Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/1RNP6CMjRwuLCEOEsXplD6mZrNo.roa
File:                     1RNP6CMjRwuLCEOEsXplD6mZrNo.roa (raw, json)
Hash identifier:          92UoyO1eaBlcZDRyPfAKS4dRMJA2ySev04AZTsoa0UQ=
Subject key identifier:   D5:13:4F:E8:23:23:47:0B:8B:08:43:84:B1:7A:65:0F:A9:99:AC:DA
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       0199EDD4EF5866D7AD4F6EAF0CE6C1BA3257
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/1RNP6CMjRwuLCEOEsXplD6mZrNo.roa
Signing time:             Thu 16 Oct 2025 16:22:59 +0000
ROA not before:           Thu 16 Oct 2025 16:22:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26548
IP address blocks:        94.103.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:d4:ef:58:66:d7:ad:4f:6e:af:0c:e6:c1:ba:32:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Oct 16 16:22:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5134fe82323470b8b084384b17a650fa999acda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4d:a6:bf:91:72:1f:ba:08:9e:f9:49:06:b0:
                    a6:6a:bb:a9:69:d8:61:4a:b8:52:32:df:c2:fe:27:
                    8e:8b:90:3f:42:2e:48:76:db:b6:d0:d2:31:86:37:
                    45:76:97:d8:c4:88:51:e9:ff:d6:1e:d5:be:40:c7:
                    9b:fd:cc:50:c3:83:0a:45:07:51:9c:40:5b:d6:2e:
                    5c:ea:82:09:25:5c:20:7e:42:5a:e3:23:41:9d:6e:
                    c0:65:66:4b:ee:cf:ce:2f:4a:5e:9a:9d:b1:2d:5f:
                    7f:33:53:a0:72:5e:cb:d7:51:31:63:28:f6:58:ee:
                    0c:88:63:1e:31:8e:bb:2a:4d:8b:79:0a:d4:e0:cb:
                    f6:63:82:5f:b4:3a:77:74:02:07:d1:de:52:42:16:
                    f6:e0:3e:31:40:2a:2e:e2:59:a3:a1:70:62:03:b5:
                    b3:8a:43:8b:a0:c8:e8:24:31:fd:e4:be:5e:7f:2e:
                    58:2d:bc:e0:75:d4:94:88:cf:05:98:e8:e1:3c:58:
                    53:9e:18:0a:bd:b3:be:27:a4:a2:2e:87:24:58:94:
                    ab:0a:e9:1b:a2:c2:26:ae:7d:fc:6f:49:c0:79:2b:
                    59:ba:9e:fb:f9:9b:75:fc:e1:eb:8a:34:19:61:e6:
                    31:cf:91:97:c7:59:4d:84:c2:8c:d3:a9:1f:06:ed:
                    0f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:13:4F:E8:23:23:47:0B:8B:08:43:84:B1:7A:65:0F:A9:99:AC:DA
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/1RNP6CMjRwuLCEOEsXplD6mZrNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:5d:9c:ed:8b:f8:1e:64:dd:3e:8e:89:02:be:7a:28:c1:ba:
         48:de:c6:6a:70:60:13:72:e7:a2:6e:f1:a8:ea:3e:a1:bd:50:
         36:1e:94:90:1b:7e:5a:ea:15:61:a2:37:2d:af:8a:93:13:f4:
         ce:01:a8:84:ab:ee:95:4b:d4:8b:33:f6:4e:99:cd:44:6d:2e:
         22:1e:4d:ac:6e:64:41:d6:d8:c1:2e:6a:b3:ed:bc:e0:59:5c:
         df:81:dd:b2:cc:d9:6a:f5:e7:0a:ed:98:fe:d7:bd:48:f1:38:
         ee:81:76:4e:98:4c:e5:5d:be:fd:aa:db:50:eb:8f:af:ac:91:
         57:ae:51:7a:44:a6:0f:6a:fd:d7:e4:2f:58:4e:cb:0a:0f:88:
         90:83:9d:3f:7d:c9:e4:b3:90:ee:d9:59:6a:29:e5:b1:be:01:
         42:0a:c2:d1:0e:30:31:27:9f:5f:0f:bd:e1:8b:5b:d7:c6:a1:
         cb:d4:66:5e:4c:0e:2e:b9:93:d8:af:2a:f5:fd:7c:d0:9d:b8:
         47:a9:21:34:5c:c1:78:95:e3:57:ae:ca:bb:32:5c:fb:d7:83:
         0a:c2:12:00:dd:4f:5b:ac:09:a0:bb:1a:da:6b:02:0e:e4:2a:
         5c:bc:eb:77:eb:99:dd:72:75:c5:ca:ab:3c:fc:83:28:9f:2e:
         50:d6:72:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnt1O9YZtetT26vDObBujJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUxMDE2MTYyMjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTEzNGZlODIzMjM0NzBiOGIwODQzODRiMTdhNjUwZmE5OTlhY2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE2mv5FyH7oInvlJBrCmarupadhh
SrhSMt/C/ieOi5A/Qi5Idtu20NIxhjdFdpfYxIhR6f/WHtW+QMeb/cxQw4MKRQdR
nEBb1i5c6oIJJVwgfkJa4yNBnW7AZWZL7s/OL0pemp2xLV9/M1Ogcl7L11ExYyj2
WO4MiGMeMY67Kk2LeQrU4Mv2Y4JftDp3dAIH0d5SQhb24D4xQCou4lmjoXBiA7Wz
ikOLoMjoJDH95L5efy5YLbzgddSUiM8FmOjhPFhTnhgKvbO+J6SiLockWJSrCukb
osImrn38b0nAeStZup77+Zt1/OHrijQZYeYxz5GXx1lNhMKM06kfBu0PeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUTT+gjI0cLiwhDhLF6ZQ+pmazaMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvMVJOUDZDTWpSd3VMQ0VPRXNYcGxENm1ack5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXme4MA0G
CSqGSIb3DQEBCwUAA4IBAQBnXZzti/geZN0+jokCvnoowbpI3sZqcGATcueibvGo
6j6hvVA2HpSQG35a6hVhojctr4qTE/TOAaiEq+6VS9SLM/ZOmc1EbS4iHk2sbmRB
1tjBLmqz7bzgWVzfgd2yzNlq9ecK7Zj+171I8TjugXZOmEzlXb79qttQ64+vrJFX
rlF6RKYPav3X5C9YTssKD4iQg50/fcnks5Du2VlqKeWxvgFCCsLRDjAxJ59fD73h
i1vXxqHL1GZeTA4uuZPYryr1/XzQnbhHqSE0XMF4leNXrsq7Mlz714MKwhIA3U9b
rAmguxraawIO5CpcvOt365ndcnXFyqs8/IMony5Q1nJb
-----END CERTIFICATE-----