Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5GX4vJ4blKjq9o3sDIhP9rwAdlU.roa
File:                     5GX4vJ4blKjq9o3sDIhP9rwAdlU.roa (raw, json)
Hash identifier:          BiykPTb+BShrmJE19YuZ9/EPOL4oOLOyUO6tAR89so8=
Subject key identifier:   E4:65:F8:BC:9E:1B:94:A8:EA:F6:8D:EC:0C:88:4F:F6:BC:00:76:55
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198D0E80BEF53439DDCBC8476935AD3A92F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5GX4vJ4blKjq9o3sDIhP9rwAdlU.roa
Signing time:             Fri 22 Aug 2025 08:32:04 +0000
ROA not before:           Fri 22 Aug 2025 08:32:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207461
IP address blocks:        193.5.65.0/24 maxlen: 24
                          2a0f:3d86:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d0:e8:0b:ef:53:43:9d:dc:bc:84:76:93:5a:d3:a9:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 22 08:32:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e465f8bc9e1b94a8eaf68dec0c884ff6bc007655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:99:b3:0f:4d:5a:dd:2d:a2:49:c8:69:4f:c7:
                    e8:42:7a:d7:10:e0:3e:52:eb:c1:3b:97:12:88:22:
                    a5:af:f5:c1:8f:12:8a:8f:29:39:14:72:3f:ea:ba:
                    96:d2:60:44:75:b7:cb:bc:fd:f0:7d:b4:dc:63:21:
                    88:f9:4c:e9:79:3f:8a:f1:0b:52:49:40:d6:71:a5:
                    93:2c:b9:94:c9:e5:f3:9d:ff:9e:3b:ac:95:ab:18:
                    35:94:07:d6:ab:b5:1f:e6:5e:58:a7:35:f5:30:dd:
                    42:6a:e0:1c:af:ac:74:4a:1d:ba:44:19:63:2a:b9:
                    10:90:a9:21:bb:1c:ef:8c:d6:43:7d:84:f2:5b:00:
                    f1:53:e6:d3:bd:0d:14:c9:72:66:3e:83:28:bf:96:
                    9c:44:f3:9a:91:3d:b5:d3:a0:0d:00:e7:64:f3:39:
                    4d:71:d2:aa:c1:45:94:1b:63:ed:34:d4:a3:7d:f7:
                    48:4a:71:79:48:08:05:de:e0:21:bb:bb:7f:b2:ec:
                    83:ed:1e:f7:57:02:05:7e:39:a4:19:d6:ee:c0:56:
                    ab:0e:17:2d:39:b7:cb:e5:29:df:da:b6:4b:89:f7:
                    90:88:2f:fc:88:72:26:7c:15:53:b4:de:49:cc:0e:
                    99:36:ca:16:4b:cb:a1:a9:1e:72:32:88:25:d4:b9:
                    be:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:65:F8:BC:9E:1B:94:A8:EA:F6:8D:EC:0C:88:4F:F6:BC:00:76:55
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5GX4vJ4blKjq9o3sDIhP9rwAdlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.65.0/24
                IPv6:
                  2a0f:3d86:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:cc:e4:68:ea:6b:e5:b7:e7:21:82:99:fa:be:09:e5:ad:6c:
         3c:65:a8:bd:04:c3:a2:d5:b9:fa:59:55:f5:8c:10:43:22:73:
         bf:5f:5c:5b:75:14:45:d5:90:29:b6:ed:76:c8:6d:55:e8:19:
         03:32:06:6b:65:3d:da:92:e6:ac:d7:ba:d1:fd:3c:d1:c3:d6:
         b9:c7:c6:33:46:92:9f:19:fe:f9:c1:c0:1f:df:df:fd:4a:94:
         09:23:7f:60:d0:00:f8:e3:24:e5:82:34:80:e7:8c:f8:41:56:
         8c:2f:39:4b:9d:18:41:2f:8b:e2:e9:06:c2:47:00:94:7e:d5:
         de:40:eb:59:08:4a:ed:cf:68:bb:6f:3b:dd:f4:56:28:f8:e2:
         c4:11:50:23:b0:e0:c4:66:2c:a1:e8:94:f4:93:10:6e:d6:79:
         19:db:3f:33:36:95:58:89:b3:a2:a7:56:cd:84:ca:3c:50:d7:
         18:3e:3b:ec:2c:92:d3:ad:ae:a9:8c:d4:a1:6a:51:8e:62:62:
         05:e7:5e:55:5d:ab:fc:8d:27:89:b7:00:e7:20:bc:31:eb:73:
         9c:2b:1f:48:40:5f:ed:44:cf:e3:99:9e:c3:9f:43:76:3c:a9:
         05:92:8e:0c:39:f2:62:03:79:e4:28:11:c1:9c:e3:bf:6e:27:
         bf:89:f6:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZjQ6AvvU0Od3LyEdpNa06kvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODIyMDgzMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDY1ZjhiYzllMWI5NGE4ZWFmNjhkZWMwYzg4NGZmNmJjMDA3NjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZmzD01a3S2iSchpT8foQnrXEOA+
UuvBO5cSiCKlr/XBjxKKjyk5FHI/6rqW0mBEdbfLvP3wfbTcYyGI+UzpeT+K8QtS
SUDWcaWTLLmUyeXznf+eO6yVqxg1lAfWq7Uf5l5YpzX1MN1CauAcr6x0Sh26RBlj
KrkQkKkhuxzvjNZDfYTyWwDxU+bTvQ0UyXJmPoMov5acRPOakT2106ANAOdk8zlN
cdKqwUWUG2PtNNSjffdISnF5SAgF3uAhu7t/suyD7R73VwIFfjmkGdbuwFarDhct
ObfL5Snf2rZLifeQiC/8iHImfBVTtN5JzA6ZNsoWS8uhqR5yMogl1Lm+bQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFORl+LyeG5So6vaN7AyIT/a8AHZVMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNUdYNHZKNGJsS2pxOW8zc0RJaFA5cndBZGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwQVBMA8E
AgACMAkDBwAqDz2GAQAwDQYJKoZIhvcNAQELBQADggEBALPM5Gjqa+W35yGCmfq+
CeWtbDxlqL0Ew6LVufpZVfWMEEMic79fXFt1FEXVkCm27XbIbVXoGQMyBmtlPdqS
5qzXutH9PNHD1rnHxjNGkp8Z/vnBwB/f3/1KlAkjf2DQAPjjJOWCNIDnjPhBVowv
OUudGEEvi+LpBsJHAJR+1d5A61kISu3PaLtvO930Vij44sQRUCOw4MRmLKHolPST
EG7WeRnbPzM2lViJs6KnVs2EyjxQ1xg+O+wsktOtrqmM1KFqUY5iYgXnXlVdq/yN
J4m3AOcgvDHrc5wrH0hAX+1Ez+OZnsOfQ3Y8qQWSjgw58mIDeeQoEcGc479uJ7+J
9kU=
-----END CERTIFICATE-----