Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/2P8shKd_220nYdZMZlSUBMfyDxs.roa
File:                     2P8shKd_220nYdZMZlSUBMfyDxs.roa (raw, json)
Hash identifier:          DHVwQ61Uemg4pxo94GshwMHSxRxws7x9ytMWEMfUpCA=
Subject key identifier:   D8:FF:2C:84:A7:7F:DB:6D:27:61:D6:4C:66:54:94:04:C7:F2:0F:1B
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0199A916B9CD098341D29FA87793428CC50E
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/2P8shKd_220nYdZMZlSUBMfyDxs.roa
Signing time:             Fri 03 Oct 2025 08:01:02 +0000
ROA not before:           Fri 03 Oct 2025 08:01:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        213.21.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:16:b9:cd:09:83:41:d2:9f:a8:77:93:42:8c:c5:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Oct  3 08:01:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8ff2c84a77fdb6d2761d64c66549404c7f20f1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ce:b8:42:cb:64:b5:11:f3:d5:b3:6c:57:45:
                    fe:32:3d:82:cb:27:d3:08:41:c4:aa:12:76:3a:4f:
                    6b:ae:ce:9c:2b:c0:ee:7b:dc:db:12:8d:fa:a7:01:
                    81:f0:1a:2b:72:b3:20:a3:43:76:a0:c8:9d:06:70:
                    38:64:47:50:a7:76:63:f6:51:1d:62:25:52:00:8d:
                    70:f8:4a:29:e9:1f:ef:60:e7:29:53:68:8b:06:1e:
                    7b:61:85:d7:a4:a9:9c:6f:0b:50:4b:21:f7:6a:9c:
                    aa:63:2a:8d:16:56:12:a4:e7:3b:62:1a:0e:03:e0:
                    c1:4e:19:81:53:72:56:26:5b:76:ff:eb:f4:b7:09:
                    47:b8:ad:3e:0c:68:5d:68:d3:18:16:ea:53:e7:3c:
                    61:12:0a:f5:fb:aa:42:2a:f7:e4:7d:03:6a:a7:3a:
                    01:d8:59:82:3e:c3:09:4b:3e:f1:23:dc:99:6f:af:
                    4b:17:2f:f6:dc:75:ad:5d:c4:93:ca:60:55:a4:ad:
                    f5:5b:d5:d7:63:26:cd:f9:8c:e2:fc:fe:0a:d8:fe:
                    b1:c7:0d:4a:c7:5c:f9:40:37:57:96:4e:c2:ac:0e:
                    01:60:c6:78:14:97:f2:f0:8d:13:9c:4f:b5:17:39:
                    2c:9d:f9:72:7a:34:9b:e1:ab:a7:b1:4a:c2:7d:2a:
                    1b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:FF:2C:84:A7:7F:DB:6D:27:61:D6:4C:66:54:94:04:C7:F2:0F:1B
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/2P8shKd_220nYdZMZlSUBMfyDxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:cf:c0:4e:3e:48:64:16:9c:66:04:6c:7e:fe:34:1e:75:62:
         23:a9:1e:95:17:f3:b2:6c:e5:a6:e9:05:6b:5c:d4:9c:dd:f4:
         97:59:cf:37:62:7a:6b:86:50:a3:3a:a5:94:fb:1a:01:0f:3e:
         08:07:1e:f4:8e:60:1b:4b:e4:2e:51:50:ea:5e:c5:c3:08:08:
         45:8a:58:1c:33:04:5a:3e:56:0e:94:87:29:93:32:1a:fd:aa:
         ce:59:db:46:e4:1a:48:41:ac:3e:b8:4a:73:a2:89:c0:9f:bd:
         b6:42:2c:c5:9a:7e:ff:54:cb:e9:1b:39:8a:14:e5:a2:b2:14:
         fc:bf:6a:d2:80:51:43:29:2d:b9:5f:f2:24:79:30:8d:76:2a:
         10:e9:5d:1a:7e:41:6c:97:3c:81:ab:1d:bf:79:34:26:f2:33:
         4d:ee:80:c4:61:fc:99:86:71:05:67:32:47:41:9e:da:a8:ee:
         c8:13:1c:ec:05:20:70:43:1f:f9:f7:5e:f3:fb:c5:7f:3a:48:
         1d:e9:cf:bd:83:91:26:45:3b:a5:be:57:47:01:28:1a:e5:25:
         09:f7:f3:36:fd:31:59:22:0e:32:35:a4:5f:ca:e8:1a:13:90:
         ff:69:47:1d:60:4b:fa:ca:f2:0a:f8:88:0f:bd:97:93:a4:a7:
         9a:53:ec:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmpFrnNCYNB0p+od5NCjMUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUxMDAzMDgwMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGZmMmM4NGE3N2ZkYjZkMjc2MWQ2NGM2NjU0OTQwNGM3ZjIwZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5s64QstktRHz1bNsV0X+Mj2CyyfT
CEHEqhJ2Ok9rrs6cK8Due9zbEo36pwGB8BorcrMgo0N2oMidBnA4ZEdQp3Zj9lEd
YiVSAI1w+Eop6R/vYOcpU2iLBh57YYXXpKmcbwtQSyH3apyqYyqNFlYSpOc7YhoO
A+DBThmBU3JWJlt2/+v0twlHuK0+DGhdaNMYFupT5zxhEgr1+6pCKvfkfQNqpzoB
2FmCPsMJSz7xI9yZb69LFy/23HWtXcSTymBVpK31W9XXYybN+Yzi/P4K2P6xxw1K
x1z5QDdXlk7CrA4BYMZ4FJfy8I0TnE+1FzksnflyejSb4aunsUrCfSobOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNj/LISnf9ttJ2HWTGZUlATH8g8bMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvMlA4c2hLZF8yMjBuWWRaTVpsU1VCTWZ5RHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RXkMA0G
CSqGSIb3DQEBCwUAA4IBAQCTz8BOPkhkFpxmBGx+/jQedWIjqR6VF/OybOWm6QVr
XNSc3fSXWc83YnprhlCjOqWU+xoBDz4IBx70jmAbS+QuUVDqXsXDCAhFilgcMwRa
PlYOlIcpkzIa/arOWdtG5BpIQaw+uEpzoonAn722QizFmn7/VMvpGzmKFOWishT8
v2rSgFFDKS25X/IkeTCNdioQ6V0afkFslzyBqx2/eTQm8jNN7oDEYfyZhnEFZzJH
QZ7aqO7IExzsBSBwQx/5917z+8V/Okgd6c+9g5EmRTulvldHASga5SUJ9/M2/TFZ
Ig4yNaRfyugaE5D/aUcdYEv6yvIK+IgPvZeTpKeaU+xC
-----END CERTIFICATE-----