Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/y5BSzI0SEl0WwCaFLNnPQbvQTjQ.roa
File:                     y5BSzI0SEl0WwCaFLNnPQbvQTjQ.roa (raw, json)
Hash identifier:          mk+KdhxBCYPQJSDsHooyQmnc+ah1fORhuWLZRsxwYK4=
Subject key identifier:   CB:90:52:CC:8D:12:12:5D:16:C0:26:85:2C:D9:CF:41:BB:D0:4E:34
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0199FC7BD9C597128C5D22137C48CC0817F8
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/y5BSzI0SEl0WwCaFLNnPQbvQTjQ.roa
Signing time:             Sun 19 Oct 2025 12:39:59 +0000
ROA not before:           Sun 19 Oct 2025 12:39:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216078
IP address blocks:        178.211.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fc:7b:d9:c5:97:12:8c:5d:22:13:7c:48:cc:08:17:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Oct 19 12:39:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb9052cc8d12125d16c026852cd9cf41bbd04e34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:0a:71:db:13:23:b2:15:16:b1:bb:6a:4b:f3:
                    06:e2:03:74:5d:81:81:2f:72:f0:8d:91:09:95:69:
                    4d:55:dc:07:4c:6c:f1:35:1a:a1:d8:c9:ff:07:05:
                    a3:ab:ae:75:76:28:3a:13:68:05:7e:90:49:34:fb:
                    98:39:77:4f:08:aa:e5:97:00:f6:b1:45:fc:83:9c:
                    be:6f:18:c1:10:44:ab:31:f7:34:8d:30:78:7f:d3:
                    6d:bf:51:12:b6:86:a6:54:95:25:1f:ca:5e:76:f1:
                    cd:d3:19:79:8c:66:5f:be:32:bd:e9:95:dd:f5:3f:
                    ad:62:3d:4c:24:a3:8d:06:3f:da:08:0f:79:ff:a9:
                    5f:6a:bd:67:c5:b5:e2:a3:02:e3:c1:f6:f9:d6:ae:
                    4b:4a:e9:02:14:c6:e1:5f:3f:f6:da:68:e0:75:ce:
                    9e:0b:20:7b:52:bf:c0:1a:6b:00:cc:8d:31:86:ac:
                    62:c9:9d:da:c3:71:d4:32:5b:8f:20:be:98:58:d8:
                    0f:58:4b:21:c1:a3:29:76:1a:20:a2:b2:5a:e7:2d:
                    6a:bc:fd:ca:b0:b3:ae:e6:08:42:ff:0c:37:03:20:
                    c9:78:32:29:b8:fb:d3:77:60:2f:38:de:bd:2d:a1:
                    17:1a:1f:b0:bd:d1:3c:60:df:2a:57:c9:58:06:2a:
                    16:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:90:52:CC:8D:12:12:5D:16:C0:26:85:2C:D9:CF:41:BB:D0:4E:34
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/y5BSzI0SEl0WwCaFLNnPQbvQTjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:d1:95:52:6f:0c:9f:eb:19:56:be:fd:ab:39:6e:db:28:2f:
         79:1e:a0:c0:3b:a5:f4:dd:97:71:96:b3:51:7a:c0:85:59:cc:
         5a:ba:82:ee:e5:11:a9:94:eb:cc:8f:03:fd:4b:6c:0d:4e:13:
         af:8e:94:53:4c:b5:81:6f:1f:91:20:36:4c:71:ab:2b:94:c8:
         ef:20:8f:83:fb:90:38:f3:c6:41:25:ce:c5:f6:ec:0f:49:be:
         31:6d:24:51:ae:2e:4e:ca:77:14:b6:ac:a8:ee:61:68:56:53:
         2f:66:7a:4d:ad:c9:9b:82:46:8c:af:0f:50:d4:11:1b:15:79:
         9b:9b:27:c0:6d:9d:74:f7:6f:b9:41:b8:88:91:8c:12:39:e2:
         5b:d9:3a:12:55:a7:65:4a:cb:d6:a3:6f:13:c5:2b:46:29:98:
         2a:5f:30:29:6f:e7:c9:98:94:f1:24:f3:d5:77:b5:7e:4d:20:
         e3:15:98:d6:de:fc:a5:6b:3f:32:8b:54:7c:b0:69:61:75:24:
         ad:24:59:16:5d:59:21:48:de:6a:a1:db:12:98:a8:a2:e4:c0:
         e8:dc:fc:02:9c:c3:9c:6b:63:ef:51:f4:32:6f:93:29:e8:6f:
         db:47:83:37:06:d3:12:de:26:40:3b:35:eb:47:fe:bd:3f:ad:
         19:f8:ed:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn8e9nFlxKMXSITfEjMCBf4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUxMDE5MTIzOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjkwNTJjYzhkMTIxMjVkMTZjMDI2ODUyY2Q5Y2Y0MWJiZDA0ZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgpx2xMjshUWsbtqS/MG4gN0XYGB
L3LwjZEJlWlNVdwHTGzxNRqh2Mn/BwWjq651dig6E2gFfpBJNPuYOXdPCKrllwD2
sUX8g5y+bxjBEESrMfc0jTB4f9Ntv1EStoamVJUlH8pedvHN0xl5jGZfvjK96ZXd
9T+tYj1MJKONBj/aCA95/6lfar1nxbXiowLjwfb51q5LSukCFMbhXz/22mjgdc6e
CyB7Ur/AGmsAzI0xhqxiyZ3aw3HUMluPIL6YWNgPWEshwaMpdhogorJa5y1qvP3K
sLOu5ghC/ww3AyDJeDIpuPvTd2AvON69LaEXGh+wvdE8YN8qV8lYBioWxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuQUsyNEhJdFsAmhSzZz0G70E40MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEveTVCU3pJMFNFbDBXd0NhRkxOblBRYnZRVGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOfMA0G
CSqGSIb3DQEBCwUAA4IBAQAv0ZVSbwyf6xlWvv2rOW7bKC95HqDAO6X03ZdxlrNR
esCFWcxauoLu5RGplOvMjwP9S2wNThOvjpRTTLWBbx+RIDZMcasrlMjvII+D+5A4
88ZBJc7F9uwPSb4xbSRRri5OyncUtqyo7mFoVlMvZnpNrcmbgkaMrw9Q1BEbFXmb
myfAbZ1092+5QbiIkYwSOeJb2ToSVadlSsvWo28TxStGKZgqXzApb+fJmJTxJPPV
d7V+TSDjFZjW3vylaz8yi1R8sGlhdSStJFkWXVkhSN5qodsSmKii5MDo3PwCnMOc
a2PvUfQyb5Mp6G/bR4M3BtMS3iZAOzXrR/69P60Z+O1t
-----END CERTIFICATE-----