Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/kcL34WnZYMdN4SVhN2PeVdwWvgo.roa
File:                     kcL34WnZYMdN4SVhN2PeVdwWvgo.roa (raw, json)
Hash identifier:          hEzKI9j+KADlA8KNZpHMbM3OEdQSPR+S9HcqTPPWTXE=
Subject key identifier:   91:C2:F7:E1:69:D9:60:C7:4D:E1:25:61:37:63:DE:55:DC:16:BE:0A
Certificate issuer:       /CN=86d963844f8205d1369434531c998600c15781a1
Certificate serial:       0199ED5781B87A3E6F0AFBAD3613794335AA
Authority key identifier: 86:D9:63:84:4F:82:05:D1:36:94:34:53:1C:99:86:00:C1:57:81:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htljhE-CBdE2lDRTHJmGAMFXgaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/kcL34WnZYMdN4SVhN2PeVdwWvgo.roa
Signing time:             Thu 16 Oct 2025 14:05:59 +0000
ROA not before:           Thu 16 Oct 2025 14:05:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213885
IP address blocks:        188.92.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/htljhE-CBdE2lDRTHJmGAMFXgaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/htljhE-CBdE2lDRTHJmGAMFXgaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htljhE-CBdE2lDRTHJmGAMFXgaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:57:81:b8:7a:3e:6f:0a:fb:ad:36:13:79:43:35:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d963844f8205d1369434531c998600c15781a1
        Validity
            Not Before: Oct 16 14:05:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91c2f7e169d960c74de125613763de55dc16be0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:23:51:8a:11:c9:df:f1:e2:1d:ab:21:6b:f8:
                    23:09:a5:4a:cd:36:59:57:05:4e:97:d7:23:a0:dc:
                    c8:aa:f4:36:53:92:c1:27:1d:fc:0e:3d:38:9b:4e:
                    12:d2:9c:3f:c0:12:28:29:19:be:1a:fa:98:ac:05:
                    2f:47:3a:c3:eb:64:dc:24:13:23:07:f5:1b:37:79:
                    d9:af:3c:42:ac:a9:1e:0f:ad:9d:1d:ad:77:0b:24:
                    10:eb:25:d4:91:76:fa:e3:04:fd:dc:d1:4f:6c:fb:
                    86:fe:75:23:a1:38:b5:28:9d:3b:62:e0:f7:de:21:
                    02:9f:1f:c0:d6:75:cc:8e:9a:9a:a8:94:af:e1:92:
                    fd:f4:64:75:cb:36:5c:c7:35:96:40:bc:9b:4f:12:
                    44:96:78:92:fd:73:be:ae:6d:8d:24:89:c1:fc:53:
                    6d:d0:64:ac:a6:39:24:1e:2a:a4:da:5e:10:74:2e:
                    9c:6e:1f:3a:b5:eb:bb:d3:d2:94:f0:42:f8:85:e9:
                    9b:5a:6b:c5:50:cb:cc:81:3c:d8:1b:a9:1c:fc:ee:
                    cc:8d:bb:20:18:ef:b0:07:95:13:cb:cb:0f:ab:73:
                    35:47:cd:2d:77:d0:18:82:47:72:06:6e:ec:b2:9e:
                    25:9f:0e:ac:ad:73:ee:ce:75:85:dd:f2:3a:5b:90:
                    f0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C2:F7:E1:69:D9:60:C7:4D:E1:25:61:37:63:DE:55:DC:16:BE:0A
            X509v3 Authority Key Identifier:
