Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/j5cd0XuMKxAPLktUJpeC_eyx0l0.roa
File:                     j5cd0XuMKxAPLktUJpeC_eyx0l0.roa (raw, json)
Hash identifier:          3TElHDzA1VIkqHsC6PLR3O0EdrwlVDboD8GMmIMA9ys=
Subject key identifier:   8F:97:1D:D1:7B:8C:2B:10:0F:2E:4B:54:26:97:82:FD:EC:B1:D2:5D
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       01996821683A8B43EC1425C72B7722717692
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/j5cd0XuMKxAPLktUJpeC_eyx0l0.roa
Signing time:             Sat 20 Sep 2025 17:17:23 +0000
ROA not before:           Sat 20 Sep 2025 17:17:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        213.145.82.0/24 maxlen: 24
                          213.145.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:68:21:68:3a:8b:43:ec:14:25:c7:2b:77:22:71:76:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Sep 20 17:17:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f971dd17b8c2b100f2e4b54269782fdecb1d25d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:8e:15:fe:ce:06:5f:5f:72:c0:62:83:5f:bb:
                    65:a1:73:3a:c5:12:49:5d:0a:d4:e2:d1:2c:71:1d:
                    f6:3a:bb:0c:32:dc:50:5e:ed:5f:1f:00:99:74:84:
                    f0:1a:74:1b:5d:15:ab:31:d8:d7:3f:32:fa:1d:2c:
                    fa:b3:ed:56:3f:bc:e9:25:88:f2:af:5c:59:b6:53:
                    d8:00:b7:6a:e0:68:ff:f5:b7:b4:d2:08:2d:ef:ac:
                    d0:26:52:0d:1a:dc:59:09:a6:3f:bf:b5:5a:6c:42:
                    75:44:96:0d:43:51:83:b8:e4:98:e3:8e:bc:ed:06:
                    28:bd:86:05:94:08:c9:52:4a:9d:40:d2:e3:2b:37:
                    e7:90:36:fb:32:45:7b:e6:d1:c1:5e:7f:02:b0:bd:
                    49:7d:fd:ea:98:a6:32:3a:e7:59:f3:c6:f1:93:2b:
                    67:26:63:b6:8a:64:ab:28:dd:f2:d0:24:45:ee:ce:
                    40:7b:e2:04:85:e3:f4:96:b0:05:05:4f:33:ce:1f:
                    17:d4:58:03:b6:2b:b7:2a:c8:1f:44:82:49:49:ad:
                    1e:1f:0f:08:6c:f2:1f:2d:78:84:41:e8:7a:b3:5c:
                    bd:22:cb:86:63:25:f0:c1:71:0b:c6:03:56:ba:30:
                    37:a7:54:5f:6f:11:52:bb:f3:86:b7:33:49:a5:1f:
                    f7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:97:1D:D1:7B:8C:2B:10:0F:2E:4B:54:26:97:82:FD:EC:B1:D2:5D
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/j5cd0XuMKxAPLktUJpeC_eyx0l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.82.0/24
                  213.145.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:d7:21:c7:56:62:e5:72:e2:16:73:7c:6b:3a:53:ab:96:3e:
         1a:73:59:8f:b3:c2:9b:c7:81:e5:21:7f:08:9d:d5:8d:6e:c4:
         52:6a:62:bb:55:78:9f:76:1f:32:81:b9:13:0e:7b:4f:de:35:
         64:f4:8d:5a:3e:9b:56:e5:48:ce:76:93:e5:67:3e:f9:da:e3:
         5b:a5:73:c5:19:4b:17:da:03:a3:19:65:86:15:42:10:4b:50:
         c0:4d:35:48:4d:bc:db:06:ff:23:a6:b0:92:53:3b:68:d8:d6:
         02:30:3c:99:21:55:93:d1:ef:50:91:44:10:c7:81:fd:21:fd:
         af:95:14:6a:8c:f5:86:d8:24:e8:b9:5c:f9:51:6d:86:98:58:
         d0:37:51:d0:4f:1f:61:93:a4:18:b6:56:b9:fe:32:d1:33:aa:
         e9:f1:d0:01:71:97:0c:11:d0:0b:89:0c:a2:c4:86:41:0a:7e:
         2e:73:36:7e:eb:f4:d3:6e:4f:77:b4:d4:f2:fd:0c:fd:22:d9:
         3d:6d:81:5c:3b:75:67:58:c4:9e:29:84:3e:49:01:6b:31:aa:
         18:d9:5d:4a:81:4f:d2:42:07:4f:85:84:fa:68:08:f2:9f:9d:
         07:18:c9:3c:cd:b6:7a:7f:b4:a4:00:f6:e1:8a:a7:61:7e:6e:
         a3:cd:91:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZloIWg6i0PsFCXHK3cicXaSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwOTIwMTcxNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjk3MWRkMTdiOGMyYjEwMGYyZTRiNTQyNjk3ODJmZGVjYjFkMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA244V/s4GX19ywGKDX7tloXM6xRJJ
XQrU4tEscR32OrsMMtxQXu1fHwCZdITwGnQbXRWrMdjXPzL6HSz6s+1WP7zpJYjy
r1xZtlPYALdq4Gj/9be00ggt76zQJlINGtxZCaY/v7VabEJ1RJYNQ1GDuOSY4468
7QYovYYFlAjJUkqdQNLjKzfnkDb7MkV75tHBXn8CsL1Jff3qmKYyOudZ88bxkytn
JmO2imSrKN3y0CRF7s5Ae+IEheP0lrAFBU8zzh8X1FgDtiu3KsgfRIJJSa0eHw8I
bPIfLXiEQeh6s1y9IsuGYyXwwXELxgNWujA3p1RfbxFSu/OGtzNJpR/3vwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI+XHdF7jCsQDy5LVCaXgv3ssdJdMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvajVjZDBYdU1LeEFQTGt0VUpwZUNfZXl4MGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1ZFSAwQA
1ZFZMA0GCSqGSIb3DQEBCwUAA4IBAQBC1yHHVmLlcuIWc3xrOlOrlj4ac1mPs8Kb
x4HlIX8IndWNbsRSamK7VXifdh8ygbkTDntP3jVk9I1aPptW5UjOdpPlZz752uNb
pXPFGUsX2gOjGWWGFUIQS1DATTVITbzbBv8jprCSUzto2NYCMDyZIVWT0e9QkUQQ
x4H9If2vlRRqjPWG2CTouVz5UW2GmFjQN1HQTx9hk6QYtla5/jLRM6rp8dABcZcM
EdALiQyixIZBCn4uczZ+6/TTbk93tNTy/Qz9Itk9bYFcO3VnWMSeKYQ+SQFrMaoY
2V1KgU/SQgdPhYT6aAjyn50HGMk8zbZ6f7SkAPbhiqdhfm6jzZGu
-----END CERTIFICATE-----