Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/JzXunvRufgC7I9jgAmMAUW_wD5w.roa
File:                     JzXunvRufgC7I9jgAmMAUW_wD5w.roa (raw, json)
Hash identifier:          zenaSS8rSj78j5u4Ijc+tVjfj8XFsm2Qiq0IyFT77Dw=
Subject key identifier:   27:35:EE:9E:F4:6E:7E:00:BB:23:D8:E0:02:63:00:51:6F:F0:0F:9C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198ADC426B01B3C935FEB0176B5EB4C7702
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/JzXunvRufgC7I9jgAmMAUW_wD5w.roa
Signing time:             Fri 15 Aug 2025 12:46:09 +0000
ROA not before:           Fri 15 Aug 2025 12:46:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        93.190.244.0/24 maxlen: 24
                          2a0f:3940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:c4:26:b0:1b:3c:93:5f:eb:01:76:b5:eb:4c:77:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 15 12:46:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2735ee9ef46e7e00bb23d8e0026300516ff00f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:01:2c:c0:f3:ae:27:d8:e8:fd:3d:ca:bf:36:
                    c5:5d:9f:1f:3f:d0:62:d1:87:73:5e:b4:e4:08:98:
                    57:4a:73:75:08:41:04:6d:48:09:0b:a7:57:fa:d7:
                    11:d2:00:f3:5b:05:4c:bb:b8:3d:4f:9c:26:03:68:
                    be:05:3d:d1:41:13:7d:1e:dc:d0:01:5a:9a:00:23:
                    40:24:5a:12:f1:c3:eb:5f:aa:89:83:6e:d0:b4:0a:
                    58:b3:4c:f0:d8:e6:09:90:b4:30:72:d3:ad:ba:d3:
                    65:81:23:34:d0:b6:13:c2:5b:4b:24:4e:a9:4c:59:
                    e2:74:d1:19:7b:b7:a2:b7:d8:f0:40:14:52:42:0d:
                    c0:0c:98:f8:cd:45:6a:99:51:a4:29:cd:73:0d:57:
                    68:a9:5a:62:94:78:53:af:dd:b2:ee:31:a9:ae:b4:
                    77:8f:dc:e7:94:23:c2:3f:86:c4:9c:87:de:5f:68:
                    24:2d:ed:3f:c1:1e:ef:92:76:1d:5c:fa:67:3c:94:
                    d5:bb:9e:48:cc:6e:b1:72:33:27:dc:0b:83:14:88:
                    f8:32:87:f8:78:d8:a0:5d:34:d0:1a:56:b1:8f:a7:
                    f4:0c:36:1f:a6:cf:b2:ee:70:63:c3:22:4f:c6:5f:
                    3d:42:c9:56:d9:11:4f:5a:4b:56:3a:32:d1:9e:b3:
                    31:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:35:EE:9E:F4:6E:7E:00:BB:23:D8:E0:02:63:00:51:6F:F0:0F:9C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/JzXunvRufgC7I9jgAmMAUW_wD5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.244.0/24
                IPv6:
                  2a0f:3940::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:fe:df:05:30:ba:22:d6:46:c4:60:bf:69:d3:56:78:41:18:
         fc:90:56:68:93:1a:fd:fd:fe:6c:f4:5b:9e:6f:ce:ec:71:c1:
         56:5b:32:50:25:7f:9c:2a:83:36:df:9a:37:7e:77:e8:5b:00:
         5e:ab:de:00:49:43:74:11:76:44:a5:82:6a:9c:ae:83:c8:14:
         23:09:45:7c:66:b0:cf:3e:c6:17:6e:5c:16:cd:0e:9c:16:e5:
         6b:13:17:06:3b:6f:3b:05:73:38:ce:bd:1a:ac:d7:cb:c0:8f:
         99:05:0b:49:34:7e:d5:01:11:2c:af:ac:e0:1e:28:8b:38:22:
         3e:08:a0:31:d6:0d:80:1e:ed:4d:01:bd:c5:1f:c1:a4:ad:9f:
         e9:5d:0b:5c:5f:1b:ae:27:f4:e1:7c:57:66:25:a3:9b:ca:f3:
         02:21:9d:8d:67:15:21:ac:70:10:75:5e:43:5e:57:cc:ae:8e:
         15:1f:cb:79:61:c7:40:23:80:ab:9f:f7:69:2d:99:3a:48:42:
         1d:86:5a:3d:a4:3e:33:82:b2:34:81:18:66:93:82:35:14:88:
         1a:8f:ab:d6:3d:88:be:fa:49:0e:50:46:51:9a:9e:07:93:41:
         cb:f1:31:07:6b:ff:e0:a3:22:12:53:68:ed:5e:75:00:4d:71:
         7c:ff:a9:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZitxCawGzyTX+sBdrXrTHcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODE1MTI0NjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzM1ZWU5ZWY0NmU3ZTAwYmIyM2Q4ZTAwMjYzMDA1MTZmZjAwZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAEswPOuJ9jo/T3KvzbFXZ8fP9Bi
0YdzXrTkCJhXSnN1CEEEbUgJC6dX+tcR0gDzWwVMu7g9T5wmA2i+BT3RQRN9HtzQ
AVqaACNAJFoS8cPrX6qJg27QtApYs0zw2OYJkLQwctOtutNlgSM00LYTwltLJE6p
TFnidNEZe7eit9jwQBRSQg3ADJj4zUVqmVGkKc1zDVdoqVpilHhTr92y7jGprrR3
j9znlCPCP4bEnIfeX2gkLe0/wR7vknYdXPpnPJTVu55IzG6xcjMn3AuDFIj4Mof4
eNigXTTQGlaxj6f0DDYfps+y7nBjwyJPxl89QslW2RFPWktWOjLRnrMxqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCc17p70bn4AuyPY4AJjAFFv8A+cMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSnpYdW52UnVmZ0M3STlqZ0FtTUFVV193RDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXb70MA0E
AgACMAcDBQMqDzlAMA0GCSqGSIb3DQEBCwUAA4IBAQCa/t8FMLoi1kbEYL9p01Z4
QRj8kFZokxr9/f5s9Fueb87sccFWWzJQJX+cKoM235o3fnfoWwBeq94ASUN0EXZE
pYJqnK6DyBQjCUV8ZrDPPsYXblwWzQ6cFuVrExcGO287BXM4zr0arNfLwI+ZBQtJ
NH7VAREsr6zgHiiLOCI+CKAx1g2AHu1NAb3FH8GkrZ/pXQtcXxuuJ/ThfFdmJaOb
yvMCIZ2NZxUhrHAQdV5DXlfMro4VH8t5YcdAI4Crn/dpLZk6SEIdhlo9pD4zgrI0
gRhmk4I1FIgaj6vWPYi++kkOUEZRmp4Hk0HL8TEHa//goyISU2jtXnUATXF8/6m7
-----END CERTIFICATE-----