Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/HFesZYaVTASE4qggPa3frgWEtVo.roa
File:                     HFesZYaVTASE4qggPa3frgWEtVo.roa (raw, json)
Hash identifier:          AA9ZpYjj0gLJY7tkQNgYIArAvVIiGVgoQ7LkVL8bszQ=
Subject key identifier:   1C:57:AC:65:86:95:4C:04:84:E2:A8:20:3D:AD:DF:AE:05:84:B5:5A
Certificate issuer:       /CN=79e24b47f8943cad6e04c9f646cb1077c140fdfb
Certificate serial:       0198D5F1832C181B2977A7931DC1AE384ECB
Authority key identifier: 79:E2:4B:47:F8:94:3C:AD:6E:04:C9:F6:46:CB:10:77:C1:40:FD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/HFesZYaVTASE4qggPa3frgWEtVo.roa
Signing time:             Sat 23 Aug 2025 08:00:31 +0000
ROA not before:           Sat 23 Aug 2025 08:00:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206715
IP address blocks:        2a0c:16c7:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/eeJLR_iUPK1uBMn2RssQd8FA_fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/eeJLR_iUPK1uBMn2RssQd8FA_fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d5:f1:83:2c:18:1b:29:77:a7:93:1d:c1:ae:38:4e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79e24b47f8943cad6e04c9f646cb1077c140fdfb
        Validity
            Not Before: Aug 23 08:00:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c57ac6586954c0484e2a8203daddfae0584b55a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:81:c8:c9:c8:96:4a:ec:dc:f2:8b:c4:fc:51:
                    7c:ce:67:9d:54:c5:08:26:00:71:c5:c4:2f:e4:4d:
                    aa:77:2a:b6:5a:75:8f:31:81:aa:41:e1:d2:73:96:
                    b3:82:e2:f9:82:7b:b4:cc:9c:1b:cb:cc:ab:24:f1:
                    79:1e:82:b6:f1:78:0e:60:92:19:81:04:83:82:dd:
                    c8:ba:4c:fa:d4:96:dd:4c:29:50:e8:28:61:74:cb:
                    a1:b9:c6:00:83:9a:99:9b:58:66:01:62:31:cd:1a:
                    b5:3b:9d:eb:c0:a0:8f:2e:5f:db:6b:83:e1:13:26:
                    e8:39:b8:85:ba:e3:a3:90:e6:c6:bc:75:58:b4:07:
                    6a:99:5a:f7:45:55:09:5d:2c:df:b9:ef:68:82:b4:
                    13:10:18:bb:74:36:15:a5:bc:db:5e:3d:88:fc:d1:
                    4d:1d:0c:08:bc:3c:f1:b2:44:61:32:3e:10:47:1c:
                    73:4d:94:dc:c1:19:bd:91:a1:76:4e:ec:87:cb:16:
                    26:49:d1:27:87:45:b1:bb:e8:b8:2f:ef:0f:98:7e:
                    1b:a4:56:2b:b3:5d:76:1c:b5:13:c4:af:86:c8:cb:
                    d8:01:80:c4:8d:d9:38:b6:70:c9:2b:bf:1a:93:6a:
                    9d:76:e2:77:10:6e:ca:c6:e2:e1:6f:7e:56:dc:5e:
                    a6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:57:AC:65:86:95:4C:04:84:E2:A8:20:3D:AD:DF:AE:05:84:B5:5A
            X509v3 Authority Key Identifier:
