Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/feea84-9fe4-4cbb-a270-21f15eaf5ee0/1/IV6LAMTesDGR72HXRT_RM2ewtd0.roa
File:                     IV6LAMTesDGR72HXRT_RM2ewtd0.roa (raw, json)
Hash identifier:          Ji82TeFvw2AWO7ouVte9FvWBgNe+1lXjlT4zAWwBKBg=
Subject key identifier:   21:5E:8B:00:C4:DE:B0:31:91:EF:61:D7:45:3F:D1:33:67:B0:B5:DD
Certificate issuer:       /CN=fd46ee475927048045a2d66cfb1c929edf1c5779
Certificate serial:       01997D57660ACC429BC254048E371777AC15
Authority key identifier: FD:46:EE:47:59:27:04:80:45:A2:D6:6C:FB:1C:92:9E:DF:1C:57:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_UbuR1knBIBFotZs-xySnt8cV3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/feea84-9fe4-4cbb-a270-21f15eaf5ee0/1/IV6LAMTesDGR72HXRT_RM2ewtd0.roa
Signing time:             Wed 24 Sep 2025 20:08:23 +0000
ROA not before:           Wed 24 Sep 2025 20:08:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        85.204.120.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/feea84-9fe4-4cbb-a270-21f15eaf5ee0/1/_UbuR1knBIBFotZs-xySnt8cV3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/feea84-9fe4-4cbb-a270-21f15eaf5ee0/1/_UbuR1knBIBFotZs-xySnt8cV3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_UbuR1knBIBFotZs-xySnt8cV3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7d:57:66:0a:cc:42:9b:c2:54:04:8e:37:17:77:ac:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd46ee475927048045a2d66cfb1c929edf1c5779
        Validity
            Not Before: Sep 24 20:08:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=215e8b00c4deb03191ef61d7453fd13367b0b5dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6c:dc:48:45:b6:c4:d7:f6:be:a9:ed:72:d8:
                    b0:c7:d6:08:46:20:1a:11:89:c8:40:90:c9:78:88:
                    5d:90:44:99:37:27:84:e6:a8:13:a4:40:48:d8:f7:
                    7c:d6:b3:b5:ca:4f:1c:4a:6b:fe:b6:81:43:0c:af:
                    65:67:19:55:0d:3d:b2:e7:ca:d5:71:2a:89:a9:b1:
                    5c:21:0f:f7:3c:cf:e2:fe:55:84:d4:72:9c:34:c7:
                    fe:ba:9a:56:26:56:88:9a:1f:3d:6f:96:f2:24:ef:
                    05:ad:c5:4e:42:cd:8d:b0:d4:d0:25:47:ae:38:4e:
                    e6:e2:62:aa:5c:7c:8b:5f:4c:d2:e1:a8:9a:7e:05:
                    f1:7e:c2:3c:8a:e1:29:40:bd:33:11:72:4b:06:d0:
                    5c:a2:3a:96:10:18:b9:a0:bf:21:5f:cb:98:db:7a:
                    0d:89:31:54:ec:7e:f6:61:69:69:52:dc:18:84:3a:
                    e1:e2:58:1c:44:cd:9e:c2:cc:70:42:54:a3:94:a3:
                    a3:d7:d5:b7:6d:2a:70:2e:cf:07:4c:18:1b:b6:b4:
                    2d:6f:77:5d:b0:22:17:2c:81:05:4a:b1:cf:ee:74:
                    ce:c8:5f:c9:64:d7:18:8c:d3:9f:26:e7:f7:03:c3:
                    53:98:3d:41:d2:14:0f:7b:70:4b:6d:7f:f2:53:43:
                    14:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:5E:8B:00:C4:DE:B0:31:91:EF:61:D7:45:3F:D1:33:67:B0:B5:DD
            X509v3 Authority Key Identifier:
