Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/yLICF7LxPJqKW0bXadmbwJKdAUs.roa
File:                     yLICF7LxPJqKW0bXadmbwJKdAUs.roa (raw, json)
Hash identifier:          N1HQgyFphv945BF0xwHybuVM2LsGQ66M8rtUi6w9zMc=
Subject key identifier:   C8:B2:02:17:B2:F1:3C:9A:8A:5B:46:D7:69:D9:9B:C0:92:9D:01:4B
Certificate issuer:       /CN=7ca598322a69905a5c6e0295a0ca1fb55666c14b
Certificate serial:       0199F9C509682AE54DB1D72847C9FFAF7508
Authority key identifier: 7C:A5:98:32:2A:69:90:5A:5C:6E:02:95:A0:CA:1F:B5:56:66:C1:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKWYMippkFpcbgKVoMoftVZmwUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/yLICF7LxPJqKW0bXadmbwJKdAUs.roa
Signing time:             Sun 19 Oct 2025 00:01:03 +0000
ROA not before:           Sun 19 Oct 2025 00:01:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215946
IP address blocks:        185.204.154.0/24 maxlen: 24
                          2a14:7100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/fKWYMippkFpcbgKVoMoftVZmwUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/fKWYMippkFpcbgKVoMoftVZmwUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKWYMippkFpcbgKVoMoftVZmwUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 09:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f9:c5:09:68:2a:e5:4d:b1:d7:28:47:c9:ff:af:75:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca598322a69905a5c6e0295a0ca1fb55666c14b
        Validity
            Not Before: Oct 19 00:01:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8b20217b2f13c9a8a5b46d769d99bc0929d014b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:55:91:08:92:19:3b:61:4d:84:a4:79:f2:b9:
                    32:1e:99:1f:77:e2:a1:52:bb:92:48:b3:55:1f:e8:
                    4e:81:33:f4:ad:d4:16:34:a3:79:72:f4:0e:77:75:
                    de:90:d7:99:96:13:50:79:3a:e3:dc:74:f1:b9:10:
                    98:4a:83:13:38:2d:18:08:22:54:e1:68:c6:2f:9f:
                    8e:ad:b9:d1:c5:71:58:5e:89:a7:b9:c1:79:47:1a:
                    cd:da:e2:89:b7:0e:aa:c3:97:d5:2b:07:bd:2f:a5:
                    5f:6d:90:7e:aa:a1:46:91:0f:f9:51:1e:ba:50:73:
                    ce:44:2c:a8:03:bb:94:48:25:6e:9d:93:fb:0e:8a:
                    4e:09:2f:50:2a:44:97:14:0a:3f:e7:ca:b4:21:69:
                    6d:12:fa:08:fd:20:35:e6:5c:9b:6f:f4:a8:bb:e4:
                    78:65:12:d5:dd:79:ba:75:e9:30:21:8c:5d:05:9a:
                    ce:bb:2d:87:bf:43:ec:90:ab:cf:45:47:83:84:2c:
                    1f:65:d2:1e:ee:15:37:27:8f:69:2e:79:f9:6e:f3:
                    8b:f4:23:29:95:2e:36:11:db:37:f1:21:97:12:a5:
                    35:92:fd:0f:8b:8b:24:a6:81:30:44:b6:0f:83:c3:
                    bc:a4:6c:04:1e:16:f1:06:d9:97:5b:27:e8:c4:30:
                    5b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B2:02:17:B2:F1:3C:9A:8A:5B:46:D7:69:D9:9B:C0:92:9D:01:4B
            X509v3 Authority Key Identifier:
                keyid:7C:A5:98:32:2A:69:90:5A:5C:6E:02:95:A0:CA:1F:B5:56:66:C1:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKWYMippkFpcbgKVoMoftVZmwUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/yLICF7LxPJqKW0bXadmbwJKdAUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/fKWYMippkFpcbgKVoMoftVZmwUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.154.0/24
                IPv6:
                  2a14:7100::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:d1:ad:64:89:52:ed:f3:d2:4f:28:c8:11:ab:fc:d0:94:d5:
         46:b6:fe:ff:b2:68:07:dc:05:56:71:a9:06:71:ca:1b:f2:e5:
         a5:5b:e0:f1:1b:d8:a8:c6:7c:89:c1:ca:f8:05:30:77:b0:6b:
         37:8e:d4:3b:d5:38:6b:d8:9c:54:c8:9d:e6:56:2a:25:7e:37:
         04:9f:9c:97:ad:53:24:b8:99:e2:db:ad:b2:cd:f8:77:12:38:
         fe:32:f6:2e:65:03:84:c4:01:1a:11:76:69:15:f0:24:14:a7:
         16:20:00:5e:1d:78:6b:a9:99:f9:7c:e7:52:90:85:73:5b:e5:
         97:9b:2a:15:ae:03:fa:ba:44:cd:43:f3:c4:7a:ad:56:18:ca:
         cf:d4:7c:59:42:a6:0d:65:11:28:e1:28:cc:9e:5a:c5:d8:7f:
         93:22:d9:fb:9e:99:26:af:9b:3d:53:97:08:eb:e2:0e:a9:fe:
         a9:24:28:7f:fc:ec:06:6e:4f:44:6e:1e:80:39:0b:6f:c7:68:
         3a:9b:26:ec:c6:37:0c:4b:1d:cb:64:66:f9:36:f4:03:79:14:
         66:ad:49:a4:f8:e3:e0:f5:9c:cb:ef:a2:86:c7:07:df:84:91:
         61:34:9d:ff:2c:f2:b5:61:27:99:0e:09:34:99:94:27:51:b3:
         d5:d7:e2:a8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZn5xQloKuVNsdcoR8n/r3UIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTU5ODMyMmE2OTkwNWE1YzZlMDI5NWEwY2ExZmI1NTY2
NmMxNGIwHhcNMjUxMDE5MDAwMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGIyMDIxN2IyZjEzYzlhOGE1YjQ2ZDc2OWQ5OWJjMDkyOWQwMTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lWRCJIZO2FNhKR58rkyHpkfd+Kh
UruSSLNVH+hOgTP0rdQWNKN5cvQOd3XekNeZlhNQeTrj3HTxuRCYSoMTOC0YCCJU
4WjGL5+OrbnRxXFYXomnucF5RxrN2uKJtw6qw5fVKwe9L6VfbZB+qqFGkQ/5UR66
UHPORCyoA7uUSCVunZP7DopOCS9QKkSXFAo/58q0IWltEvoI/SA15lybb/Sou+R4
ZRLV3Xm6dekwIYxdBZrOuy2Hv0PskKvPRUeDhCwfZdIe7hU3J49pLnn5bvOL9CMp
lS42Eds38SGXEqU1kv0Pi4skpoEwRLYPg8O8pGwEHhbxBtmXWyfoxDBbHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMiyAhey8TyailtG12nZm8CSnQFLMB8GA1UdIwQY
MBaAFHylmDIqaZBaXG4ClaDKH7VWZsFLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktXWU1pcHBrRnBjYmdLVm9Nb2Z0Vlptd1VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9kYTY2YzAtYjlmOC00MDk0LWE5MzUt
NTgwZDg3Njg4NWExLzEveUxJQ0Y3THhQSnFLVzBiWGFkbWJ3SktkQVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9kYTY2YzAtYjlmOC00MDk0LWE5MzUtNTgwZDg3Njg4NWEx
LzEvZktXWU1pcHBrRnBjYmdLVm9Nb2Z0Vlptd1VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucyaMA0E
AgACMAcDBQMqFHEAMA0GCSqGSIb3DQEBCwUAA4IBAQCR0a1kiVLt89JPKMgRq/zQ
lNVGtv7/smgH3AVWcakGccob8uWlW+DxG9ioxnyJwcr4BTB3sGs3jtQ71Thr2JxU
yJ3mViolfjcEn5yXrVMkuJni262yzfh3Ejj+MvYuZQOExAEaEXZpFfAkFKcWIABe
HXhrqZn5fOdSkIVzW+WXmyoVrgP6ukTNQ/PEeq1WGMrP1HxZQqYNZREo4SjMnlrF
2H+TItn7npkmr5s9U5cI6+IOqf6pJCh//OwGbk9Ebh6AOQtvx2g6mybsxjcMSx3L
ZGb5NvQDeRRmrUmk+OPg9ZzL76KGxwffhJFhNJ3/LPK1YSeZDgk0mZQnUbPV1+Ko
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:24 2025 by rpki-client