Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/q764NZ2C5xrpkP8LBsmdVe7f1dw.roa
File:                     q764NZ2C5xrpkP8LBsmdVe7f1dw.roa (raw, json)
Hash identifier:          sLViIw17i8ukMTeK1rHQJp904qo/JWVcyaL9gru+PTA=
Subject key identifier:   AB:BE:B8:35:9D:82:E7:1A:E9:90:FF:0B:06:C9:9D:55:EE:DF:D5:DC
Certificate issuer:       /CN=f5f0f07ca0a6b4cb2c159e9045974503ae288581
Certificate serial:       0199CDD479D1A38BE4ABCC627ACE0147C9D4
Authority key identifier: F5:F0:F0:7C:A0:A6:B4:CB:2C:15:9E:90:45:97:45:03:AE:28:85:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fDwfKCmtMssFZ6QRZdFA64ohYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/q764NZ2C5xrpkP8LBsmdVe7f1dw.roa
Signing time:             Fri 10 Oct 2025 11:14:38 +0000
ROA not before:           Fri 10 Oct 2025 11:14:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47886
IP address blocks:        185.202.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/9fDwfKCmtMssFZ6QRZdFA64ohYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/9fDwfKCmtMssFZ6QRZdFA64ohYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fDwfKCmtMssFZ6QRZdFA64ohYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:d4:79:d1:a3:8b:e4:ab:cc:62:7a:ce:01:47:c9:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5f0f07ca0a6b4cb2c159e9045974503ae288581
        Validity
            Not Before: Oct 10 11:14:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abbeb8359d82e71ae990ff0b06c99d55eedfd5dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4d:e6:a6:d3:30:c3:d5:4b:ae:f4:1f:bc:46:
                    14:87:cb:1e:9a:eb:d2:b2:ac:82:d1:43:78:73:26:
                    27:5a:32:6d:67:cb:1d:36:d9:82:a4:0a:95:cf:7a:
                    e3:b1:2d:6a:72:31:53:96:80:44:e8:e3:98:5c:0a:
                    7e:26:0b:ab:8f:36:c8:89:34:26:1a:26:bc:a1:54:
                    30:e2:8f:6a:47:7b:ee:70:99:2f:e6:64:0e:d3:99:
                    78:2c:f4:72:9f:17:4f:52:4f:19:a3:9d:04:d3:65:
                    84:99:87:93:5f:67:33:43:c8:6f:c2:53:52:bc:71:
                    9d:19:77:f2:0f:90:50:7f:07:1a:d2:56:6e:5e:aa:
                    bf:95:95:05:67:50:1a:99:b1:ea:64:69:30:62:ef:
                    7b:a9:5b:a1:67:3c:54:a6:c3:b4:bc:ee:d5:a6:19:
                    f9:1b:36:68:37:06:1a:a6:3a:7e:72:66:91:c2:44:
                    4c:a7:c2:82:7a:a0:c7:ef:be:da:47:2c:bf:85:97:
                    f2:24:8b:45:1d:ea:2d:c3:99:6d:03:b0:ff:48:67:
                    96:65:1b:d2:c1:40:02:e4:f5:4c:c2:bb:76:33:b2:
                    61:93:6b:69:b8:63:d6:ca:4c:e4:10:a4:ca:08:0c:
                    30:69:28:99:3a:1c:ed:77:eb:d4:99:da:b5:74:f8:
                    d8:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:BE:B8:35:9D:82:E7:1A:E9:90:FF:0B:06:C9:9D:55:EE:DF:D5:DC
            X509v3 Authority Key Identifier:
