd1oYkvOFtCBwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF/BJoZGgMy62RhdDy00E0Nxe00GMB8GA1UdIwQY
MBaAFMSzFfJsoc24RBEWgMPPBDe0wSfmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveExNVjhteWh6YmhFRVJhQXc4OEVON1RCSi1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xMGFhM2QtMTk1Mi00ZGRlLTgwZDct
MTE2M2ZjM2EyMjFlLzEvWDhFbWhrYUF6THJaR0YwUExUUVRRM0Y3VFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xMGFhM2QtMTk1Mi00ZGRlLTgwZDctMTE2M2ZjM2EyMjFl
LzEveExNVjhteWh6YmhFRVJhQXc4OEVON1RCSi1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwnTvMA0E
AgACMAcDBQAqDptCMA0GCSqGSIb3DQEBCwUAA4IBAQCDmzpj55zwmO9AbSlphYAK
WOrkkUTq3mo73Bf7/BeaSffb5FW38Ir4b+n2fJw3Zkay5EeYqIR/BOADVwA5vVjL
siOVLSV6hpeo6vSXt6u8KVw6aZ1djFWXwYJtDzZfjsQ1EBVQ9Okx1R8LGkD6yMOL
EGZ8wHJtCFkfx1LyxBs4wM+SFuqPVxiIS2SPvYP0RdlPch2Nu4rGKmr5QIwoQn5a
B7+RHAsMNTiQ4tsiVnikJ2OIPwH8YyHG8bKqhugZKWL+8GWORMmRtMNnGa5UYOmg
rdmN2opE2B4LoFo1CYkNlR7b114UXvCRQZ2sFX+Eyid/McqsVdp2YxvfYjEbMbL/
-----END CERTIFICATE-----