Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/69DdI940Yh4oMejHIlOAybu5hGs.roa
File:                     69DdI940Yh4oMejHIlOAybu5hGs.roa (raw, json)
Hash identifier:          oNe0WU8knWo/mXYKX1G8NRoFBB3BCMhioapXHf+HLEg=
Subject key identifier:   EB:D0:DD:23:DE:34:62:1E:28:31:E8:C7:22:53:80:C9:BB:B9:84:6B
Certificate issuer:       /CN=d38579e4c7da01df0465186236e9af27eb7312ed
Certificate serial:       01996DF20D23DB59C20F3553F79105223340
Authority key identifier: D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/69DdI940Yh4oMejHIlOAybu5hGs.roa
Signing time:             Sun 21 Sep 2025 20:23:23 +0000
ROA not before:           Sun 21 Sep 2025 20:23:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29469
IP address blocks:        178.216.12.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 08:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6d:f2:0d:23:db:59:c2:0f:35:53:f7:91:05:22:33:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d38579e4c7da01df0465186236e9af27eb7312ed
        Validity
            Not Before: Sep 21 20:23:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebd0dd23de34621e2831e8c7225380c9bbb9846b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:f0:6d:85:f5:2e:33:61:71:67:06:5c:ad:f0:
                    6a:4e:19:4f:00:26:ee:ab:7c:6e:5a:b8:88:07:33:
                    d5:34:19:7e:79:63:0f:af:24:67:56:0f:6c:ed:93:
                    d5:53:c3:67:11:ab:a6:26:79:8d:a0:7a:93:7f:6f:
                    fb:9e:0e:1b:47:78:83:31:43:e5:7f:85:3a:d3:ee:
                    3c:6d:33:78:d7:bb:71:16:e0:a1:ec:a6:29:71:13:
                    dc:15:f9:e3:94:c0:52:d4:e0:60:4e:2e:da:63:0d:
                    79:58:6e:82:72:e0:7a:c7:08:80:37:30:91:ea:2f:
                    5d:f7:be:76:35:f7:ce:a0:7e:ab:13:ff:ba:b3:9f:
                    33:0d:6f:4b:68:6c:7c:79:a1:4b:a6:83:f8:b1:2a:
                    c1:e0:0b:52:f0:1d:24:af:b1:3c:9b:04:b0:5e:05:
                    98:69:07:6e:82:e1:5f:50:b9:5e:fa:51:a4:37:19:
                    d7:60:35:c9:c5:21:31:3b:10:e4:d1:42:2d:d9:3b:
                    c9:bd:7a:d9:f8:4e:a3:5d:9a:46:43:70:bd:a9:19:
                    55:b2:c6:ff:d6:12:3e:07:66:18:75:5b:c1:8e:7e:
                    40:09:39:ee:f5:e8:3f:67:cb:f0:bf:8d:ee:75:1f:
                    b2:80:5b:4a:43:6c:12:54:8c:a4:8e:b9:4e:36:e3:
                    f8:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:D0:DD:23:DE:34:62:1E:28:31:E8:C7:22:53:80:C9:BB:B9:84:6B
            X509v3 Authority Key Identifier:
                keyid:D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/69DdI940Yh4oMejHIlOAybu5hGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.216.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:66:88:2e:6b:dc:73:5b:b9:c1:98:2e:7a:67:24:f9:67:ed:
         e1:76:b3:66:d9:af:77:11:73:d4:35:39:bd:29:98:70:91:c4:
         2d:0f:ff:ae:c8:66:cf:a8:56:bf:49:a2:92:76:ab:9f:69:c1:
         9d:93:d8:e3:0b:1d:47:c9:ca:74:ba:69:1e:c0:bb:13:a6:77:
         cc:c5:81:4a:83:c4:22:4c:f6:09:83:c5:23:a1:4c:70:ce:1f:
         a8:4c:85:92:7a:ee:6d:f3:25:23:20:ba:a9:93:5a:a8:51:ef:
         5f:89:bb:ae:ee:5b:2e:95:8f:a7:96:8a:ee:3e:71:94:8d:73:
         85:29:19:b1:f2:22:0a:3f:e0:47:0f:fc:fa:e3:c9:c6:3d:64:
         b4:e8:fe:36:02:8e:32:2f:9b:ae:e9:8b:b8:58:f1:79:2a:1b:
         4a:e4:99:a2:3f:c5:ed:95:af:f2:aa:d2:bd:3b:0c:47:c6:cb:
         e3:d9:37:b3:31:ad:af:ff:96:6c:bb:61:76:93:f3:39:b6:b9:
         63:e6:26:09:dd:9a:a5:ae:a9:60:97:84:a3:a2:bb:91:b6:7a:
         1e:22:be:eb:bb:a5:be:f9:69:79:e1:44:75:0d:88:81:32:4e:
         04:c1:b7:30:9f:24:4c:6a:b6:1c:9d:f2:09:8b:9d:b3:bf:d7:
         67:9b:a1:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlt8g0j21nCDzVT95EFIjNAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzODU3OWU0YzdkYTAxZGYwNDY1MTg2MjM2ZTlhZjI3ZWI3
MzEyZWQwHhcNMjUwOTIxMjAyMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmQwZGQyM2RlMzQ2MjFlMjgzMWU4YzcyMjUzODBjOWJiYjk4NDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vBthfUuM2FxZwZcrfBqThlPACbu
q3xuWriIBzPVNBl+eWMPryRnVg9s7ZPVU8NnEaumJnmNoHqTf2/7ng4bR3iDMUPl
f4U60+48bTN417txFuCh7KYpcRPcFfnjlMBS1OBgTi7aYw15WG6CcuB6xwiANzCR
6i9d9752NffOoH6rE/+6s58zDW9LaGx8eaFLpoP4sSrB4AtS8B0kr7E8mwSwXgWY
aQduguFfULle+lGkNxnXYDXJxSExOxDk0UIt2TvJvXrZ+E6jXZpGQ3C9qRlVssb/
1hI+B2YYdVvBjn5ACTnu9eg/Z8vwv43udR+ygFtKQ2wSVIykjrlONuP4JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvQ3SPeNGIeKDHoxyJTgMm7uYRrMB8GA1UdIwQY
MBaAFNOFeeTH2gHfBGUYYjbpryfrcxLtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTkt
YmQ0MDU0MTliMDBkLzEvNjlEZEk5NDBZaDRvTWVqSElsT0F5YnU1aEdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTktYmQ0MDU0MTliMDBk
LzEvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBstgMMA0G
CSqGSIb3DQEBCwUAA4IBAQAOZogua9xzW7nBmC56ZyT5Z+3hdrNm2a93EXPUNTm9
KZhwkcQtD/+uyGbPqFa/SaKSdqufacGdk9jjCx1Hycp0umkewLsTpnfMxYFKg8Qi
TPYJg8UjoUxwzh+oTIWSeu5t8yUjILqpk1qoUe9fibuu7lsulY+nloruPnGUjXOF
KRmx8iIKP+BHD/z648nGPWS06P42Ao4yL5uu6Yu4WPF5KhtK5JmiP8Xtla/yqtK9
OwxHxsvj2TezMa2v/5Zsu2F2k/M5trlj5iYJ3Zqlrqlgl4SjoruRtnoeIr7ru6W+
+Wl54UR1DYiBMk4EwbcwnyRMarYcnfIJi52zv9dnm6Gq
-----END CERTIFICATE-----