Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/NDTb5wEV6mi4gNG-Fu6rF-wbgiA.roa
File:                     NDTb5wEV6mi4gNG-Fu6rF-wbgiA.roa (raw, json)
Hash identifier:          NEy4PeHLS5dO/ZjNCa+Z5peBIXcrVaqt3QmALKubiB0=
Subject key identifier:   34:34:DB:E7:01:15:EA:68:B8:80:D1:BE:16:EE:AB:17:EC:1B:82:20
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0197C0FF3E5EC323B62D91F8C7CCE6F34464
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/NDTb5wEV6mi4gNG-Fu6rF-wbgiA.roa
Signing time:             Mon 30 Jun 2025 13:20:42 +0000
ROA not before:           Mon 30 Jun 2025 13:20:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208483
IP address blocks:        193.160.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 19:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c0:ff:3e:5e:c3:23:b6:2d:91:f8:c7:cc:e6:f3:44:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jun 30 13:20:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3434dbe70115ea68b880d1be16eeab17ec1b8220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4a:27:7c:30:a3:f5:5d:f8:03:2a:bb:e8:99:
                    d3:94:78:3a:04:df:bf:64:62:2c:4d:f9:dd:c8:af:
                    08:51:4c:c8:68:e4:8c:8b:70:47:e6:fe:24:f7:6b:
                    f4:f4:15:c9:d9:ec:e1:00:2d:74:17:a5:d6:63:a8:
                    79:88:1f:00:a8:90:6a:8d:f1:1e:b0:d5:2e:20:fc:
                    8d:db:c5:81:9f:08:57:ae:fe:a8:c7:1d:7d:24:7e:
                    8d:a8:73:f6:55:41:b7:bb:17:c8:ef:90:f4:d9:83:
                    bb:0b:5d:3f:f7:12:b2:43:41:30:e0:e2:f0:b4:44:
                    3b:2e:c1:bf:8b:32:42:68:1e:87:06:4a:a9:cc:42:
                    e5:55:f9:13:d8:0d:36:20:4b:65:38:f0:69:c8:56:
                    3d:85:0d:0a:39:02:a2:56:3b:3a:ce:7f:c3:da:36:
                    d6:3a:d2:8e:f4:86:7b:a0:84:49:1a:45:d7:28:a7:
                    ad:f7:ef:68:49:ca:74:e4:15:c6:4a:f3:36:2c:ed:
                    72:40:b7:03:99:1b:f2:22:ee:2e:5e:3e:6a:e8:0c:
                    db:1e:41:df:ed:70:8d:a0:de:88:61:f3:5c:54:dd:
                    91:51:e9:0e:98:ba:73:49:6a:97:f3:b4:64:07:64:
                    04:28:c0:c1:12:eb:f9:e5:8f:b1:05:44:18:8b:12:
                    d9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:34:DB:E7:01:15:EA:68:B8:80:D1:BE:16:EE:AB:17:EC:1B:82:20
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/NDTb5wEV6mi4gNG-Fu6rF-wbgiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:b0:e1:54:25:e6:f2:6b:2d:aa:6b:27:17:49:f8:98:f8:9e:
         d4:d5:b2:c4:97:d6:44:19:f8:b6:13:12:d6:6f:3c:6d:3e:58:
         b6:f2:42:4f:ac:b0:9e:43:d6:47:ab:0b:bd:33:38:4b:ca:64:
         02:a3:1d:24:5e:df:2a:05:6f:18:d7:33:8d:47:99:e6:62:6c:
         38:5a:87:83:1d:47:98:57:8b:4c:6a:52:51:49:75:cf:73:73:
         34:16:fc:0f:75:7b:b8:e2:55:eb:31:d0:12:52:1c:e9:d1:c7:
         01:dc:9b:70:12:0e:f9:6a:ef:8d:20:c5:4b:59:c9:0b:db:16:
         bb:dd:77:9f:46:dd:69:ea:49:75:85:84:8c:64:ca:52:11:6c:
         85:07:c6:a1:cb:33:a9:75:3f:86:fe:d9:6a:ea:60:ab:2c:27:
         f1:7a:26:b1:72:22:fc:a8:6d:d2:4e:a7:1b:e4:3c:d5:d4:34:
         ae:66:6a:57:0f:95:4f:db:09:2a:25:7b:a2:bc:4d:28:6a:72:
         55:5c:13:2f:1a:ee:51:a2:d7:e7:49:89:83:a1:fb:d3:12:d7:
         3e:80:97:cf:1f:e8:9b:c3:4d:c1:69:fc:20:e7:2c:4b:17:0a:
         68:db:db:1d:56:7a:5f:26:0c:1c:4f:91:ec:98:ff:48:03:b0:
         55:83:c0:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfA/z5ewyO2LZH4x8zm80RkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNjMwMTMyMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDM0ZGJlNzAxMTVlYTY4Yjg4MGQxYmUxNmVlYWIxN2VjMWI4MjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0konfDCj9V34Ayq76JnTlHg6BN+/
ZGIsTfndyK8IUUzIaOSMi3BH5v4k92v09BXJ2ezhAC10F6XWY6h5iB8AqJBqjfEe
sNUuIPyN28WBnwhXrv6oxx19JH6NqHP2VUG3uxfI75D02YO7C10/9xKyQ0Ew4OLw
tEQ7LsG/izJCaB6HBkqpzELlVfkT2A02IEtlOPBpyFY9hQ0KOQKiVjs6zn/D2jbW
OtKO9IZ7oIRJGkXXKKet9+9oScp05BXGSvM2LO1yQLcDmRvyIu4uXj5q6AzbHkHf
7XCNoN6IYfNcVN2RUekOmLpzSWqX87RkB2QEKMDBEuv55Y+xBUQYixLZHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQ02+cBFepouIDRvhbuqxfsG4IgMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvTkRUYjV3RVY2bWk0Z05HLUZ1NnJGLXdiZ2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaDeMA0G
CSqGSIb3DQEBCwUAA4IBAQAysOFUJebyay2qaycXSfiY+J7U1bLEl9ZEGfi2ExLW
bzxtPli28kJPrLCeQ9ZHqwu9MzhLymQCox0kXt8qBW8Y1zONR5nmYmw4WoeDHUeY
V4tMalJRSXXPc3M0FvwPdXu44lXrMdASUhzp0ccB3JtwEg75au+NIMVLWckL2xa7
3XefRt1p6kl1hYSMZMpSEWyFB8ahyzOpdT+G/tlq6mCrLCfxeiaxciL8qG3STqcb
5DzV1DSuZmpXD5VP2wkqJXuivE0oanJVXBMvGu5RotfnSYmDofvTEtc+gJfPH+ib
w03Bafwg5yxLFwpo29sdVnpfJgwcT5HsmP9IA7BVg8Cj
-----END CERTIFICATE-----