Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/I-6QObHdYgADe1Ozhbza6rJImfo.roa
File:                     I-6QObHdYgADe1Ozhbza6rJImfo.roa (raw, json)
Hash identifier:          lt1dj1yd1VcvHrBIs+csLY45AdfMJIDgVvzWdDc7ovE=
Subject key identifier:   23:EE:90:39:B1:DD:62:00:03:7B:53:B3:85:BC:DA:EA:B2:48:99:FA
Certificate issuer:       /CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
Certificate serial:       0198A866B5F253F443A08E03C53ED7DA99C1
Authority key identifier: 72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/I-6QObHdYgADe1Ozhbza6rJImfo.roa
Signing time:             Thu 14 Aug 2025 11:46:00 +0000
ROA not before:           Thu 14 Aug 2025 11:46:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5405
IP address blocks:        91.247.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:66:b5:f2:53:f4:43:a0:8e:03:c5:3e:d7:da:99:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
        Validity
            Not Before: Aug 14 11:46:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23ee9039b1dd6200037b53b385bcdaeab24899fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3d:85:8c:62:94:00:72:f7:39:a2:ec:fa:0d:
                    3f:ac:6f:e8:99:6d:d2:52:8e:3a:6c:e7:1e:9a:f7:
                    49:4e:97:55:c0:da:86:b4:5f:6a:23:ee:fb:45:ff:
                    64:cc:06:57:b9:b9:78:75:8b:c8:7c:e2:57:d5:1e:
                    28:3b:84:d2:f4:03:95:10:06:81:6a:ae:6d:08:a3:
                    08:32:4b:13:f1:4a:5d:12:d3:ef:2e:3c:48:26:8e:
                    5d:e9:65:22:18:5e:f0:0f:aa:b9:61:f9:88:21:1b:
                    a4:7c:60:c7:bc:90:17:12:a0:d7:65:a4:c4:23:16:
                    91:a0:3a:10:a3:be:90:ef:cb:27:e0:80:71:b5:77:
                    34:69:d5:a5:af:54:4b:4b:77:59:a8:f6:b1:60:71:
                    86:31:62:8d:ec:f3:1a:4f:22:bb:70:6a:af:b6:e5:
                    31:b5:3e:bf:62:cf:28:06:5f:a0:49:f7:cb:05:ef:
                    33:ca:cd:02:c6:d9:99:0f:ce:29:a8:4f:d1:11:25:
                    b7:d0:82:86:10:8c:a8:a6:60:89:55:64:49:af:67:
                    60:50:7c:84:74:bb:77:4f:76:9c:59:46:a1:79:a0:
                    a5:3b:c9:79:65:50:4e:f0:5b:ea:e4:cc:1b:5b:72:
                    17:ad:fc:1f:a5:94:68:6b:0f:5e:ef:72:d7:a5:d8:
                    ee:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:EE:90:39:B1:DD:62:00:03:7B:53:B3:85:BC:DA:EA:B2:48:99:FA
            X509v3 Authority Key Identifier:
                keyid:72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/I-6QObHdYgADe1Ozhbza6rJImfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:55:c7:71:9d:ce:47:c4:7a:8d:56:66:37:eb:16:f5:b7:50:
         30:98:10:9b:1f:a8:d0:44:d1:6d:b0:a7:51:0b:58:08:4a:5e:
         3a:3e:77:a0:fb:fd:c7:0b:21:2e:8c:e8:86:20:69:03:3c:19:
         c2:ec:18:c1:45:b2:82:ad:6e:5c:f6:87:f6:3d:85:7f:95:06:
         bd:c5:99:bc:88:0f:1c:1e:05:9a:63:b4:8d:0b:18:3d:28:34:
         ce:6b:5b:90:02:52:01:85:4e:0a:95:de:c9:42:87:81:fe:39:
         f1:0c:6a:38:29:d0:98:a5:af:fd:85:9e:ef:8c:6a:09:db:0d:
         6a:16:4a:a9:49:62:85:95:54:55:9a:cb:dc:30:64:dd:fe:a4:
         c8:31:b8:36:6e:3d:9c:1a:a4:8a:85:42:de:fa:dd:d5:9b:85:
         df:e8:87:21:61:26:ed:5b:f9:f8:2f:30:56:cf:fd:bb:0c:83:
         21:de:1b:08:7b:66:01:6b:08:c2:d1:1e:aa:a0:78:c4:a1:2c:
         17:42:49:12:f8:69:5d:54:ca:96:75:a5:79:c5:c1:b6:5d:93:
         8b:c2:11:53:d7:48:52:5e:1d:07:fb:87:51:05:6a:ae:3b:c0:
         d1:ee:e2:3b:01:d2:ac:98:37:29:24:1f:a3:62:c1:86:cd:28:
         9f:a3:be:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZioZrXyU/RDoI4DxT7X2pnBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYzI2YWJjOWUwNmMxYWZlZjliNWZkMmRhNDA0MTJlN2Fl
ZTZiNDcwHhcNMjUwODE0MTE0NjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2VlOTAzOWIxZGQ2MjAwMDM3YjUzYjM4NWJjZGFlYWIyNDg5OWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlT2FjGKUAHL3OaLs+g0/rG/omW3S
Uo46bOcemvdJTpdVwNqGtF9qI+77Rf9kzAZXubl4dYvIfOJX1R4oO4TS9AOVEAaB
aq5tCKMIMksT8UpdEtPvLjxIJo5d6WUiGF7wD6q5YfmIIRukfGDHvJAXEqDXZaTE
IxaRoDoQo76Q78sn4IBxtXc0adWlr1RLS3dZqPaxYHGGMWKN7PMaTyK7cGqvtuUx
tT6/Ys8oBl+gSffLBe8zys0CxtmZD84pqE/RESW30IKGEIyopmCJVWRJr2dgUHyE
dLt3T3acWUaheaClO8l5ZVBO8Fvq5MwbW3IXrfwfpZRoaw9e73LXpdjugQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPukDmx3WIAA3tTs4W82uqySJn6MB8GA1UdIwQY
MBaAFHLCaryeBsGv75tf0tpAQS567mtHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMt
Y2Q3ZDYxOTEzMjg4LzEvSS02UU9iSGRZZ0FEZTFPemhiemE2ckpJbWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMtY2Q3ZDYxOTEzMjg4
LzEvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/egMA0G
CSqGSIb3DQEBCwUAA4IBAQAlVcdxnc5HxHqNVmY36xb1t1AwmBCbH6jQRNFtsKdR
C1gISl46Pneg+/3HCyEujOiGIGkDPBnC7BjBRbKCrW5c9of2PYV/lQa9xZm8iA8c
HgWaY7SNCxg9KDTOa1uQAlIBhU4Kld7JQoeB/jnxDGo4KdCYpa/9hZ7vjGoJ2w1q
FkqpSWKFlVRVmsvcMGTd/qTIMbg2bj2cGqSKhULe+t3Vm4Xf6IchYSbtW/n4LzBW
z/27DIMh3hsIe2YBawjC0R6qoHjEoSwXQkkS+GldVMqWdaV5xcG2XZOLwhFT10hS
Xh0H+4dRBWquO8DR7uI7AdKsmDcpJB+jYsGGzSifo75a
-----END CERTIFICATE-----