                keyid:86:D9:63:84:4F:82:05:D1:36:94:34:53:1C:99:86:00:C1:57:81:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htljhE-CBdE2lDRTHJmGAMFXgaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/kcL34WnZYMdN4SVhN2PeVdwWvgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/htljhE-CBdE2lDRTHJmGAMFXgaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:35:b9:fc:a8:4f:d4:1e:a3:35:70:39:4a:b7:dd:02:e8:40:
         c4:f9:85:30:c0:ad:9a:49:f4:66:a3:75:3a:16:d7:e9:f1:cc:
         6f:55:22:9b:f6:d7:00:53:d9:76:0c:1d:c9:5a:19:6e:95:7f:
         cd:af:fc:01:06:cb:27:e0:d2:56:2c:a2:7d:ff:d1:05:45:73:
         f0:0e:80:a2:94:fe:ae:70:e0:cf:a6:a7:e5:a4:13:3f:b8:46:
         3b:b6:5c:0b:0b:ba:d5:4c:0e:42:17:aa:4c:6e:4f:1a:cc:95:
         3c:a9:e1:8b:ca:2b:0a:34:56:e4:cf:2b:c0:bf:10:d2:70:cc:
         64:a2:18:a6:6d:cf:fa:5b:e4:f9:26:8f:33:14:fe:d9:68:b5:
         ed:b8:5c:0f:6c:cb:5c:ad:58:3f:f0:ea:bc:52:17:a4:68:af:
         d2:9f:25:da:bf:f6:1c:ef:a3:d1:7d:f4:9a:da:69:c1:87:10:
         60:a1:ac:e5:be:56:56:66:f7:0a:d8:db:a4:0a:81:fd:6e:09:
         ce:ba:8e:e9:d8:95:8f:d0:1a:fe:e3:1b:8a:3c:02:15:07:ae:
         56:9b:69:d1:6d:73:cd:46:ee:3a:3d:fa:8c:08:ef:f6:be:34:
         2f:91:93:6d:4e:94:72:55:a3:2d:99:71:6f:e4:31:11:3a:41:
         46:73:bb:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZntV4G4ej5vCvutNhN5QzWqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDk2Mzg0NGY4MjA1ZDEzNjk0MzQ1MzFjOTk4NjAwYzE1
NzgxYTEwHhcNMjUxMDE2MTQwNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWMyZjdlMTY5ZDk2MGM3NGRlMTI1NjEzNzYzZGU1NWRjMTZiZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyNRihHJ3/HiHasha/gjCaVKzTZZ
VwVOl9cjoNzIqvQ2U5LBJx38Dj04m04S0pw/wBIoKRm+GvqYrAUvRzrD62TcJBMj
B/UbN3nZrzxCrKkeD62dHa13CyQQ6yXUkXb64wT93NFPbPuG/nUjoTi1KJ07YuD3
3iECnx/A1nXMjpqaqJSv4ZL99GR1yzZcxzWWQLybTxJElniS/XO+rm2NJInB/FNt
0GSspjkkHiqk2l4QdC6cbh86teu709KU8EL4hembWmvFUMvMgTzYG6kc/O7Mjbsg
GO+wB5UTy8sPq3M1R80td9AYgkdyBm7ssp4lnw6srXPuznWF3fI6W5DwSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHC9+Fp2WDHTeElYTdj3lXcFr4KMB8GA1UdIwQY
MBaAFIbZY4RPggXRNpQ0UxyZhgDBV4GhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRsamhFLUNCZEUybERSVEhKbUdBTUZYZ2FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9hMjg5ZWItNDVjZS00NjE4LTg1N2Yt
NzgxODlkMDE1Mjg2LzEva2NMMzRXblpZTWRONFNWaE4yUGVWZHdXdmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9hMjg5ZWItNDVjZS00NjE4LTg1N2YtNzgxODlkMDE1Mjg2
LzEvaHRsamhFLUNCZEUybERSVEhKbUdBTUZYZ2FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFwFMA0G
CSqGSIb3DQEBCwUAA4IBAQBzNbn8qE/UHqM1cDlKt90C6EDE+YUwwK2aSfRmo3U6
Ftfp8cxvVSKb9tcAU9l2DB3JWhlulX/Nr/wBBssn4NJWLKJ9/9EFRXPwDoCilP6u
cODPpqflpBM/uEY7tlwLC7rVTA5CF6pMbk8azJU8qeGLyisKNFbkzyvAvxDScMxk
ohimbc/6W+T5Jo8zFP7ZaLXtuFwPbMtcrVg/8Oq8UhekaK/SnyXav/Yc76PRffSa
2mnBhxBgoazlvlZWZvcK2NukCoH9bgnOuo7p2JWP0Br+4xuKPAIVB65Wm2nRbXPN
Ru46PfqMCO/2vjQvkZNtTpRyVaMtmXFv5DEROkFGc7tf
-----END CERTIFICATE-----