Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/pXxsBisXQ1SpOcHjzrEowa0sP0U.roa
File:                     pXxsBisXQ1SpOcHjzrEowa0sP0U.roa (raw, json)
Hash identifier:          iZV0JcyZ99jExhx8xmBFdBq0AZ1cslccwHSxChGVyWE=
Subject key identifier:   A5:7C:6C:06:2B:17:43:54:A9:39:C1:E3:CE:B1:28:C1:AD:2C:3F:45
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       0199BE72CABF7CB34934329D576AA70EEB0A
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/pXxsBisXQ1SpOcHjzrEowa0sP0U.roa
Signing time:             Tue 07 Oct 2025 11:33:38 +0000
ROA not before:           Tue 07 Oct 2025 11:33:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42728
IP address blocks:        193.232.231.0/24 maxlen: 24
                          2001:67c:1212::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:72:ca:bf:7c:b3:49:34:32:9d:57:6a:a7:0e:eb:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Oct  7 11:33:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a57c6c062b174354a939c1e3ceb128c1ad2c3f45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9b:a4:84:d6:62:57:60:ca:f4:13:c6:b8:d7:
                    69:d6:87:4e:22:cb:84:16:f2:f9:3a:b9:46:6e:de:
                    50:e9:7d:c7:b4:29:4b:70:03:ef:40:17:d5:5f:a9:
                    07:9a:d6:cb:74:43:cd:50:6f:6a:75:8d:c5:c2:bd:
                    35:d7:f6:d6:7c:88:4f:0e:77:55:b0:59:19:8d:b2:
                    0c:c8:64:95:54:88:87:80:50:85:78:77:fa:98:f2:
                    81:2c:ae:e7:da:0a:f6:24:d6:25:9f:87:bf:04:1c:
                    b7:b3:04:e1:8f:ad:dc:e1:44:58:38:db:ce:50:40:
                    f1:8b:57:90:7d:99:32:31:98:8a:1f:0c:11:ab:7e:
                    0a:ff:73:18:3a:80:ff:4f:0f:c8:fa:03:9e:da:6a:
                    7a:b3:e1:68:8a:20:62:86:52:7f:cc:9a:13:58:b5:
                    d6:93:12:7b:d9:6a:48:a9:5a:9b:03:a7:d7:d2:40:
                    f0:5f:83:64:7f:e6:ef:9a:9c:6c:f0:e4:2a:a0:4e:
                    0c:f6:63:b3:60:68:67:d2:9f:a2:ba:a1:57:04:83:
                    3b:e8:35:2b:2f:f9:1b:75:db:6b:c7:fe:99:f5:89:
                    71:60:47:13:99:2d:9e:57:0c:6e:ba:6b:21:88:2a:
                    ce:5e:90:59:04:0d:e5:c8:4a:44:b0:1a:57:93:6d:
                    4a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:7C:6C:06:2B:17:43:54:A9:39:C1:E3:CE:B1:28:C1:AD:2C:3F:45
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/pXxsBisXQ1SpOcHjzrEowa0sP0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.231.0/24
                IPv6:
                  2001:67c:1212::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:36:e4:51:0d:90:09:4e:11:4e:b1:5e:a5:ae:f4:a6:3a:8d:
         84:a5:d2:c9:b8:da:56:7d:13:4e:72:4a:e8:6f:3b:9e:4a:2e:
         ac:c4:f8:20:d7:74:fb:e6:d9:d5:e3:ba:49:c3:3a:90:c5:d8:
         fb:33:68:ed:37:23:b1:8f:6c:b9:c5:fb:3b:25:20:bc:14:bc:
         0f:0d:90:87:9c:f8:6f:1f:2f:1c:fb:07:08:59:50:86:dd:c4:
         69:ac:03:2a:ab:5a:de:64:6f:90:17:2d:00:2b:d9:45:d5:30:
         82:51:83:96:e8:f2:46:e9:3a:e4:8a:e0:70:3b:90:94:02:84:
         91:a9:d4:39:f6:b2:69:b0:dc:e9:4e:1a:50:80:e3:c5:d9:e8:
         e8:46:d2:2e:29:d5:93:db:64:c7:58:2a:a4:32:88:25:9d:06:
         95:b2:fe:40:91:0b:ce:0a:c0:e6:f0:55:95:69:38:37:35:9f:
         ae:ed:7d:11:af:a7:70:c5:44:bd:46:49:9c:74:52:c1:70:54:
         56:58:a2:97:38:77:b0:d2:5c:23:21:91:04:b8:5a:c3:ce:75:
         cc:c4:87:3b:c3:19:7b:de:df:69:d4:a3:20:4f:c7:bf:f0:8f:
         d4:9b:d5:8e:8a:1c:b6:74:8e:e2:15:76:3a:1b:8f:a0:96:be:
         32:f1:91:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZm+csq/fLNJNDKdV2qnDusKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjUxMDA3MTEzMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTdjNmMwNjJiMTc0MzU0YTkzOWMxZTNjZWIxMjhjMWFkMmMzZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJukhNZiV2DK9BPGuNdp1odOIsuE
FvL5OrlGbt5Q6X3HtClLcAPvQBfVX6kHmtbLdEPNUG9qdY3Fwr011/bWfIhPDndV
sFkZjbIMyGSVVIiHgFCFeHf6mPKBLK7n2gr2JNYln4e/BBy3swThj63c4URYONvO
UEDxi1eQfZkyMZiKHwwRq34K/3MYOoD/Tw/I+gOe2mp6s+FoiiBihlJ/zJoTWLXW
kxJ72WpIqVqbA6fX0kDwX4Nkf+bvmpxs8OQqoE4M9mOzYGhn0p+iuqFXBIM76DUr
L/kbddtrx/6Z9YlxYEcTmS2eVwxuumshiCrOXpBZBA3lyEpEsBpXk21KGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKV8bAYrF0NUqTnB486xKMGtLD9FMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvcFh4c0Jpc1hRMVNwT2NIanpyRW93YTBzUDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwejnMA8E
AgACMAkDBwAgAQZ8EhIwDQYJKoZIhvcNAQELBQADggEBAH825FENkAlOEU6xXqWu
9KY6jYSl0sm42lZ9E05ySuhvO55KLqzE+CDXdPvm2dXjuknDOpDF2PszaO03I7GP
bLnF+zslILwUvA8NkIec+G8fLxz7BwhZUIbdxGmsAyqrWt5kb5AXLQAr2UXVMIJR
g5bo8kbpOuSK4HA7kJQChJGp1Dn2smmw3OlOGlCA48XZ6OhG0i4p1ZPbZMdYKqQy
iCWdBpWy/kCRC84KwObwVZVpODc1n67tfRGvp3DFRL1GSZx0UsFwVFZYopc4d7DS
XCMhkQS4WsPOdczEhzvDGXve32nUoyBPx7/wj9Sb1Y6KHLZ0juIVdjobj6CWvjLx
kTw=
-----END CERTIFICATE-----