Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/kG1QnbiKhR1_tyATAaFEcNwW9fw.roa
File:                     kG1QnbiKhR1_tyATAaFEcNwW9fw.roa (raw, json)
Hash identifier:          dq/cUM8o3KObsN+DIvgVTWLfHsTnIl7FhpJVaY6Naw0=
Subject key identifier:   90:6D:50:9D:B8:8A:85:1D:7F:B7:20:13:01:A1:44:70:DC:16:F5:FC
Certificate issuer:       /CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
Certificate serial:       0199852119CC271074AD34232947F373D77C
Authority key identifier: 54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/kG1QnbiKhR1_tyATAaFEcNwW9fw.roa
Signing time:             Fri 26 Sep 2025 08:26:02 +0000
ROA not before:           Fri 26 Sep 2025 08:26:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        95.85.204.0/22 maxlen: 22
                          95.85.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:21:19:cc:27:10:74:ad:34:23:29:47:f3:73:d7:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
        Validity
            Not Before: Sep 26 08:26:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=906d509db88a851d7fb7201301a14470dc16f5fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:85:31:8c:f5:a1:b4:ee:d9:44:4f:8e:20:22:
                    07:3e:36:46:5d:5c:81:d5:a2:2d:2d:d0:3e:e5:55:
                    5e:01:ec:52:ff:cd:00:68:71:8e:f7:1a:4f:5f:3b:
                    3f:1c:4c:38:ee:ae:b0:51:1d:e0:7e:9a:38:01:17:
                    94:6b:de:33:bb:75:5b:b1:a0:7e:e0:0f:04:8b:18:
                    34:74:1e:ce:71:69:d7:16:7d:f1:96:c4:56:d1:e6:
                    25:5f:20:a4:ee:88:42:a7:ac:78:bd:83:1e:2a:f5:
                    6f:01:34:d3:df:13:f1:9f:f0:20:5a:d2:23:77:48:
                    46:9b:5e:eb:6b:b2:bf:4d:ac:9d:df:ac:5b:44:17:
                    a9:b0:ff:99:aa:be:3e:2f:5d:13:e8:0b:04:83:4c:
                    f8:fb:95:25:60:ef:05:70:70:18:89:d3:6b:99:7e:
                    62:69:62:e1:33:06:8f:3f:a7:cf:35:d8:f2:d5:9f:
                    93:41:ec:62:d4:1f:dc:8c:23:66:2b:9f:38:46:0d:
                    8d:45:46:59:77:bc:be:57:3f:5c:5e:ff:49:08:e5:
                    38:36:a9:e3:88:bf:71:a3:d6:7b:24:28:00:23:8f:
                    61:fd:f8:af:1d:1f:13:03:b9:8f:47:44:7c:d9:18:
                    ca:6b:1d:8f:1f:e8:7f:a4:e7:5d:7b:64:a3:c9:58:
                    e8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:6D:50:9D:B8:8A:85:1D:7F:B7:20:13:01:A1:44:70:DC:16:F5:FC
            X509v3 Authority Key Identifier:
                keyid:54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/kG1QnbiKhR1_tyATAaFEcNwW9fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.85.204.0/22