                keyid:F5:F0:F0:7C:A0:A6:B4:CB:2C:15:9E:90:45:97:45:03:AE:28:85:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fDwfKCmtMssFZ6QRZdFA64ohYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/q764NZ2C5xrpkP8LBsmdVe7f1dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/eb0d91-708c-4910-84f9-323486ca0540/1/9fDwfKCmtMssFZ6QRZdFA64ohYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e5:1f:0d:6c:f9:6c:3b:e9:d5:71:58:73:c6:63:36:3f:2c:d7:
         c9:75:01:bb:7d:86:e9:79:7b:16:da:ba:e2:82:f8:28:52:2b:
         dc:ff:28:a1:08:d2:ee:32:3f:42:48:2f:1a:46:e9:45:57:66:
         1f:16:33:16:1d:53:4a:fc:27:0f:5a:4c:79:06:fd:69:0e:dc:
         00:31:11:1a:fb:0e:42:77:ca:d7:22:f0:fe:6e:72:11:00:bd:
         6a:46:06:b4:ba:3a:27:be:0d:1d:dc:f5:31:ca:d9:18:0e:65:
         76:8e:43:18:a8:4f:2e:85:e5:33:64:04:68:69:9b:2b:71:6b:
         bb:c5:57:ab:eb:6d:ea:d3:be:3b:a5:e1:6e:a6:5f:fc:11:c8:
         e2:15:8a:fc:c7:a8:c2:fe:20:e7:c2:db:7a:7d:f1:4e:97:96:
         6e:a7:d9:72:1b:0d:e2:22:d7:33:2e:3d:3a:7b:8e:80:63:e4:
         1d:30:71:6e:93:2f:1d:de:33:aa:ce:65:b1:6b:b4:26:c7:f7:
         56:c3:01:92:7e:ee:34:e6:f6:e4:5d:72:2f:e5:6d:e7:92:a0:
         3f:52:05:0c:d9:34:a8:45:3b:7a:73:ca:05:be:a6:76:ad:ef:
         81:78:cb:dc:9d:4d:97:37:17:ee:d1:28:26:a7:17:e1:e2:16:
         1a:96:6b:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnN1HnRo4vkq8xies4BR8nUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZjBmMDdjYTBhNmI0Y2IyYzE1OWU5MDQ1OTc0NTAzYWUy
ODg1ODEwHhcNMjUxMDEwMTExNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmJlYjgzNTlkODJlNzFhZTk5MGZmMGIwNmM5OWQ1NWVlZGZkNWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj03mptMww9VLrvQfvEYUh8semuvS
sqyC0UN4cyYnWjJtZ8sdNtmCpAqVz3rjsS1qcjFTloBE6OOYXAp+JgurjzbIiTQm
Gia8oVQw4o9qR3vucJkv5mQO05l4LPRynxdPUk8Zo50E02WEmYeTX2czQ8hvwlNS
vHGdGXfyD5BQfwca0lZuXqq/lZUFZ1AambHqZGkwYu97qVuhZzxUpsO0vO7Vphn5
GzZoNwYapjp+cmaRwkRMp8KCeqDH777aRyy/hZfyJItFHeotw5ltA7D/SGeWZRvS
wUAC5PVMwrt2M7Jhk2tpuGPWykzkEKTKCAwwaSiZOhztd+vUmdq1dPjY4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKu+uDWdguca6ZD/CwbJnVXu39XcMB8GA1UdIwQY
MBaAFPXw8HygprTLLBWekEWXRQOuKIWBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZEd2ZLQ210TXNzRlo2UVJaZEZBNjRvaFlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9lYjBkOTEtNzA4Yy00OTEwLTg0Zjkt
MzIzNDg2Y2EwNTQwLzEvcTc2NE5aMkM1eHJwa1A4TEJzbWRWZTdmMWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9lYjBkOTEtNzA4Yy00OTEwLTg0ZjktMzIzNDg2Y2EwNTQw
LzEvOWZEd2ZLQ210TXNzRlo2UVJaZEZBNjRvaFlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucr/MA0G
CSqGSIb3DQEBCwUAA4IBAQDlHw1s+Ww76dVxWHPGYzY/LNfJdQG7fYbpeXsW2rri
gvgoUivc/yihCNLuMj9CSC8aRulFV2YfFjMWHVNK/CcPWkx5Bv1pDtwAMREa+w5C
d8rXIvD+bnIRAL1qRga0ujonvg0d3PUxytkYDmV2jkMYqE8uheUzZARoaZsrcWu7
xVer623q0747peFupl/8EcjiFYr8x6jC/iDnwtt6ffFOl5Zup9lyGw3iItczLj06
e46AY+QdMHFuky8d3jOqzmWxa7Qmx/dWwwGSfu405vbkXXIv5W3nkqA/UgUM2TSo
RTt6c8oFvqZ2re+BeMvcnU2XNxfu0Sgmpxfh4hYalmvr
-----END CERTIFICATE-----