Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/7PrThjlXTdWomtXWwr_eOJDlAFY.roa
File:                     7PrThjlXTdWomtXWwr_eOJDlAFY.roa (raw, json)
Hash identifier:          2SgrElvVXtH7x+BnWs8QSmeq0QSew6wcOvgzJlh8YyA=
Subject key identifier:   EC:FA:D3:86:39:57:4D:D5:A8:9A:D5:D6:C2:BF:DE:38:90:E5:00:56
Certificate issuer:       /CN=b63a3094439cac0f555701286cd54373bce6cb50
Certificate serial:       0199A4725E61FEBAC14FD86E8481DFA57376
Authority key identifier: B6:3A:30:94:43:9C:AC:0F:55:57:01:28:6C:D5:43:73:BC:E6:CB:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjowlEOcrA9VVwEobNVDc7zmy1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/7PrThjlXTdWomtXWwr_eOJDlAFY.roa
Signing time:             Thu 02 Oct 2025 10:23:02 +0000
ROA not before:           Thu 02 Oct 2025 10:23:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203680
IP address blocks:        130.0.12.0/24 maxlen: 24
                          130.0.13.0/24 maxlen: 24
                          130.0.14.0/24 maxlen: 24
                          130.0.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/tjowlEOcrA9VVwEobNVDc7zmy1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/tjowlEOcrA9VVwEobNVDc7zmy1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjowlEOcrA9VVwEobNVDc7zmy1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:72:5e:61:fe:ba:c1:4f:d8:6e:84:81:df:a5:73:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b63a3094439cac0f555701286cd54373bce6cb50
        Validity
            Not Before: Oct  2 10:23:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecfad38639574dd5a89ad5d6c2bfde3890e50056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ac:0b:0d:fa:48:86:f6:5c:b3:02:39:20:e1:
                    ca:f7:f0:c3:a5:a1:0c:22:88:b8:f0:1d:4a:97:35:
                    4e:e4:f1:30:1f:e6:21:bb:1d:41:68:3f:c3:59:7f:
                    e5:ee:50:05:5d:57:30:fd:c8:af:81:b1:a1:34:7c:
                    52:74:6e:de:de:3d:b5:98:9a:2d:80:05:47:70:e6:
                    da:b1:97:90:f8:f0:a3:13:ce:bc:15:c6:03:2b:f6:
                    3e:6d:c6:b8:7d:72:02:d3:f4:fd:52:26:a5:96:a2:
                    f3:51:58:97:30:bc:74:7c:bc:d4:a8:ce:4f:cc:a0:
                    ed:78:c7:be:c2:00:6c:be:da:3c:e7:e7:18:93:4e:
                    09:d0:dc:cc:70:9a:f3:dc:97:61:36:35:28:f0:5e:
                    30:bb:3a:ff:e3:01:f3:cc:ac:b2:59:d7:dd:bb:d4:
                    9b:af:8c:a7:9c:9f:9a:a1:9f:02:9c:8d:10:34:5d:
                    61:d5:b3:95:c1:a1:32:6a:c9:3d:89:a8:fa:28:a6:
                    6b:58:15:7f:cb:42:4a:14:66:27:77:c9:ac:4d:e2:
                    10:9b:56:33:5f:3b:03:27:3d:ff:30:72:92:ba:af:
                    0d:d4:33:c0:53:26:03:1f:f4:87:bc:34:f0:b8:1d:
                    0c:ba:06:2e:48:fe:29:53:18:a0:bc:ff:94:36:0e:
                    95:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:FA:D3:86:39:57:4D:D5:A8:9A:D5:D6:C2:BF:DE:38:90:E5:00:56
            X509v3 Authority Key Identifier:
