Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/420621-98b9-4961-a230-29b3f0272b9f/1/bvDQqROOqfcLitLUBX84FPsCs1c.roa
File:                     bvDQqROOqfcLitLUBX84FPsCs1c.roa (raw, json)
Hash identifier:          5rWrrkrkVV/HRYCs0+RexUArPHHbqW+EtH7f8xFEtLs=
Subject key identifier:   6E:F0:D0:A9:13:8E:A9:F7:0B:8A:D2:D4:05:7F:38:14:FB:02:B3:57
Certificate issuer:       /CN=8a552dd8695d483d47ce4cf845b906b175276a5c
Certificate serial:       01993866A70B6D731BD4B6938739C3A66390
Authority key identifier: 8A:55:2D:D8:69:5D:48:3D:47:CE:4C:F8:45:B9:06:B1:75:27:6A:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilUt2GldSD1Hzkz4RbkGsXUnalw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/420621-98b9-4961-a230-29b3f0272b9f/1/bvDQqROOqfcLitLUBX84FPsCs1c.roa
Signing time:             Thu 11 Sep 2025 10:51:15 +0000
ROA not before:           Thu 11 Sep 2025 10:51:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215804
IP address blocks:        94.156.67.0/24 maxlen: 24
                          2a0d:2b00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/420621-98b9-4961-a230-29b3f0272b9f/1/ilUt2GldSD1Hzkz4RbkGsXUnalw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/420621-98b9-4961-a230-29b3f0272b9f/1/ilUt2GldSD1Hzkz4RbkGsXUnalw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilUt2GldSD1Hzkz4RbkGsXUnalw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:38:66:a7:0b:6d:73:1b:d4:b6:93:87:39:c3:a6:63:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a552dd8695d483d47ce4cf845b906b175276a5c
        Validity
            Not Before: Sep 11 10:51:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ef0d0a9138ea9f70b8ad2d4057f3814fb02b357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fa:90:c2:23:20:b9:1c:89:79:b4:75:2b:f8:
                    28:bb:83:fb:0f:50:be:bb:31:f1:4d:94:36:d1:5b:
                    e6:d1:b6:7e:47:51:ca:5b:c1:bc:72:b0:8b:5b:23:
                    22:b1:d7:31:c9:4b:25:e0:1c:16:a1:e6:d2:83:4f:
                    57:22:06:b1:fa:77:4e:39:30:e6:0c:09:d9:ae:a7:
                    ba:1d:d1:eb:87:ed:44:87:38:f5:5a:85:a3:c7:2f:
                    10:3a:0c:cf:4f:46:e0:ef:34:2c:8b:bb:f9:d9:e0:
                    eb:bf:28:8b:3e:54:96:76:05:ad:56:e2:83:0a:ce:
                    9d:94:5a:2a:02:7f:30:37:d9:23:eb:f8:c7:39:0e:
                    40:73:11:a7:c2:05:8a:ed:d6:74:92:0c:38:64:bd:
                    76:8e:35:39:41:e6:b4:d0:22:0d:7d:e3:23:87:10:
                    cc:f4:d4:7a:15:9f:fe:8b:14:94:99:0e:d8:90:33:
                    6e:38:f8:6e:00:bc:96:47:95:3e:66:87:e3:ad:ec:
                    d7:0f:64:1b:14:8e:77:a1:57:47:52:a6:4a:39:b4:
                    9b:ad:ae:10:a2:4c:ad:62:0d:b1:2b:f1:be:c8:f6:
                    68:02:38:09:d4:76:01:a2:0b:29:13:6b:96:e2:41:
                    0c:f8:b4:7d:75:cd:14:9c:5f:8c:0a:c8:85:b3:b2:
                    94:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:F0:D0:A9:13:8E:A9:F7:0B:8A:D2:D4:05:7F:38:14:FB:02:B3:57
            X509v3 Authority Key Identifier:
