Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/_1qhZEmD1ZR0wevnSQ5eeTD9plU.roa
File:                     _1qhZEmD1ZR0wevnSQ5eeTD9plU.roa (raw, json)
Hash identifier:          ZVkFLKtKLY5Jyd68UAmKFP29SRBsL9mEyi4TVzPBvdA=
Subject key identifier:   FF:5A:A1:64:49:83:D5:94:74:C1:EB:E7:49:0E:5E:79:30:FD:A6:55
Certificate issuer:       /CN=3646142ce3290ab6786d3d30f26b5e41fd684dde
Certificate serial:       01999A779425147A7187DD5CAAB2146A2612
Authority key identifier: 36:46:14:2C:E3:29:0A:B6:78:6D:3D:30:F2:6B:5E:41:FD:68:4D:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NkYULOMpCrZ4bT0w8mteQf1oTd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/_1qhZEmD1ZR0wevnSQ5eeTD9plU.roa
Signing time:             Tue 30 Sep 2025 11:52:31 +0000
ROA not before:           Tue 30 Sep 2025 11:52:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48882
IP address blocks:        91.224.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/NkYULOMpCrZ4bT0w8mteQf1oTd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/NkYULOMpCrZ4bT0w8mteQf1oTd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NkYULOMpCrZ4bT0w8mteQf1oTd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:77:94:25:14:7a:71:87:dd:5c:aa:b2:14:6a:26:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3646142ce3290ab6786d3d30f26b5e41fd684dde
        Validity
            Not Before: Sep 30 11:52:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff5aa1644983d59474c1ebe7490e5e7930fda655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7a:e8:ae:b1:70:5a:3f:46:0d:c3:91:00:bf:
                    cf:d8:fe:27:37:e8:93:90:5e:a1:fd:bd:18:e8:00:
                    88:23:63:0c:55:fc:41:dc:89:80:24:32:79:5b:44:
                    2f:ae:d4:5b:1d:34:09:3e:48:af:e7:20:91:df:39:
                    70:38:76:21:f1:71:78:64:ba:c5:7d:9e:07:10:bf:
                    26:f2:c3:f3:1c:fd:fc:68:60:5f:fc:4d:59:97:f3:
                    e6:23:ee:f0:e8:f2:05:f0:7d:36:34:db:72:dc:5a:
                    d6:c0:38:54:98:02:2d:19:28:50:85:ae:f5:7f:f0:
                    4a:0d:6c:f6:2a:31:f1:5e:c3:a1:81:f6:6b:7a:c4:
                    88:dd:ba:60:c7:dc:88:80:5c:fb:a5:e1:1e:c0:0e:
                    c7:6d:fb:1b:58:5b:73:95:f3:76:53:b8:75:00:34:
                    2d:93:c1:db:55:c7:fc:d0:a3:1d:99:a1:6e:30:29:
                    a3:a5:a3:90:9b:b8:2e:4f:bd:b4:e5:b1:4f:e9:60:
                    72:5f:68:81:13:b1:e9:79:00:2d:ba:c5:6d:87:7d:
                    18:dc:7c:bf:6c:83:2a:23:15:ac:98:aa:aa:38:66:
                    3c:eb:13:15:7c:94:2f:0f:d5:c7:34:76:bf:54:aa:
                    50:49:21:5d:26:34:23:d0:ae:85:7d:e4:34:3e:f3:
                    98:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:5A:A1:64:49:83:D5:94:74:C1:EB:E7:49:0E:5E:79:30:FD:A6:55
            X509v3 Authority Key Identifier:
