Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/k87lgNj4qO622k5m8YD6e52HffU.roa
File:                     k87lgNj4qO622k5m8YD6e52HffU.roa (raw, json)
Hash identifier:          BbwtpxmMRI/R7NUAtfqJ+9NVGBGAxn+88eOiQR6/i8w=
Subject key identifier:   93:CE:E5:80:D8:F8:A8:EE:B6:DA:4E:66:F1:80:FA:7B:9D:87:7D:F5
Certificate issuer:       /CN=c7a2e4eb9fd3ccd1ba44a362f76f989b7b44d5f2
Certificate serial:       019947331A7B5A444FA6F25091C3E385BF79
Authority key identifier: C7:A2:E4:EB:9F:D3:CC:D1:BA:44:A3:62:F7:6F:98:9B:7B:44:D5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/k87lgNj4qO622k5m8YD6e52HffU.roa
Signing time:             Sun 14 Sep 2025 07:49:15 +0000
ROA not before:           Sun 14 Sep 2025 07:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43766
IP address blocks:        194.33.68.0/24 maxlen: 24
                          194.33.70.0/23 maxlen: 23
                          2001:67c:2994::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:47:33:1a:7b:5a:44:4f:a6:f2:50:91:c3:e3:85:bf:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7a2e4eb9fd3ccd1ba44a362f76f989b7b44d5f2
        Validity
            Not Before: Sep 14 07:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93cee580d8f8a8eeb6da4e66f180fa7b9d877df5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8f:43:0b:bb:3a:31:02:e5:b1:e8:be:5a:7b:
                    9c:4a:d4:c3:ab:e4:40:33:aa:02:29:d6:aa:1c:cc:
                    5a:58:bb:f8:cd:a7:62:44:9d:54:58:3c:61:b0:59:
                    66:60:95:02:ba:e5:ef:1f:69:2b:41:51:1a:8a:fe:
                    a1:cf:db:98:17:2c:52:5a:7e:3b:66:eb:24:4c:6b:
                    9f:8f:1f:6d:d0:ce:dd:e5:09:f8:e4:38:ee:8b:23:
                    cb:e9:30:08:db:9e:4c:ea:91:c5:28:98:92:56:cc:
                    1c:90:28:c2:71:09:f2:d1:19:23:b5:5f:bc:26:2d:
                    e4:9f:aa:55:99:d6:2c:5c:59:b7:9a:91:21:a0:bd:
                    2e:68:8d:b5:53:57:d4:76:81:9a:1d:5e:34:2d:4b:
                    a9:9b:75:11:55:80:50:51:56:93:fb:c3:bb:ad:b0:
                    a1:af:6a:b0:3a:f3:cc:f8:15:fb:6e:f7:99:e6:ae:
                    e9:7a:05:34:2f:d6:a2:c3:54:29:6b:be:9f:5a:bc:
                    8e:78:a9:92:1d:4b:fd:4f:4b:e6:8b:17:4d:14:20:
                    21:b0:07:79:ba:9a:16:9a:78:21:d0:a9:f4:6d:a8:
                    8d:bc:d3:af:96:cb:d9:84:47:d7:55:a7:07:99:d8:
                    d6:3f:c9:de:09:88:86:01:b8:0d:40:cc:69:5a:e2:
                    28:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:CE:E5:80:D8:F8:A8:EE:B6:DA:4E:66:F1:80:FA:7B:9D:87:7D:F5
            X509v3 Authority Key Identifier:
                keyid:C7:A2:E4:EB:9F:D3:CC:D1:BA:44:A3:62:F7:6F:98:9B:7B:44:D5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x6Lk65_TzNG6RKNi92-Ym3tE1fI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/k87lgNj4qO622k5m8YD6e52HffU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/0e4976-e750-4568-8583-de6ef7c95526/1/x6Lk65_TzNG6RKNi92-Ym3tE1fI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.68.0/24