                keyid:79:E2:4B:47:F8:94:3C:AD:6E:04:C9:F6:46:CB:10:77:C1:40:FD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/HFesZYaVTASE4qggPa3frgWEtVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/eeJLR_iUPK1uBMn2RssQd8FA_fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:16c7:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:d1:85:61:f5:32:9e:89:ab:81:fc:e2:e6:58:83:e2:6f:f4:
         58:cb:7b:9a:88:6f:d9:cd:16:1d:60:6a:9e:59:5f:87:da:23:
         cd:4f:01:f6:ba:db:90:15:f7:38:93:55:97:a9:7b:35:f7:7c:
         0e:60:bf:b9:8a:b5:09:65:80:06:b7:47:ab:68:44:3d:41:9b:
         ec:31:de:2d:ca:13:ce:73:14:58:e3:df:38:7e:e6:5a:e7:3e:
         15:e2:04:88:cb:e8:02:60:33:db:76:fe:63:59:46:02:f1:58:
         99:f2:4d:41:f8:1d:00:13:9a:42:b8:74:46:5e:d6:df:07:5f:
         fc:5d:fc:7e:54:f4:2f:b6:b9:cd:ce:2a:ae:6c:eb:e5:35:44:
         27:fa:9e:19:be:65:c5:36:dc:bd:f2:62:82:a7:d6:53:b1:86:
         5b:79:b1:73:5f:c1:8f:a8:8a:e1:f9:d7:80:0d:dc:ef:26:7e:
         d9:05:d4:b7:71:20:84:94:11:ea:9d:f0:72:c2:ce:f4:62:e8:
         20:ce:9d:87:3b:f6:5c:50:1b:93:bb:07:f9:d8:f2:cd:82:d4:
         95:77:86:23:c2:28:cf:0d:2d:e1:ce:71:e2:e9:14:e8:c2:9b:
         6f:58:2b:3d:43:5f:64:8a:5b:ad:68:8e:8f:24:34:62:ff:ae:
         da:a9:da:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjV8YMsGBspd6eTHcGuOE7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZTI0YjQ3Zjg5NDNjYWQ2ZTA0YzlmNjQ2Y2IxMDc3YzE0
MGZkZmIwHhcNMjUwODIzMDgwMDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzU3YWM2NTg2OTU0YzA0ODRlMmE4MjAzZGFkZGZhZTA1ODRiNTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIHIyciWSuzc8ovE/FF8zmedVMUI
JgBxxcQv5E2qdyq2WnWPMYGqQeHSc5azguL5gnu0zJwby8yrJPF5HoK28XgOYJIZ
gQSDgt3Iukz61JbdTClQ6ChhdMuhucYAg5qZm1hmAWIxzRq1O53rwKCPLl/ba4Ph
EyboObiFuuOjkObGvHVYtAdqmVr3RVUJXSzfue9ogrQTEBi7dDYVpbzbXj2I/NFN
HQwIvDzxskRhMj4QRxxzTZTcwRm9kaF2TuyHyxYmSdEnh0Wxu+i4L+8PmH4bpFYr
s112HLUTxK+GyMvYAYDEjdk4tnDJK78ak2qdduJ3EG7KxuLhb35W3F6m8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBxXrGWGlUwEhOKoID2t364FhLVaMB8GA1UdIwQY
MBaAFHniS0f4lDytbgTJ9kbLEHfBQP37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWVKTFJfaVVQSzF1Qk1uMlJzc1FkOEZBX2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi81NGE2NWItY2YwYi00OThmLTgwZDQt
YmM1ODRiMzZjYmVmLzEvSEZlc1pZYVZUQVNFNHFnZ1BhM2ZyZ1dFdFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi81NGE2NWItY2YwYi00OThmLTgwZDQtYmM1ODRiMzZjYmVm
LzEvZWVKTFJfaVVQSzF1Qk1uMlJzc1FkOEZBX2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgwWxwAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCV0YVh9TKeiauB/OLmWIPib/RYy3uaiG/ZzRYd
YGqeWV+H2iPNTwH2utuQFfc4k1WXqXs193wOYL+5irUJZYAGt0eraEQ9QZvsMd4t
yhPOcxRY4984fuZa5z4V4gSIy+gCYDPbdv5jWUYC8ViZ8k1B+B0AE5pCuHRGXtbf
B1/8Xfx+VPQvtrnNziqubOvlNUQn+p4ZvmXFNty98mKCp9ZTsYZbebFzX8GPqIrh
+deADdzvJn7ZBdS3cSCElBHqnfByws70Yuggzp2HO/ZcUBuTuwf52PLNgtSVd4Yj
wijPDS3hznHi6RTowptvWCs9Q19kilutaI6PJDRi/67aqdoD
-----END CERTIFICATE-----