                keyid:36:46:14:2C:E3:29:0A:B6:78:6D:3D:30:F2:6B:5E:41:FD:68:4D:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NkYULOMpCrZ4bT0w8mteQf1oTd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/_1qhZEmD1ZR0wevnSQ5eeTD9plU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/NkYULOMpCrZ4bT0w8mteQf1oTd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:08:0a:3e:42:c1:92:4e:81:a9:6d:f8:5b:a7:0a:81:b4:4c:
         9f:d6:ed:11:17:c7:b0:b0:c3:1d:a2:fb:80:cd:0d:19:bb:70:
         96:ef:bb:90:d5:b8:87:79:2c:70:da:7f:a2:15:1d:8b:24:f8:
         4a:b5:17:95:1e:40:b5:c0:0e:19:8e:89:3a:58:59:bd:db:bf:
         39:51:be:2b:ad:a3:db:e1:a3:5a:b9:82:80:85:ce:da:bb:34:
         81:03:be:80:e6:c8:40:54:5d:91:8a:15:79:a4:9b:b3:d0:3f:
         3e:6a:2c:89:4c:91:a4:87:26:d0:a5:94:0e:73:5d:ae:05:86:
         e8:2c:e9:4e:92:ad:4a:92:0f:4b:4e:75:3f:b3:4a:75:1f:a3:
         89:4b:07:36:43:3a:39:47:98:3f:87:10:23:42:5f:71:a4:c9:
         54:92:a5:ec:5b:bc:36:2c:1f:29:8e:4b:79:96:75:de:b6:a1:
         31:e9:05:ee:40:8b:27:44:bb:6c:ee:81:3e:4a:cd:c4:a3:f8:
         df:30:84:a6:99:a2:27:10:91:dc:e6:49:1b:16:27:74:d2:75:
         8a:80:e9:e8:7d:71:cb:e2:04:ee:bb:94:63:8c:bd:3a:5d:99:
         2c:55:96:a8:95:01:4e:ef:b9:5b:57:90:ce:77:b9:df:a4:19:
         a2:de:7a:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmad5QlFHpxh91cqrIUaiYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NDYxNDJjZTMyOTBhYjY3ODZkM2QzMGYyNmI1ZTQxZmQ2
ODRkZGUwHhcNMjUwOTMwMTE1MjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjVhYTE2NDQ5ODNkNTk0NzRjMWViZTc0OTBlNWU3OTMwZmRhNjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHrorrFwWj9GDcORAL/P2P4nN+iT
kF6h/b0Y6ACII2MMVfxB3ImAJDJ5W0QvrtRbHTQJPkiv5yCR3zlwOHYh8XF4ZLrF
fZ4HEL8m8sPzHP38aGBf/E1Zl/PmI+7w6PIF8H02NNty3FrWwDhUmAItGShQha71
f/BKDWz2KjHxXsOhgfZresSI3bpgx9yIgFz7peEewA7HbfsbWFtzlfN2U7h1ADQt
k8HbVcf80KMdmaFuMCmjpaOQm7guT7205bFP6WByX2iBE7HpeQAtusVth30Y3Hy/
bIMqIxWsmKqqOGY86xMVfJQvD9XHNHa/VKpQSSFdJjQj0K6FfeQ0PvOYEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9aoWRJg9WUdMHr50kOXnkw/aZVMB8GA1UdIwQY
MBaAFDZGFCzjKQq2eG09MPJrXkH9aE3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmtZVUxPTXBDclo0YlQwdzhtdGVRZjFvVGQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jZDgyMDYtNzY0ZS00YTMxLWFjZTct
ZDMwODU0MmExZDg2LzEvXzFxaFpFbUQxWlIwd2V2blNRNWVlVEQ5cGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jZDgyMDYtNzY0ZS00YTMxLWFjZTctZDMwODU0MmExZDg2
LzEvTmtZVUxPTXBDclo0YlQwdzhtdGVRZjFvVGQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+BxMA0G
CSqGSIb3DQEBCwUAA4IBAQAlCAo+QsGSToGpbfhbpwqBtEyf1u0RF8ewsMMdovuA
zQ0Zu3CW77uQ1biHeSxw2n+iFR2LJPhKtReVHkC1wA4Zjok6WFm92785Ub4rraPb
4aNauYKAhc7auzSBA76A5shAVF2RihV5pJuz0D8+aiyJTJGkhybQpZQOc12uBYbo
LOlOkq1Kkg9LTnU/s0p1H6OJSwc2Qzo5R5g/hxAjQl9xpMlUkqXsW7w2LB8pjkt5
lnXetqEx6QXuQIsnRLts7oE+Ss3Eo/jfMISmmaInEJHc5kkbFid00nWKgOnofXHL
4gTuu5RjjL06XZksVZaolQFO77lbV5DOd7nfpBmi3nq4
-----END CERTIFICATE-----