                keyid:B6:3A:30:94:43:9C:AC:0F:55:57:01:28:6C:D5:43:73:BC:E6:CB:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjowlEOcrA9VVwEobNVDc7zmy1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/7PrThjlXTdWomtXWwr_eOJDlAFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/e4d20f-6dc8-497d-a8d6-9dddd6802088/1/tjowlEOcrA9VVwEobNVDc7zmy1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.0.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:f9:a7:4e:c1:4d:1a:84:f2:f7:0e:91:d7:8d:2e:09:dc:e6:
         1f:1e:15:b1:ad:e0:ec:df:71:0c:7d:2b:ac:7a:ee:ea:39:b0:
         c5:f4:fd:0f:ef:32:1e:b9:9f:b0:7e:c2:e2:ea:ca:9b:0c:21:
         3e:7e:33:fb:7b:b2:92:b1:e3:8b:f9:b3:de:f6:6f:07:2c:ab:
         0b:8c:fe:c9:69:5d:27:8c:0c:c0:47:bd:16:7b:23:f4:a8:95:
         f3:8f:99:71:6d:0b:dd:a0:ee:3a:db:b3:79:68:0e:28:b6:6f:
         5d:f4:fa:84:4a:42:98:a1:0b:40:df:bb:da:15:ab:c9:59:1c:
         2f:f7:7b:9a:c4:b9:20:7a:6a:52:1b:0a:55:61:a4:4c:60:92:
         82:f1:5f:6f:7f:d9:99:35:0b:41:d8:4e:12:c3:a7:08:2c:46:
         e9:44:4b:03:1f:e8:62:32:91:89:a5:e0:87:80:1c:32:39:43:
         96:2d:81:3a:b2:8a:2a:36:6e:14:dd:07:c9:75:83:c9:fd:65:
         97:16:8b:8c:33:58:20:29:89:1b:c8:e4:19:bf:c6:23:7c:91:
         a0:16:51:d8:95:5e:7e:8f:92:6a:34:e5:23:38:11:7d:16:84:
         a2:46:bd:94:b4:44:66:1f:2f:40:67:4b:d1:eb:6a:c7:b1:1f:
         de:f1:1a:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmkcl5h/rrBT9huhIHfpXN2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2M2EzMDk0NDM5Y2FjMGY1NTU3MDEyODZjZDU0MzczYmNl
NmNiNTAwHhcNMjUxMDAyMTAyMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2ZhZDM4NjM5NTc0ZGQ1YTg5YWQ1ZDZjMmJmZGUzODkwZTUwMDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6wLDfpIhvZcswI5IOHK9/DDpaEM
Ioi48B1KlzVO5PEwH+Yhux1BaD/DWX/l7lAFXVcw/civgbGhNHxSdG7e3j21mJot
gAVHcObasZeQ+PCjE868FcYDK/Y+bca4fXIC0/T9UiallqLzUViXMLx0fLzUqM5P
zKDteMe+wgBsvto85+cYk04J0NzMcJrz3JdhNjUo8F4wuzr/4wHzzKyyWdfdu9Sb
r4ynnJ+aoZ8CnI0QNF1h1bOVwaEyask9iaj6KKZrWBV/y0JKFGYnd8msTeIQm1Yz
XzsDJz3/MHKSuq8N1DPAUyYDH/SHvDTwuB0MugYuSP4pUxigvP+UNg6VJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOz604Y5V03VqJrV1sK/3jiQ5QBWMB8GA1UdIwQY
MBaAFLY6MJRDnKwPVVcBKGzVQ3O85stQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpvd2xFT2NyQTlWVndFb2JOVkRjN3pteTFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9lNGQyMGYtNmRjOC00OTdkLWE4ZDYt
OWRkZGQ2ODAyMDg4LzEvN1ByVGhqbFhUZFdvbXRYV3dyX2VPSkRsQUZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9lNGQyMGYtNmRjOC00OTdkLWE4ZDYtOWRkZGQ2ODAyMDg4
LzEvdGpvd2xFT2NyQTlWVndFb2JOVkRjN3pteTFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCggAMMA0G
CSqGSIb3DQEBCwUAA4IBAQCb+adOwU0ahPL3DpHXjS4J3OYfHhWxreDs33EMfSus
eu7qObDF9P0P7zIeuZ+wfsLi6sqbDCE+fjP7e7KSseOL+bPe9m8HLKsLjP7JaV0n
jAzAR70WeyP0qJXzj5lxbQvdoO4627N5aA4otm9d9PqESkKYoQtA37vaFavJWRwv
93uaxLkgempSGwpVYaRMYJKC8V9vf9mZNQtB2E4Sw6cILEbpREsDH+hiMpGJpeCH
gBwyOUOWLYE6sooqNm4U3QfJdYPJ/WWXFouMM1ggKYkbyOQZv8YjfJGgFlHYlV5+
j5JqNOUjOBF9FoSiRr2UtERmHy9AZ0vR62rHsR/e8Rpw
-----END CERTIFICATE-----