                  95.85.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:5e:ce:93:11:98:5a:42:65:3b:53:59:cd:c2:f8:f0:56:55:
         26:35:c5:ee:79:de:7b:6f:cc:a3:7f:35:37:3c:a7:ae:47:16:
         ad:d7:c2:d2:f8:08:76:eb:d3:bf:93:ac:ac:83:0b:61:4d:1a:
         b9:ea:8d:5c:8f:3e:5f:cb:a3:61:fc:9e:e9:ef:9c:c3:ef:ec:
         6d:65:9c:5e:ad:69:6f:b6:55:fc:bc:45:d4:b4:2f:0d:00:65:
         6b:79:97:cb:02:9f:98:ca:43:33:92:96:1c:ce:a2:4d:f5:4a:
         dc:9b:8e:43:70:21:27:eb:25:a1:e5:04:a6:e0:64:e1:d5:da:
         21:f3:bf:7d:56:fb:49:0a:dd:ca:d4:5d:be:bd:e7:0b:3a:df:
         ae:29:9d:d2:7d:69:6c:33:f1:14:31:bf:7d:2c:55:7b:9b:c9:
         3b:a4:ba:c7:91:a5:c5:e8:01:87:6c:22:42:31:ff:0c:4c:b9:
         40:cc:42:07:77:18:e0:45:8c:5a:f1:5c:8e:08:78:cf:98:86:
         ef:f7:5f:f9:7a:c6:6d:f8:94:3a:1f:e1:da:6a:d1:25:69:5d:
         97:f8:46:44:85:96:8f:28:f9:b0:85:8f:ca:a7:9f:5d:e2:c2:
         49:cf:f0:da:83:b2:1d:48:8b:28:f3:16:28:be:2e:a8:5c:0a:
         b2:a2:61:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmFIRnMJxB0rTQjKUfzc9d8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YjBiZWM4ZjU4ZGIwY2U1YjkxZjM0NTA1Mjc3ZTQwYmZk
M2FlMTEwHhcNMjUwOTI2MDgyNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDZkNTA5ZGI4OGE4NTFkN2ZiNzIwMTMwMWExNDQ3MGRjMTZmNWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioUxjPWhtO7ZRE+OICIHPjZGXVyB
1aItLdA+5VVeAexS/80AaHGO9xpPXzs/HEw47q6wUR3gfpo4AReUa94zu3VbsaB+
4A8Eixg0dB7OcWnXFn3xlsRW0eYlXyCk7ohCp6x4vYMeKvVvATTT3xPxn/AgWtIj
d0hGm17ra7K/Tayd36xbRBepsP+Zqr4+L10T6AsEg0z4+5UlYO8FcHAYidNrmX5i
aWLhMwaPP6fPNdjy1Z+TQexi1B/cjCNmK584Rg2NRUZZd7y+Vz9cXv9JCOU4Nqnj
iL9xo9Z7JCgAI49h/fivHR8TA7mPR0R82RjKax2PH+h/pOdde2SjyVjoTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJBtUJ24ioUdf7cgEwGhRHDcFvX8MB8GA1UdIwQY
MBaAFFSwvsj1jbDOW5HzRQUnfkC/064RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkxDLXlQV05zTTVia2ZORkJTZC1RTF9UcmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yYWQzNGUtYjFlNS00ZDhjLTk0OGUt
MGY0ZGJiODkwYmQwLzEva0cxUW5iaUtoUjFfdHlBVEFhRkVjTndXOWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yYWQzNGUtYjFlNS00ZDhjLTk0OGUtMGY0ZGJiODkwYmQw
LzEvVkxDLXlQV05zTTVia2ZORkJTZC1RTF9UcmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCX1XMAwQC
X1XUMA0GCSqGSIb3DQEBCwUAA4IBAQC4Xs6TEZhaQmU7U1nNwvjwVlUmNcXued57
b8yjfzU3PKeuRxat18LS+Ah269O/k6ysgwthTRq56o1cjz5fy6Nh/J7p75zD7+xt
ZZxerWlvtlX8vEXUtC8NAGVreZfLAp+YykMzkpYczqJN9Urcm45DcCEn6yWh5QSm
4GTh1doh8799VvtJCt3K1F2+vecLOt+uKZ3SfWlsM/EUMb99LFV7m8k7pLrHkaXF
6AGHbCJCMf8MTLlAzEIHdxjgRYxa8VyOCHjPmIbv91/5esZt+JQ6H+HaatElaV2X
+EZEhZaPKPmwhY/Kp59d4sJJz/Dag7IdSIso8xYovi6oXAqyomEh
-----END CERTIFICATE-----