Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/PEFJVv9b3LNXAVDXaLffH7NXQnM.roa
File:                     PEFJVv9b3LNXAVDXaLffH7NXQnM.roa (raw, json)
Hash identifier:          NhDrDFRTP8HsLaWVaWM6e2lag1TgJaP+y0PbyxFsfDw=
Subject key identifier:   3C:41:49:56:FF:5B:DC:B3:57:01:50:D7:68:B7:DF:1F:B3:57:42:73
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       0199BDA5293ECAD957379978E99AE36ED4CA
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/PEFJVv9b3LNXAVDXaLffH7NXQnM.roa
Signing time:             Tue 07 Oct 2025 07:49:01 +0000
ROA not before:           Tue 07 Oct 2025 07:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25211
IP address blocks:        85.11.163.0/24 maxlen: 24
                          85.11.182.0/24 maxlen: 24
                          85.11.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:a5:29:3e:ca:d9:57:37:99:78:e9:9a:e3:6e:d4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Oct  7 07:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c414956ff5bdcb3570150d768b7df1fb3574273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9d:76:6f:1d:ac:0c:5d:95:28:02:c6:7d:69:
                    00:7a:45:a0:e5:33:eb:13:65:f1:98:22:60:85:51:
                    bf:4a:64:29:c6:37:20:4c:dd:e5:55:43:5b:6e:53:
                    db:e5:37:49:82:bb:32:79:09:72:95:c0:00:da:ad:
                    18:81:ce:ed:90:83:9f:77:a0:df:62:67:92:86:9f:
                    46:71:ef:94:f1:f9:10:67:bf:9f:7a:97:da:13:d8:
                    02:60:8c:3a:35:93:a3:f3:ed:30:e2:46:de:a3:76:
                    98:39:1e:3e:a7:c6:ed:03:b0:aa:fa:de:dc:22:5f:
                    f4:fc:de:b2:91:72:25:a0:e3:ac:cb:3b:6f:f4:24:
                    06:6f:15:a7:a5:ab:a0:b3:f8:58:30:af:e4:43:62:
                    df:71:7e:3d:7d:fb:31:6c:ed:68:f4:40:4b:16:df:
                    b2:c3:04:ce:f2:66:1d:0b:8f:e5:68:d5:45:31:ac:
                    1b:e2:3f:64:f2:2d:98:80:fe:7d:41:8a:15:2e:45:
                    e8:c2:b0:e5:36:26:e2:5b:02:70:b8:51:37:c2:05:
                    d6:7c:93:2e:ed:eb:4f:ed:78:bc:d8:a7:51:7b:a2:
                    65:69:d7:e2:ab:bc:ca:71:15:17:ec:ba:aa:4d:47:
                    72:56:d6:cc:3c:4f:25:31:38:e2:61:4c:4e:24:0c:
                    3d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:41:49:56:FF:5B:DC:B3:57:01:50:D7:68:B7:DF:1F:B3:57:42:73
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/PEFJVv9b3LNXAVDXaLffH7NXQnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.163.0/24
                  85.11.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:97:9b:63:83:98:9c:76:1d:8c:7d:9d:b7:a6:fa:2c:50:b0:
         e5:19:26:25:0b:15:e4:06:02:d9:58:47:01:1f:2b:b3:5b:b5:
         77:3d:29:aa:c4:c7:53:3b:2d:ec:ef:71:2b:91:8c:22:83:38:
         ad:8f:8b:5c:fe:12:f0:d2:56:28:42:79:47:a9:c8:a7:a0:a2:
         93:56:cf:44:0a:b8:38:4f:cf:b0:f5:b2:38:c3:66:29:da:d3:
         cf:da:bd:3d:e8:8b:38:b1:02:d0:9c:b6:b1:cd:91:b6:87:52:
         48:f2:50:65:8a:b2:dd:3b:d7:6f:47:03:10:a0:57:7e:5e:5f:
         db:26:09:31:50:70:86:7c:9f:14:3b:3c:29:12:af:14:26:e6:
         b8:0d:32:55:28:1c:46:cf:0a:6e:3a:0f:22:7f:1e:54:9e:11:
         1c:35:23:5d:3c:ec:7b:cd:37:de:8a:0c:68:e1:f8:20:95:cc:
         00:2c:98:db:1b:e8:6f:bd:48:24:65:76:3a:3f:f9:72:35:f4:
         ca:26:a7:b8:65:5a:a5:7e:ae:d9:03:65:b8:ed:00:b8:fa:b4:
         ec:26:5d:75:d5:b2:ac:b4:dd:49:78:41:8d:70:2e:69:11:94:
         c5:d9:2f:73:2b:99:6e:4a:b9:a6:0b:b9:95:a5:9a:da:e4:94:
         80:0d:b2:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm9pSk+ytlXN5l46ZrjbtTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjUxMDA3MDc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzQxNDk1NmZmNWJkY2IzNTcwMTUwZDc2OGI3ZGYxZmIzNTc0MjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZ12bx2sDF2VKALGfWkAekWg5TPr
E2XxmCJghVG/SmQpxjcgTN3lVUNbblPb5TdJgrsyeQlylcAA2q0Ygc7tkIOfd6Df
YmeShp9Gce+U8fkQZ7+fepfaE9gCYIw6NZOj8+0w4kbeo3aYOR4+p8btA7Cq+t7c
Il/0/N6ykXIloOOsyztv9CQGbxWnpaugs/hYMK/kQ2LfcX49ffsxbO1o9EBLFt+y
wwTO8mYdC4/laNVFMawb4j9k8i2YgP59QYoVLkXowrDlNibiWwJwuFE3wgXWfJMu
7etP7Xi82KdRe6Jladfiq7zKcRUX7LqqTUdyVtbMPE8lMTjiYUxOJAw9hwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDxBSVb/W9yzVwFQ12i33x+zV0JzMB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvUEVGSlZ2OWIzTE5YQVZEWGFMZmZIN05YUW5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVQujAwQB
VQu2MA0GCSqGSIb3DQEBCwUAA4IBAQAIl5tjg5icdh2MfZ23pvosULDlGSYlCxXk
BgLZWEcBHyuzW7V3PSmqxMdTOy3s73ErkYwigzitj4tc/hLw0lYoQnlHqcinoKKT
Vs9ECrg4T8+w9bI4w2Yp2tPP2r096Is4sQLQnLaxzZG2h1JI8lBlirLdO9dvRwMQ
oFd+Xl/bJgkxUHCGfJ8UOzwpEq8UJua4DTJVKBxGzwpuOg8ifx5UnhEcNSNdPOx7
zTfeigxo4fgglcwALJjbG+hvvUgkZXY6P/lyNfTKJqe4ZVqlfq7ZA2W47QC4+rTs
Jl111bKstN1JeEGNcC5pEZTF2S9zK5luSrmmC7mVpZra5JSADbIB
-----END CERTIFICATE-----