Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/iqm5dnyv2tCqjGmAeRJAZnsrEw0.roa
File:                     iqm5dnyv2tCqjGmAeRJAZnsrEw0.roa (raw, json)
Hash identifier:          C14X6O6hxGadgmM+0Lp6Hc8Hbtwtkup1OvfjkKOlWy4=
Subject key identifier:   8A:A9:B9:76:7C:AF:DA:D0:AA:8C:69:80:79:12:40:66:7B:2B:13:0D
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       0199BE6424D077BF3A2BB465E34A1F01A17A
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/iqm5dnyv2tCqjGmAeRJAZnsrEw0.roa
Signing time:             Tue 07 Oct 2025 11:17:38 +0000
ROA not before:           Tue 07 Oct 2025 11:17:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45018
IP address blocks:        193.232.137.0/24 maxlen: 24
                          2001:67c:1441::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:64:24:d0:77:bf:3a:2b:b4:65:e3:4a:1f:01:a1:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Oct  7 11:17:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8aa9b9767cafdad0aa8c6980791240667b2b130d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ca:94:fe:63:ac:2b:16:79:11:49:88:3a:3f:
                    76:43:bd:67:74:06:35:47:4e:75:32:49:90:a3:ea:
                    e9:5f:a0:6d:dc:df:05:c8:ec:74:14:66:1b:c2:52:
                    0f:c8:ea:31:bf:27:81:71:73:6e:b2:bf:c4:85:de:
                    de:0d:16:e3:12:9a:93:37:35:4c:1d:8d:73:04:6f:
                    e1:f2:48:7e:60:01:4d:ad:1c:36:74:64:cd:a7:08:
                    07:0e:30:a9:cc:73:f7:3b:e3:e5:a3:44:c3:09:f3:
                    b6:b5:b6:59:c1:9a:e5:43:4d:34:1d:89:02:17:b1:
                    b6:20:76:d5:e1:39:5d:78:4e:07:0b:29:a5:2e:fa:
                    9a:e8:d7:25:1c:22:89:bc:f8:5f:c0:f3:f0:d2:74:
                    2d:22:bb:78:54:d7:32:8d:e5:20:7f:2b:75:9d:38:
                    18:f1:0a:ff:a7:f9:43:65:00:2f:b8:86:62:6c:67:
                    48:9e:9d:8f:ad:42:ed:de:e5:66:90:38:75:9c:39:
                    39:ef:ed:c7:53:58:76:83:fe:1f:aa:e0:af:a1:a8:
                    f4:b9:2c:87:88:08:da:d6:57:f7:3a:8c:c2:5a:f7:
                    e7:da:3b:8d:e9:13:17:eb:a3:83:8e:9e:d2:fe:8a:
                    8a:a5:bc:cc:9d:6c:e9:46:82:76:79:51:10:90:91:
                    21:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:A9:B9:76:7C:AF:DA:D0:AA:8C:69:80:79:12:40:66:7B:2B:13:0D
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/iqm5dnyv2tCqjGmAeRJAZnsrEw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.137.0/24
                IPv6:
                  2001:67c:1441::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:cd:6e:b7:bf:e4:bd:ee:ae:1b:4c:66:96:bb:a8:ae:b8:6c:
         2f:9a:42:76:a2:ac:94:df:fb:d2:d4:56:2b:a0:ec:54:07:94:
         ec:d4:9e:d5:42:92:14:a8:9d:21:41:8f:86:37:2d:5f:ca:d9:
         34:5f:8e:42:35:c4:71:88:f4:5b:c7:0d:fb:0d:57:df:8f:64:
         8e:b7:72:80:ea:9d:85:10:cd:cf:02:bf:ba:bb:4b:20:c2:b7:
         5f:91:5e:89:74:22:37:c4:8d:71:f5:0f:88:de:74:fa:d4:a7:
         c2:72:15:49:fd:53:dc:c8:f6:61:bb:25:27:ab:a0:48:b7:50:
         ef:fe:38:10:d2:42:06:a2:80:89:1e:e8:46:b0:fd:00:4e:92:
         d1:29:0d:35:6b:33:30:7b:dd:0f:6c:e1:d1:82:35:2b:19:6a:
         72:be:b2:8e:13:ab:72:b4:20:43:84:93:5c:52:36:14:db:25:
         2d:3c:8c:d9:0c:3d:31:96:33:cd:74:fc:84:d6:04:6f:25:34:
         1a:4f:72:11:6c:f5:44:f5:fd:17:2d:e9:5b:06:ac:65:21:ee:
         ec:34:91:35:35:81:2c:bb:97:cf:59:80:68:9f:55:9b:d1:0d:
         4a:e3:ec:18:d8:b0:5e:29:03:14:a7:dd:e2:22:67:37:88:ec:
         02:74:d3:cd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZm+ZCTQd786K7Rl40ofAaF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjUxMDA3MTExNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWE5Yjk3NjdjYWZkYWQwYWE4YzY5ODA3OTEyNDA2NjdiMmIxMzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsqU/mOsKxZ5EUmIOj92Q71ndAY1
R051MkmQo+rpX6Bt3N8FyOx0FGYbwlIPyOoxvyeBcXNusr/Ehd7eDRbjEpqTNzVM
HY1zBG/h8kh+YAFNrRw2dGTNpwgHDjCpzHP3O+Plo0TDCfO2tbZZwZrlQ000HYkC
F7G2IHbV4TldeE4HCymlLvqa6NclHCKJvPhfwPPw0nQtIrt4VNcyjeUgfyt1nTgY
8Qr/p/lDZQAvuIZibGdInp2PrULt3uVmkDh1nDk57+3HU1h2g/4fquCvoaj0uSyH
iAja1lf3OozCWvfn2juN6RMX66ODjp7S/oqKpbzMnWzpRoJ2eVEQkJEhCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIqpuXZ8r9rQqoxpgHkSQGZ7KxMNMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvaXFtNWRueXYydENxakdtQWVSSkFabnNyRXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAweiJMA8E
AgACMAkDBwAgAQZ8FEEwDQYJKoZIhvcNAQELBQADggEBAMnNbre/5L3urhtMZpa7
qK64bC+aQnairJTf+9LUViug7FQHlOzUntVCkhSonSFBj4Y3LV/K2TRfjkI1xHGI
9FvHDfsNV9+PZI63coDqnYUQzc8Cv7q7SyDCt1+RXol0IjfEjXH1D4jedPrUp8Jy
FUn9U9zI9mG7JSeroEi3UO/+OBDSQgaigIke6Eaw/QBOktEpDTVrMzB73Q9s4dGC
NSsZanK+so4Tq3K0IEOEk1xSNhTbJS08jNkMPTGWM810/ITWBG8lNBpPchFs9UT1
/Rct6VsGrGUh7uw0kTU1gSy7l89ZgGifVZvRDUrj7BjYsF4pAxSn3eIiZzeI7AJ0
080=
-----END CERTIFICATE-----