Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/u_6Z2m-kttn1KGvW0DMCRJb-wGc.roa
File:                     u_6Z2m-kttn1KGvW0DMCRJb-wGc.roa (raw, json)
Hash identifier:          8dKKNumWXSexpArn6diHEL6UixSl6qSaZ9jIxuDxNf0=
Subject key identifier:   BB:FE:99:DA:6F:A4:B6:D9:F5:28:6B:D6:D0:33:02:44:96:FE:C0:67
Certificate issuer:       /CN=cbdfce3a5355f861fdc48c32012c78c9daf9a5a4
Certificate serial:       0199B9C2E14B669B44A586F4CC2ED0E7FD3F
Authority key identifier: CB:DF:CE:3A:53:55:F8:61:FD:C4:8C:32:01:2C:78:C9:DA:F9:A5:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/u_6Z2m-kttn1KGvW0DMCRJb-wGc.roa
Signing time:             Mon 06 Oct 2025 13:43:00 +0000
ROA not before:           Mon 06 Oct 2025 13:43:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60788
IP address blocks:        62.223.18.0/24 maxlen: 24
                          62.223.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/y9_OOlNV-GH9xIwyASx4ydr5paQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/y9_OOlNV-GH9xIwyASx4ydr5paQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b9:c2:e1:4b:66:9b:44:a5:86:f4:cc:2e:d0:e7:fd:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbdfce3a5355f861fdc48c32012c78c9daf9a5a4
        Validity
            Not Before: Oct  6 13:43:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbfe99da6fa4b6d9f5286bd6d033024496fec067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4d:f2:2a:c3:db:7b:53:9f:fe:b8:57:75:d1:
                    3c:76:63:38:69:a6:ec:47:3c:a0:ea:94:8f:10:d5:
                    04:07:24:27:37:38:6b:29:99:91:cf:51:b2:99:36:
                    82:e0:12:c3:52:2d:1f:05:1e:51:3c:04:0d:4b:2b:
                    ff:4e:59:79:c9:9f:c4:3a:e5:67:5f:0c:29:68:7a:
                    c2:8b:7c:2f:a0:d8:6d:25:f2:3a:8c:85:11:72:e7:
                    e6:f8:9c:6b:86:db:c9:c8:50:88:02:b5:24:dd:5d:
                    2b:0e:85:79:49:66:06:ea:79:49:7a:92:3c:4a:fc:
                    b8:cc:7b:4f:31:8a:06:05:83:ff:e8:68:5c:28:dc:
                    a3:e9:45:9e:1a:58:1e:b2:f9:81:df:e3:cb:d7:65:
                    76:9c:ef:d5:72:cc:e8:97:4e:9f:91:24:61:4d:f9:
                    ef:96:e7:b0:64:ce:9f:c3:34:9c:60:6a:52:24:9c:
                    99:0b:52:a8:dd:21:1c:5a:b7:72:42:fa:c0:84:97:
                    4f:83:84:42:c1:1b:02:d5:17:e7:ab:e0:c6:f6:7c:
                    1f:f1:b6:32:67:ad:59:f0:dd:80:17:05:c5:5d:92:
                    fd:07:06:32:9a:5c:f0:22:b0:51:82:0a:15:6d:c5:
                    e3:e7:bd:72:08:bb:e5:00:80:91:79:f2:1e:4d:3a:
                    5f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FE:99:DA:6F:A4:B6:D9:F5:28:6B:D6:D0:33:02:44:96:FE:C0:67
            X509v3 Authority Key Identifier:
                keyid:CB:DF:CE:3A:53:55:F8:61:FD:C4:8C:32:01:2C:78:C9:DA:F9:A5:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/u_6Z2m-kttn1KGvW0DMCRJb-wGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/y9_OOlNV-GH9xIwyASx4ydr5paQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.223.18.0/24
                  62.223.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f8:5b:52:dd:a9:fc:67:3e:b1:01:16:73:3f:20:de:fc:82:
         9b:21:65:49:0f:76:55:29:8f:6b:9e:18:51:8f:07:d4:47:d8:
         12:2c:b9:0e:79:ab:30:b9:bf:8f:04:eb:76:5c:3b:d7:d1:c0:
         bb:19:11:34:14:be:8b:e0:00:db:74:84:97:c4:5a:b7:09:92:
         15:1e:eb:9a:56:ea:dc:49:ae:e0:34:d3:51:fb:68:fb:6c:b6:
         21:02:81:a2:86:e5:6f:37:20:8e:6b:da:9b:9b:ce:ee:40:8f:
         96:61:7a:41:ec:2c:b4:67:c6:53:89:90:eb:ef:8f:37:81:05:
         6f:0a:18:1a:65:85:30:84:da:9a:2a:58:73:dc:95:cd:08:c1:
         bc:9b:2d:82:6f:7b:48:0e:ef:7f:8c:3d:61:57:3a:a0:90:68:
         19:a9:4b:16:28:14:6f:8b:6a:33:ad:e1:44:9b:f2:c2:fc:34:
         6e:0e:91:4a:de:9f:63:cb:89:ff:02:a0:05:d5:b8:87:2d:f2:
         1b:64:f4:e5:26:d5:0e:b8:8d:8d:80:a3:a6:20:56:ba:f0:f6:
         11:98:cc:25:c0:a8:36:62:91:d4:9c:51:81:b8:dd:be:3c:4c:
         7d:43:4a:b0:15:43:48:bd:a6:02:14:b3:c7:cf:03:59:d4:0f:
         63:ce:6a:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm5wuFLZptEpYb0zC7Q5/0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZGZjZTNhNTM1NWY4NjFmZGM0OGMzMjAxMmM3OGM5ZGFm
OWE1YTQwHhcNMjUxMDA2MTM0MzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmZlOTlkYTZmYTRiNmQ5ZjUyODZiZDZkMDMzMDI0NDk2ZmVjMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuk3yKsPbe1Of/rhXddE8dmM4aabs
Rzyg6pSPENUEByQnNzhrKZmRz1GymTaC4BLDUi0fBR5RPAQNSyv/Tll5yZ/EOuVn
XwwpaHrCi3wvoNhtJfI6jIURcufm+JxrhtvJyFCIArUk3V0rDoV5SWYG6nlJepI8
Svy4zHtPMYoGBYP/6GhcKNyj6UWeGlgesvmB3+PL12V2nO/Vcszol06fkSRhTfnv
luewZM6fwzScYGpSJJyZC1Ko3SEcWrdyQvrAhJdPg4RCwRsC1Rfnq+DG9nwf8bYy
Z61Z8N2AFwXFXZL9BwYymlzwIrBRggoVbcXj571yCLvlAICRefIeTTpfawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLv+mdpvpLbZ9Shr1tAzAkSW/sBnMB8GA1UdIwQY
MBaAFMvfzjpTVfhh/cSMMgEseMna+aWkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlfT09sTlYtR0g5eEl3eUFTeDR5ZHI1cGFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi83NGExYjUtM2MyZS00OGUyLTkwZmQt
YjQ5ZDg5ZTMwZGRkLzEvdV82WjJtLWt0dG4xS0d2VzBETUNSSmItd0djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi83NGExYjUtM2MyZS00OGUyLTkwZmQtYjQ5ZDg5ZTMwZGRk
LzEveTlfT09sTlYtR0g5eEl3eUFTeDR5ZHI1cGFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPt8SAwQA
Pt8UMA0GCSqGSIb3DQEBCwUAA4IBAQBq+FtS3an8Zz6xARZzPyDe/IKbIWVJD3ZV
KY9rnhhRjwfUR9gSLLkOeaswub+PBOt2XDvX0cC7GRE0FL6L4ADbdISXxFq3CZIV
HuuaVurcSa7gNNNR+2j7bLYhAoGihuVvNyCOa9qbm87uQI+WYXpB7Cy0Z8ZTiZDr
7483gQVvChgaZYUwhNqaKlhz3JXNCMG8my2Cb3tIDu9/jD1hVzqgkGgZqUsWKBRv
i2ozreFEm/LC/DRuDpFK3p9jy4n/AqAF1biHLfIbZPTlJtUOuI2NgKOmIFa68PYR
mMwlwKg2YpHUnFGBuN2+PEx9Q0qwFUNIvaYCFLPHzwNZ1A9jzmp/
-----END CERTIFICATE-----