                keyid:FD:46:EE:47:59:27:04:80:45:A2:D6:6C:FB:1C:92:9E:DF:1C:57:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_UbuR1knBIBFotZs-xySnt8cV3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/feea84-9fe4-4cbb-a270-21f15eaf5ee0/1/IV6LAMTesDGR72HXRT_RM2ewtd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/feea84-9fe4-4cbb-a270-21f15eaf5ee0/1/_UbuR1knBIBFotZs-xySnt8cV3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:1b:5f:01:fc:50:04:35:79:66:21:56:22:c3:ea:49:25:6d:
         54:62:31:db:4c:a4:0e:7e:d2:14:e2:88:ff:4f:96:a8:d0:30:
         c8:fb:46:a7:3f:b0:fe:7a:1e:78:ce:ba:3f:34:ae:8e:3e:e0:
         66:79:36:11:9b:49:79:fa:0d:0e:87:2c:ee:3a:1f:a4:d8:e7:
         cc:8d:73:9d:a5:54:18:51:83:f8:ff:07:1e:3f:e8:d9:91:f0:
         c9:8e:07:a0:c3:bd:5f:8b:5d:3a:4d:47:b1:0c:1d:ba:c9:7e:
         6a:3c:23:9e:13:a4:fc:fe:e3:27:4e:f6:f7:cf:60:3c:6f:4b:
         8f:5c:73:61:55:ae:a0:ab:3f:4f:f6:70:0c:0e:41:a9:0c:d1:
         8a:93:b2:1f:e0:a5:fa:40:19:6f:7c:78:2a:9d:ac:2c:d6:eb:
         a7:a7:ac:0d:87:ea:fe:d1:af:c9:11:14:51:a3:66:dd:fb:80:
         28:16:d8:96:5b:c0:69:ba:f3:08:8e:f9:91:f8:7d:a4:a8:b9:
         15:64:f5:8b:3d:fb:a3:ae:e1:29:9a:48:c4:ec:31:21:99:09:
         45:a9:6e:de:33:b3:05:fb:42:45:0b:4c:13:e8:30:fc:4e:6f:
         8a:15:88:a1:f4:3d:a8:91:6e:06:23:f2:d4:07:60:c9:6d:e4:
         53:20:50:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl9V2YKzEKbwlQEjjcXd6wVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNDZlZTQ3NTkyNzA0ODA0NWEyZDY2Y2ZiMWM5MjllZGYx
YzU3NzkwHhcNMjUwOTI0MjAwODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTVlOGIwMGM0ZGViMDMxOTFlZjYxZDc0NTNmZDEzMzY3YjBiNWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2zcSEW2xNf2vqntctiwx9YIRiAa
EYnIQJDJeIhdkESZNyeE5qgTpEBI2Pd81rO1yk8cSmv+toFDDK9lZxlVDT2y58rV
cSqJqbFcIQ/3PM/i/lWE1HKcNMf+uppWJlaImh89b5byJO8FrcVOQs2NsNTQJUeu
OE7m4mKqXHyLX0zS4aiafgXxfsI8iuEpQL0zEXJLBtBcojqWEBi5oL8hX8uY23oN
iTFU7H72YWlpUtwYhDrh4lgcRM2ewsxwQlSjlKOj19W3bSpwLs8HTBgbtrQtb3dd
sCIXLIEFSrHP7nTOyF/JZNcYjNOfJuf3A8NTmD1B0hQPe3BLbX/yU0MUOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFeiwDE3rAxke9h10U/0TNnsLXdMB8GA1UdIwQY
MBaAFP1G7kdZJwSARaLWbPsckp7fHFd5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1VidVIxa25CSUJGb3Racy14eVNudDhjVjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9mZWVhODQtOWZlNC00Y2JiLWEyNzAt
MjFmMTVlYWY1ZWUwLzEvSVY2TEFNVGVzREdSNzJIWFJUX1JNMmV3dGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9mZWVhODQtOWZlNC00Y2JiLWEyNzAtMjFmMTVlYWY1ZWUw
LzEvX1VidVIxa25CSUJGb3Racy14eVNudDhjVjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVcx4MA0G
CSqGSIb3DQEBCwUAA4IBAQBmG18B/FAENXlmIVYiw+pJJW1UYjHbTKQOftIU4oj/
T5ao0DDI+0anP7D+eh54zro/NK6OPuBmeTYRm0l5+g0OhyzuOh+k2OfMjXOdpVQY
UYP4/wceP+jZkfDJjgegw71fi106TUexDB26yX5qPCOeE6T8/uMnTvb3z2A8b0uP
XHNhVa6gqz9P9nAMDkGpDNGKk7If4KX6QBlvfHgqnaws1uunp6wNh+r+0a/JERRR
o2bd+4AoFtiWW8BpuvMIjvmR+H2kqLkVZPWLPfujruEpmkjE7DEhmQlFqW7eM7MF
+0JFC0wT6DD8Tm+KFYih9D2okW4GI/LUB2DJbeRTIFDr
-----END CERTIFICATE-----