                keyid:8A:55:2D:D8:69:5D:48:3D:47:CE:4C:F8:45:B9:06:B1:75:27:6A:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilUt2GldSD1Hzkz4RbkGsXUnalw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/420621-98b9-4961-a230-29b3f0272b9f/1/bvDQqROOqfcLitLUBX84FPsCs1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/420621-98b9-4961-a230-29b3f0272b9f/1/ilUt2GldSD1Hzkz4RbkGsXUnalw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.67.0/24
                IPv6:
                  2a0d:2b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:96:b8:8a:0f:ba:43:93:e3:25:4d:a5:86:da:0a:cc:79:ba:
         22:36:e9:99:93:6e:40:f7:e5:76:d2:67:74:e4:7a:ec:d6:90:
         1f:bd:53:95:2a:0c:b1:fb:dd:69:9a:4d:7a:09:6f:8b:e0:75:
         83:2e:98:db:a7:27:6f:81:b4:c9:57:ec:31:49:98:20:3c:49:
         1a:a5:6d:c0:26:7b:20:76:c1:4b:45:b6:73:7e:06:d5:cc:9a:
         bc:5d:8b:2a:b1:b7:2a:39:20:66:41:74:f6:a9:ab:e3:eb:65:
         9e:b5:c2:64:40:7e:bc:e0:8e:15:78:e2:f7:e9:c4:65:17:a2:
         00:88:bf:90:3b:39:59:7a:36:51:9e:0e:13:63:12:b5:ec:32:
         b3:f8:29:e6:03:1e:3a:3f:ea:2d:ac:b9:f5:54:b1:ef:a1:ca:
         a7:5d:9a:54:1d:e6:73:42:0f:16:94:5b:b2:f0:ae:14:20:b3:
         07:91:9c:23:7e:13:ff:61:47:95:c7:d9:6c:d9:8b:39:8f:69:
         1f:57:62:84:b7:1d:d7:5c:3d:b1:71:f5:21:e6:3a:7c:99:43:
         fa:74:ce:b6:89:d4:27:65:15:dc:d0:03:b6:51:c8:dc:02:0d:
         07:7e:3f:4d:6c:96:39:4e:97:0d:d1:e6:60:27:d6:3a:2a:00:
         76:97:36:ac
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZk4ZqcLbXMb1LaThznDpmOQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNTUyZGQ4Njk1ZDQ4M2Q0N2NlNGNmODQ1YjkwNmIxNzUy
NzZhNWMwHhcNMjUwOTExMTA1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWYwZDBhOTEzOGVhOWY3MGI4YWQyZDQwNTdmMzgxNGZiMDJiMzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfqQwiMguRyJebR1K/gou4P7D1C+
uzHxTZQ20Vvm0bZ+R1HKW8G8crCLWyMisdcxyUsl4BwWoebSg09XIgax+ndOOTDm
DAnZrqe6HdHrh+1Ehzj1WoWjxy8QOgzPT0bg7zQsi7v52eDrvyiLPlSWdgWtVuKD
Cs6dlFoqAn8wN9kj6/jHOQ5AcxGnwgWK7dZ0kgw4ZL12jjU5Qea00CINfeMjhxDM
9NR6FZ/+ixSUmQ7YkDNuOPhuALyWR5U+ZofjrezXD2QbFI53oVdHUqZKObSbra4Q
okytYg2xK/G+yPZoAjgJ1HYBogspE2uW4kEM+LR9dc0UnF+MCsiFs7KUBwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG7w0KkTjqn3C4rS1AV/OBT7ArNXMB8GA1UdIwQY
MBaAFIpVLdhpXUg9R85M+EW5BrF1J2pcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxVdDJHbGRTRDFIemt6NFJia0dzWFVuYWx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80MjA2MjEtOThiOS00OTYxLWEyMzAt
MjliM2YwMjcyYjlmLzEvYnZEUXFST09xZmNMaXRMVUJYODRGUHNDczFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80MjA2MjEtOThiOS00OTYxLWEyMzAtMjliM2YwMjcyYjlm
LzEvaWxVdDJHbGRTRDFIemt6NFJia0dzWFVuYWx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXpxDMA0E
AgACMAcDBQMqDSsAMA0GCSqGSIb3DQEBCwUAA4IBAQCblriKD7pDk+MlTaWG2grM
eboiNumZk25A9+V20md05Hrs1pAfvVOVKgyx+91pmk16CW+L4HWDLpjbpydvgbTJ
V+wxSZggPEkapW3AJnsgdsFLRbZzfgbVzJq8XYsqsbcqOSBmQXT2qavj62WetcJk
QH684I4VeOL36cRlF6IAiL+QOzlZejZRng4TYxK17DKz+CnmAx46P+otrLn1VLHv
ocqnXZpUHeZzQg8WlFuy8K4UILMHkZwjfhP/YUeVx9ls2Ys5j2kfV2KEtx3XXD2x
cfUh5jp8mUP6dM62idQnZRXc0AO2UcjcAg0Hfj9NbJY5TpcN0eZgJ9Y6KgB2lzas
-----END CERTIFICATE-----