                  194.33.70.0/23
                IPv6:
                  2001:67c:2994::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:8e:1e:a7:d8:77:87:2c:06:b1:35:30:01:19:90:d2:c2:cd:
         ce:05:89:91:f0:ce:28:87:94:89:7a:d8:86:e1:ec:d6:b0:cb:
         57:4b:a6:c5:dd:9c:ef:5a:01:a4:32:03:14:fb:3d:fb:af:32:
         6d:32:8d:b0:40:8e:29:5e:ce:ce:26:81:e7:e9:e2:c4:38:6f:
         ea:74:fc:ca:28:b8:89:ec:f4:02:97:f1:8f:1f:9f:5e:2b:b3:
         54:43:db:19:b7:f7:0a:f7:8d:77:70:de:bb:11:ec:b9:66:06:
         24:10:0e:99:7c:03:ab:d9:11:b5:20:e5:8e:97:30:79:99:ee:
         a4:8a:91:b0:23:e9:9b:2f:dc:13:f6:7c:33:a2:b3:27:dd:a8:
         82:5e:1f:92:f6:f4:44:b3:fa:11:c6:66:f9:d7:46:dc:b2:1e:
         a3:aa:19:9c:00:a0:23:2e:54:5e:4b:9f:04:b6:68:03:62:3c:
         e5:48:d2:d8:e1:ca:6b:45:ea:52:b9:37:6a:82:cc:d5:42:d4:
         2a:ea:68:d7:a9:fa:f6:a2:2e:c0:03:71:1c:c5:bf:42:ac:ae:
         e5:c2:fc:50:fe:7c:e0:d7:1d:0e:e6:b1:ba:a4:f0:3b:d9:0a:
         90:95:93:f0:e2:ca:11:a3:47:75:49:cf:7e:43:c8:8a:c7:f8:
         46:bd:7b:c1
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZlHMxp7WkRPpvJQkcPjhb95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YTJlNGViOWZkM2NjZDFiYTQ0YTM2MmY3NmY5ODliN2I0
NGQ1ZjIwHhcNMjUwOTE0MDc0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2NlZTU4MGQ4ZjhhOGVlYjZkYTRlNjZmMTgwZmE3YjlkODc3ZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmI9DC7s6MQLlsei+WnucStTDq+RA
M6oCKdaqHMxaWLv4zadiRJ1UWDxhsFlmYJUCuuXvH2krQVEaiv6hz9uYFyxSWn47
ZuskTGufjx9t0M7d5Qn45DjuiyPL6TAI255M6pHFKJiSVswckCjCcQny0RkjtV+8
Ji3kn6pVmdYsXFm3mpEhoL0uaI21U1fUdoGaHV40LUupm3URVYBQUVaT+8O7rbCh
r2qwOvPM+BX7bveZ5q7pegU0L9aiw1Qpa76fWryOeKmSHUv9T0vmixdNFCAhsAd5
upoWmngh0Kn0baiNvNOvlsvZhEfXVacHmdjWP8neCYiGAbgNQMxpWuIoEQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJPO5YDY+KjuttpOZvGA+nudh331MB8GA1UdIwQY
MBaAFMei5Ouf08zRukSjYvdvmJt7RNXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDZMazY1X1R6Tkc2UktOaTkyLVltM3RFMWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8wZTQ5NzYtZTc1MC00NTY4LTg1ODMt
ZGU2ZWY3Yzk1NTI2LzEvazg3bGdOajRxTzYyMms1bThZRDZlNTJIZmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8wZTQ5NzYtZTc1MC00NTY4LTg1ODMtZGU2ZWY3Yzk1NTI2
LzEveDZMazY1X1R6Tkc2UktOaTkyLVltM3RFMWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwiFEAwQB
wiFGMA8EAgACMAkDBwAgAQZ8KZQwDQYJKoZIhvcNAQELBQADggEBAJSOHqfYd4cs
BrE1MAEZkNLCzc4FiZHwziiHlIl62Ibh7Nawy1dLpsXdnO9aAaQyAxT7PfuvMm0y
jbBAjilezs4mgefp4sQ4b+p0/MoouIns9AKX8Y8fn14rs1RD2xm39wr3jXdw3rsR
7LlmBiQQDpl8A6vZEbUg5Y6XMHmZ7qSKkbAj6Zsv3BP2fDOisyfdqIJeH5L29ESz
+hHGZvnXRtyyHqOqGZwAoCMuVF5LnwS2aANiPOVI0tjhymtF6lK5N2qCzNVC1Crq
aNep+vaiLsADcRzFv0KsruXC/FD+fODXHQ7msbqk8DvZCpCVk/DiyhGjR3VJz35D
yIrH+Ea9e8E=
-----END CERTIFICATE-----