Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/92656f-eb32-402a-a331-2336cdb9ba9f/1/D22ywRwvNb9l3Ejn0IhkTIbbqtw.roa
File:                     D22ywRwvNb9l3Ejn0IhkTIbbqtw.roa (raw, json)
Hash identifier:          MXQ5UIAvuNHHez6ImEjyKvenCI0hemAJDRUs3ItPy8E=
Subject key identifier:   0F:6D:B2:C1:1C:2F:35:BF:65:DC:48:E7:D0:88:64:4C:86:DB:AA:DC
Certificate issuer:       /CN=8569f2100c2fc454ad07adec796b9e6f6366f071
Certificate serial:       0199408E0DB4AA85C87694A639AE18A222BF
Authority key identifier: 85:69:F2:10:0C:2F:C4:54:AD:07:AD:EC:79:6B:9E:6F:63:66:F0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hWnyEAwvxFStB63seWueb2Nm8HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/92656f-eb32-402a-a331-2336cdb9ba9f/1/D22ywRwvNb9l3Ejn0IhkTIbbqtw.roa
Signing time:             Sat 13 Sep 2025 00:51:15 +0000
ROA not before:           Sat 13 Sep 2025 00:51:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35197
IP address blocks:        89.187.216.0/21 maxlen: 21
                          185.176.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/92656f-eb32-402a-a331-2336cdb9ba9f/1/hWnyEAwvxFStB63seWueb2Nm8HE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/92656f-eb32-402a-a331-2336cdb9ba9f/1/hWnyEAwvxFStB63seWueb2Nm8HE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hWnyEAwvxFStB63seWueb2Nm8HE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:40:8e:0d:b4:aa:85:c8:76:94:a6:39:ae:18:a2:22:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8569f2100c2fc454ad07adec796b9e6f6366f071
        Validity
            Not Before: Sep 13 00:51:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f6db2c11c2f35bf65dc48e7d088644c86dbaadc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c8:0d:b8:f1:2f:de:3c:0c:3c:7f:b7:6e:76:
                    5a:a7:1d:48:85:8f:43:43:8c:9d:bd:a9:0f:02:4c:
                    19:cd:88:84:d9:65:4c:3b:1b:a6:03:c1:50:38:3a:
                    49:8a:f8:23:44:85:e0:1a:77:df:ca:1b:0e:a3:cb:
                    7a:a0:4d:1a:b5:fd:75:c3:e5:9d:e7:c6:92:6d:e9:
                    85:21:47:9b:47:98:be:2b:e3:ea:1d:6d:9c:0b:ad:
                    58:64:23:14:fc:23:ef:b9:87:fd:a3:82:e6:59:95:
                    fd:27:50:c9:41:c2:de:10:ec:a0:e8:41:f9:07:92:
                    69:64:0d:a8:26:f1:ec:c1:57:30:bc:7e:d2:0e:df:
                    58:db:6d:c0:79:35:98:a9:d9:23:73:d7:07:97:b3:
                    57:46:97:b7:5a:e0:28:7b:8a:ad:54:cc:88:82:35:
                    d0:0a:db:e2:3c:89:51:de:95:fa:e3:54:f2:81:41:
                    22:26:e7:ca:c2:b8:df:05:23:f6:33:36:3f:07:7d:
                    f0:0d:0d:cc:8e:79:0c:17:31:ac:ca:5b:c4:8c:3e:
                    3d:a5:26:8e:21:3d:7d:77:45:d2:01:ee:69:66:e3:
                    a9:62:5c:83:c4:5d:b8:34:84:52:0d:11:16:1d:ba:
                    cf:b4:fc:93:48:c3:0a:d2:06:47:eb:87:19:71:37:
                    a2:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:6D:B2:C1:1C:2F:35:BF:65:DC:48:E7:D0:88:64:4C:86:DB:AA:DC
            X509v3 Authority Key Identifier:
                keyid:85:69:F2:10:0C:2F:C4:54:AD:07:AD:EC:79:6B:9E:6F:63:66:F0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hWnyEAwvxFStB63seWueb2Nm8HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/92656f-eb32-402a-a331-2336cdb9ba9f/1/D22ywRwvNb9l3Ejn0IhkTIbbqtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/92656f-eb32-402a-a331-2336cdb9ba9f/1/hWnyEAwvxFStB63seWueb2Nm8HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.216.0/21
                  185.176.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:24:2a:65:7f:a4:31:f3:47:1f:27:97:c2:03:f6:f1:a2:7d:
         f3:c9:14:8c:1d:7e:4c:46:42:82:86:f2:bb:ac:35:77:5c:ae:
         91:2c:69:32:8a:ba:a9:c6:6a:f6:7e:90:67:bb:62:82:fb:e7:
         8b:e4:e4:25:55:5f:26:84:36:7d:ba:e6:94:78:02:b4:ef:36:
         49:53:1d:fa:f6:42:a8:0b:15:9b:eb:46:dd:32:ab:d7:f7:86:
         cd:11:ad:f4:77:4a:8a:8a:2c:c9:48:df:ae:2a:5b:5b:8d:4c:
         81:6b:0c:5b:03:3c:0b:5e:cd:02:dd:81:75:43:c0:e1:3b:03:
         ff:37:bc:04:72:6e:2a:e9:14:ab:f7:de:43:aa:02:70:e0:fb:
         24:03:da:ca:9c:88:30:a6:a1:d8:43:dd:69:b3:de:ea:07:04:
         d8:b6:87:c8:68:08:82:97:53:93:54:e0:ec:5b:d7:07:38:b7:
         b3:af:a1:ef:22:8a:2b:db:43:9b:4c:3d:12:ec:16:b7:30:d2:
         eb:68:55:e5:eb:44:1b:64:90:95:32:19:0a:80:1e:04:f7:93:
         6c:e6:8b:69:2b:ef:db:5e:67:33:9a:c4:5f:43:76:b0:71:c7:
         09:cf:00:2f:8d:73:19:31:10:4c:74:63:d5:d5:14:96:a5:b5:
         6a:75:00:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlAjg20qoXIdpSmOa4YoiK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NjlmMjEwMGMyZmM0NTRhZDA3YWRlYzc5NmI5ZTZmNjM2
NmYwNzEwHhcNMjUwOTEzMDA1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjZkYjJjMTFjMmYzNWJmNjVkYzQ4ZTdkMDg4NjQ0Yzg2ZGJhYWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8gNuPEv3jwMPH+3bnZapx1IhY9D
Q4ydvakPAkwZzYiE2WVMOxumA8FQODpJivgjRIXgGnffyhsOo8t6oE0atf11w+Wd
58aSbemFIUebR5i+K+PqHW2cC61YZCMU/CPvuYf9o4LmWZX9J1DJQcLeEOyg6EH5
B5JpZA2oJvHswVcwvH7SDt9Y223AeTWYqdkjc9cHl7NXRpe3WuAoe4qtVMyIgjXQ
CtviPIlR3pX641TygUEiJufKwrjfBSP2MzY/B33wDQ3MjnkMFzGsylvEjD49pSaO
IT19d0XSAe5pZuOpYlyDxF24NIRSDREWHbrPtPyTSMMK0gZH64cZcTeiOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA9tssEcLzW/ZdxI59CIZEyG26rcMB8GA1UdIwQY
MBaAFIVp8hAML8RUrQet7Hlrnm9jZvBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFdueUVBd3Z4RlN0QjYzc2VXdWViMk5tOEhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MjY1NmYtZWIzMi00MDJhLWEzMzEt
MjMzNmNkYjliYTlmLzEvRDIyeXdSd3ZOYjlsM0VqbjBJaGtUSWJicXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MjY1NmYtZWIzMi00MDJhLWEzMzEtMjMzNmNkYjliYTlm
LzEvaFdueUVBd3Z4RlN0QjYzc2VXdWViMk5tOEhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDWbvYAwQC
ubCQMA0GCSqGSIb3DQEBCwUAA4IBAQAuJCplf6Qx80cfJ5fCA/bxon3zyRSMHX5M
RkKChvK7rDV3XK6RLGkyirqpxmr2fpBnu2KC++eL5OQlVV8mhDZ9uuaUeAK07zZJ
Ux369kKoCxWb60bdMqvX94bNEa30d0qKiizJSN+uKltbjUyBawxbAzwLXs0C3YF1
Q8DhOwP/N7wEcm4q6RSr995DqgJw4PskA9rKnIgwpqHYQ91ps97qBwTYtofIaAiC
l1OTVODsW9cHOLezr6HvIoor20ObTD0S7Ba3MNLraFXl60QbZJCVMhkKgB4E95Ns
5otpK+/bXmczmsRfQ3awcccJzwAvjXMZMRBMdGPV1RSWpbVqdQCT
-----END CERTIFICATE-----