Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/kT-GBRdn5I-2tlMb_7_9SciQN9g.roa
File:                     kT-GBRdn5I-2tlMb_7_9SciQN9g.roa (raw, json)
Hash identifier:          QjeGQjKJ8nc3raWH+8rzpohQUijqNjXsVOlYQC2T4vE=
Subject key identifier:   91:3F:86:05:17:67:E4:8F:B6:B6:53:1B:FF:BF:FD:49:C8:90:37:D8
Certificate issuer:       /CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
Certificate serial:       01980E63A72D3314DEF38D94970CE04ACECF
Authority key identifier: EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/kT-GBRdn5I-2tlMb_7_9SciQN9g.roa
Signing time:             Tue 15 Jul 2025 14:01:08 +0000
ROA not before:           Tue 15 Jul 2025 14:01:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214068
IP address blocks:        93.157.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0e:63:a7:2d:33:14:de:f3:8d:94:97:0c:e0:4a:ce:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efa5b62347a1b64cea49a2ab3ab4983c34861fb2
        Validity
            Not Before: Jul 15 14:01:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=913f86051767e48fb6b6531bffbffd49c89037d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:55:9f:2c:1c:cd:ad:20:09:5f:59:8d:0d:9e:
                    06:e9:aa:c0:f2:d2:e4:45:92:dd:34:90:df:15:94:
                    b9:03:2f:f5:b0:2b:b3:24:9f:02:b7:c9:fa:8a:86:
                    63:0c:5b:2d:23:9e:e8:d9:ae:13:f0:6a:90:79:cf:
                    a3:02:ed:1b:3c:98:6f:06:ba:cc:d0:23:76:b1:ca:
                    22:c7:5b:3a:c0:2d:f0:67:26:1f:14:4e:f0:c3:b0:
                    d6:87:5b:44:83:10:a7:6b:f0:4e:88:ce:b4:83:75:
                    aa:d1:28:96:e0:20:61:82:da:bb:77:b4:24:cb:b7:
                    fd:60:09:0c:c7:e7:56:80:e4:48:cf:36:7b:99:75:
                    ee:01:a8:60:21:4b:6a:52:8e:69:80:d9:27:3d:48:
                    5d:ca:62:a7:4f:c1:82:52:5a:f6:6e:0c:1b:ec:b1:
                    e2:c8:f5:19:52:fd:60:9c:e2:43:de:3d:94:4f:c5:
                    ad:7c:5a:88:9e:4c:2b:3c:d8:cf:11:bf:14:2f:e7:
                    9d:9d:59:47:ae:0f:72:07:7f:bf:c4:63:3e:ce:cb:
                    10:c8:4d:84:73:df:12:38:c4:2d:d8:53:c3:c0:41:
                    aa:93:5e:f7:93:d9:35:3f:6d:86:98:63:2a:5c:d5:
                    3b:0d:1c:6c:83:84:7f:0e:27:c5:7d:5f:a9:c9:1c:
                    0e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:3F:86:05:17:67:E4:8F:B6:B6:53:1B:FF:BF:FD:49:C8:90:37:D8
            X509v3 Authority Key Identifier:
                keyid:EF:A5:B6:23:47:A1:B6:4C:EA:49:A2:AB:3A:B4:98:3C:34:86:1F:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76W2I0ehtkzqSaKrOrSYPDSGH7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/kT-GBRdn5I-2tlMb_7_9SciQN9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/24db21-efb9-407e-96ad-013d2a11c0a5/1/76W2I0ehtkzqSaKrOrSYPDSGH7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:85:3d:38:48:27:7f:0f:f2:79:16:11:d6:be:5f:0c:86:73:
         d1:97:56:bb:30:9e:8c:f5:1a:85:3d:b0:e7:e0:54:f3:35:33:
         40:48:8b:8b:7c:96:61:79:7f:a1:8f:3f:bb:36:ff:f6:16:08:
         53:0b:04:35:86:b3:20:85:71:40:aa:27:c6:06:2f:00:c5:99:
         43:5d:d0:c7:9d:17:31:25:2a:c9:8f:df:ef:c6:92:82:f5:83:
         01:1a:69:c6:13:80:e1:75:e1:3c:16:49:5b:76:ba:54:ce:72:
         0a:e7:cd:f4:63:d1:ae:80:98:e0:7e:b7:91:62:b7:32:66:23:
         5b:5a:c6:3f:91:11:e8:17:c8:0f:2c:b0:13:bc:b7:80:16:f4:
         fa:81:87:2a:ef:d6:d2:56:f6:26:9c:71:e0:45:b9:cf:38:22:
         df:bc:e6:ac:3f:d8:27:a5:75:11:73:10:c3:6e:82:c5:ea:d4:
         7e:95:29:b4:bd:4f:b6:9b:91:71:7f:55:c5:41:99:97:13:12:
         34:02:82:ea:10:1e:68:51:b6:51:0f:25:79:99:6a:71:c3:75:
         4e:60:f8:95:82:24:46:a9:39:3d:b5:5f:e6:89:fb:2a:7f:ce:
         74:ee:ff:4d:2e:f2:a9:37:40:c9:49:89:07:c5:23:da:f1:77:
         db:5c:c1:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgOY6ctMxTe842UlwzgSs7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTViNjIzNDdhMWI2NGNlYTQ5YTJhYjNhYjQ5ODNjMzQ4
NjFmYjIwHhcNMjUwNzE1MTQwMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTNmODYwNTE3NjdlNDhmYjZiNjUzMWJmZmJmZmQ0OWM4OTAzN2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVWfLBzNrSAJX1mNDZ4G6arA8tLk
RZLdNJDfFZS5Ay/1sCuzJJ8Ct8n6ioZjDFstI57o2a4T8GqQec+jAu0bPJhvBrrM
0CN2scoix1s6wC3wZyYfFE7ww7DWh1tEgxCna/BOiM60g3Wq0SiW4CBhgtq7d7Qk
y7f9YAkMx+dWgORIzzZ7mXXuAahgIUtqUo5pgNknPUhdymKnT8GCUlr2bgwb7LHi
yPUZUv1gnOJD3j2UT8WtfFqInkwrPNjPEb8UL+ednVlHrg9yB3+/xGM+zssQyE2E
c98SOMQt2FPDwEGqk173k9k1P22GmGMqXNU7DRxsg4R/DifFfV+pyRwOawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJE/hgUXZ+SPtrZTG/+//UnIkDfYMB8GA1UdIwQY
MBaAFO+ltiNHobZM6kmiqzq0mDw0hh+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQt
MDEzZDJhMTFjMGE1LzEva1QtR0JSZG41SS0ydGxNYl83XzlTY2lRTjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yNGRiMjEtZWZiOS00MDdlLTk2YWQtMDEzZDJhMTFjMGE1
LzEvNzZXMkkwZWh0a3pxU2FLck9yU1lQRFNHSDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZ2OMA0G
CSqGSIb3DQEBCwUAA4IBAQBfhT04SCd/D/J5FhHWvl8MhnPRl1a7MJ6M9RqFPbDn
4FTzNTNASIuLfJZheX+hjz+7Nv/2FghTCwQ1hrMghXFAqifGBi8AxZlDXdDHnRcx
JSrJj9/vxpKC9YMBGmnGE4DhdeE8FklbdrpUznIK5830Y9GugJjgfreRYrcyZiNb
WsY/kRHoF8gPLLATvLeAFvT6gYcq79bSVvYmnHHgRbnPOCLfvOasP9gnpXURcxDD
boLF6tR+lSm0vU+2m5Fxf1XFQZmXExI0AoLqEB5oUbZRDyV5mWpxw3VOYPiVgiRG
qTk9tV/mifsqf8507v9NLvKpN0DJSYkHxSPa8XfbXMFm
-----END CERTIFICATE-----