Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vRL7X7J6QBsOUj93QCcvjfdbxp4.roa
File:                     vRL7X7J6QBsOUj93QCcvjfdbxp4.roa (raw, json)
Hash identifier:          Yxo1BK0Dho7Q18hLR6d+h4uk2U8rLN1UEJzOjOxKp6o=
Subject key identifier:   BD:12:FB:5F:B2:7A:40:1B:0E:52:3F:77:40:27:2F:8D:F7:5B:C6:9E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01997074C1FA634C45A1B1551BB5C010D808
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vRL7X7J6QBsOUj93QCcvjfdbxp4.roa
Signing time:             Mon 22 Sep 2025 08:05:24 +0000
ROA not before:           Mon 22 Sep 2025 08:05:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214654
IP address blocks:        185.206.250.0/24 maxlen: 24
                          185.226.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:70:74:c1:fa:63:4c:45:a1:b1:55:1b:b5:c0:10:d8:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Sep 22 08:05:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd12fb5fb27a401b0e523f7740272f8df75bc69e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8b:9b:fb:e9:c0:85:cf:77:82:7d:d2:40:ff:
                    c5:61:a6:d4:d0:cc:e8:ce:c3:56:7a:a1:c2:f8:bb:
                    c0:f6:17:74:e9:2b:6f:15:53:20:f9:14:ec:12:44:
                    96:0b:46:a0:d0:5b:1d:27:9e:4d:6e:ab:e5:2b:8d:
                    4a:db:1e:67:2d:a3:5e:f3:70:ac:da:6f:8f:2d:63:
                    b9:4f:e0:b4:98:ff:fd:e2:b0:34:39:0e:e7:a3:12:
                    2e:eb:5c:5a:0d:43:3a:77:cd:97:2e:82:a2:ec:bf:
                    34:14:a8:b2:ab:a0:e2:b5:75:8f:34:79:7e:d1:29:
                    ec:19:eb:21:8a:78:44:7d:c8:0a:0b:5f:d8:0d:fa:
                    11:95:80:ef:63:93:c5:fe:ac:b7:de:33:27:9c:5c:
                    b2:c0:5d:97:37:b9:e1:bf:0c:27:cd:89:29:cc:2b:
                    70:fc:be:77:ac:c8:01:e7:94:53:46:11:d3:ac:51:
                    09:38:2b:03:29:9f:87:cc:84:10:2f:96:93:1b:89:
                    38:d3:27:78:e6:29:10:c1:ec:f5:c9:25:7b:ac:0d:
                    9e:95:50:27:1d:03:b3:7f:91:92:76:76:7a:ac:3c:
                    8d:5a:c0:07:10:f3:c8:51:e9:c6:d1:8e:e4:c1:c0:
                    fc:54:ec:8a:47:84:62:cc:25:f0:dd:8a:c4:ea:60:
                    af:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:12:FB:5F:B2:7A:40:1B:0E:52:3F:77:40:27:2F:8D:F7:5B:C6:9E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vRL7X7J6QBsOUj93QCcvjfdbxp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.250.0/24
                  185.226.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:84:a8:7a:ba:0b:cc:7d:0b:41:89:c9:d8:f3:ae:69:0d:9c:
         0f:e9:b8:38:6d:c8:e3:b1:cf:64:fe:de:09:49:32:b8:de:09:
         15:38:9d:10:39:d5:3d:a6:be:bc:2e:64:9d:72:a7:8a:52:c4:
         89:cd:d4:a4:4b:cf:af:6b:2a:97:66:fd:29:c1:f3:53:15:39:
         33:90:ed:5b:61:f6:fa:0c:9a:1b:32:b2:47:0d:cf:82:c0:f0:
         f4:9f:6f:4f:b1:8c:3d:b3:e3:38:98:6a:4b:b4:1b:0c:bc:1a:
         16:86:32:d8:d8:6c:3a:b7:f1:43:d5:7e:25:9a:52:6a:39:5c:
         ab:42:bb:ce:ad:a8:1a:12:66:b6:bc:a5:61:37:e3:ed:0d:1e:
         66:20:1f:15:a0:fe:d4:3b:14:bf:9b:ae:87:d0:23:ef:ec:4d:
         f6:ac:63:8a:91:04:f3:92:6a:23:58:b8:9d:e8:47:18:e9:18:
         c6:87:10:26:ac:04:81:55:88:1b:21:06:01:ec:1e:e7:84:56:
         0d:df:1e:2b:f4:f2:8c:d9:8e:f6:4f:e9:e9:22:1b:27:9a:ad:
         65:ed:de:84:bd:76:0e:c4:33:d6:f7:f0:a7:4a:9c:b5:a4:0f:
         5c:2f:e3:86:74:73:f9:ae:63:61:68:05:bc:39:3e:bf:ef:71:
         29:9f:c0:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlwdMH6Y0xFobFVG7XAENgIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwOTIyMDgwNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDEyZmI1ZmIyN2E0MDFiMGU1MjNmNzc0MDI3MmY4ZGY3NWJjNjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4ub++nAhc93gn3SQP/FYabU0Mzo
zsNWeqHC+LvA9hd06StvFVMg+RTsEkSWC0ag0FsdJ55NbqvlK41K2x5nLaNe83Cs
2m+PLWO5T+C0mP/94rA0OQ7noxIu61xaDUM6d82XLoKi7L80FKiyq6DitXWPNHl+
0SnsGeshinhEfcgKC1/YDfoRlYDvY5PF/qy33jMnnFyywF2XN7nhvwwnzYkpzCtw
/L53rMgB55RTRhHTrFEJOCsDKZ+HzIQQL5aTG4k40yd45ikQwez1ySV7rA2elVAn
HQOzf5GSdnZ6rDyNWsAHEPPIUenG0Y7kwcD8VOyKR4RizCXw3YrE6mCvZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL0S+1+yekAbDlI/d0AnL433W8aeMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdlJMN1g3SjZRQnNPVWo5M1FDY3ZqZmRieHA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuc76AwQA
ueJrMA0GCSqGSIb3DQEBCwUAA4IBAQCmhKh6ugvMfQtBicnY865pDZwP6bg4bcjj
sc9k/t4JSTK43gkVOJ0QOdU9pr68LmSdcqeKUsSJzdSkS8+vayqXZv0pwfNTFTkz
kO1bYfb6DJobMrJHDc+CwPD0n29PsYw9s+M4mGpLtBsMvBoWhjLY2Gw6t/FD1X4l
mlJqOVyrQrvOragaEma2vKVhN+PtDR5mIB8VoP7UOxS/m66H0CPv7E32rGOKkQTz
kmojWLid6EcY6RjGhxAmrASBVYgbIQYB7B7nhFYN3x4r9PKM2Y72T+npIhsnmq1l
7d6EvXYOxDPW9/CnSpy1pA9cL+OGdHP5rmNhaAW8OT6/73Epn8A/
-----END CERTIFICATE-----