Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/bz9qhfnkKw3IvEZ1gfgi1Wog75w.roa
File:                     bz9qhfnkKw3IvEZ1gfgi1Wog75w.roa (raw, json)
Hash identifier:          9WvZFEovA5X/DFeA9YhaIUed/MEi1d9Mx9DN/wlfTwA=
Subject key identifier:   6F:3F:6A:85:F9:E4:2B:0D:C8:BC:46:75:81:F8:22:D5:6A:20:EF:9C
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       01991ACFB61B4FCD5DDC5A37FB7C5FE5B5BB
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/bz9qhfnkKw3IvEZ1gfgi1Wog75w.roa
Signing time:             Fri 05 Sep 2025 16:57:24 +0000
ROA not before:           Fri 05 Sep 2025 16:57:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205896
IP address blocks:        83.147.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1a:cf:b6:1b:4f:cd:5d:dc:5a:37:fb:7c:5f:e5:b5:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Sep  5 16:57:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f3f6a85f9e42b0dc8bc467581f822d56a20ef9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:69:27:da:ae:70:93:e5:47:2d:0c:3a:5c:7d:
                    38:df:d6:5a:84:db:90:21:76:d1:f8:b5:c7:43:78:
                    80:ab:55:ed:dd:03:79:66:bd:f0:ea:32:76:2d:d5:
                    40:57:c6:d2:9e:a7:97:6c:ae:d4:c4:99:c7:19:4a:
                    e5:29:36:e4:94:24:22:7a:a8:0a:ad:cd:44:ca:b9:
                    29:75:70:34:e1:2e:5d:f6:2e:ee:4a:ab:33:e0:2d:
                    b7:7f:2b:df:ff:f1:d5:89:9d:72:d0:83:49:cb:27:
                    bf:51:c4:8e:a5:cf:bf:fc:63:82:8e:51:d5:8b:6e:
                    5a:94:b6:e6:8c:9f:ea:dc:b4:cc:ba:a6:91:ad:33:
                    73:d9:90:0a:f2:ba:4d:b6:81:3f:50:30:99:dd:f2:
                    49:7f:6c:d7:6e:eb:05:1d:c4:4f:c1:1b:22:58:6d:
                    c6:b1:b6:5f:08:a9:cf:d7:48:d9:5c:57:76:9b:69:
                    c0:08:82:70:c1:91:a3:40:9a:18:4f:e6:98:f7:21:
                    f3:c7:7f:16:0b:e3:b5:66:85:87:21:a6:d6:8f:95:
                    a9:f3:6a:82:45:db:65:dd:84:b6:49:1b:32:50:00:
                    6b:70:22:c9:80:7f:8a:2f:3a:e8:6f:01:38:df:2e:
                    bf:4b:49:15:3d:a5:44:d2:96:31:a8:9e:f6:67:98:
                    d4:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:3F:6A:85:F9:E4:2B:0D:C8:BC:46:75:81:F8:22:D5:6A:20:EF:9C
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/bz9qhfnkKw3IvEZ1gfgi1Wog75w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:a4:5b:09:09:32:97:11:e2:de:4d:f2:c8:48:3c:35:6a:e3:
         3d:70:a6:4e:fa:a3:1a:b3:25:6a:e0:4e:10:26:06:48:19:14:
         05:21:30:7d:35:f2:69:69:bb:fa:ed:d8:40:d4:54:f2:91:b7:
         d3:6e:1c:4d:c2:10:e5:68:ec:dd:a9:d4:cb:90:97:7d:32:bc:
         f9:8a:fb:2d:3d:5c:79:d9:75:bb:6f:5e:9b:42:a8:58:d8:a7:
         d1:c6:5e:b2:98:20:97:d1:d1:c4:f3:56:76:8d:af:43:da:5c:
         47:bc:c1:85:60:28:42:4e:3b:1a:b4:8f:75:6d:bc:e1:aa:27:
         30:68:e6:63:26:76:29:75:8d:73:e7:15:87:2b:77:b5:2e:ed:
         1a:dc:5b:f4:af:62:63:49:89:25:fb:f8:2e:ca:76:3e:27:7f:
         54:c6:3d:03:fd:6b:55:a0:44:01:6c:6c:51:af:c5:c8:2e:83:
         f1:ee:f5:c1:9b:39:bb:f2:65:4a:b3:8d:d6:ed:60:19:66:a7:
         45:9a:74:82:f9:7c:97:fc:d8:2f:46:76:ac:e1:ac:26:16:c0:
         be:6b:7a:cb:bf:6b:cd:4a:62:bc:1e:0c:34:57:b3:7f:a1:5b:
         1e:c4:86:ab:48:ae:4b:2e:fd:be:c5:cc:25:47:e2:7c:0f:b1:
         da:5d:cb:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkaz7YbT81d3Fo3+3xf5bW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwOTA1MTY1NzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjNmNmE4NWY5ZTQyYjBkYzhiYzQ2NzU4MWY4MjJkNTZhMjBlZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGkn2q5wk+VHLQw6XH0439ZahNuQ
IXbR+LXHQ3iAq1Xt3QN5Zr3w6jJ2LdVAV8bSnqeXbK7UxJnHGUrlKTbklCQieqgK
rc1EyrkpdXA04S5d9i7uSqsz4C23fyvf//HViZ1y0INJyye/UcSOpc+//GOCjlHV
i25alLbmjJ/q3LTMuqaRrTNz2ZAK8rpNtoE/UDCZ3fJJf2zXbusFHcRPwRsiWG3G
sbZfCKnP10jZXFd2m2nACIJwwZGjQJoYT+aY9yHzx38WC+O1ZoWHIabWj5Wp82qC
Rdtl3YS2SRsyUABrcCLJgH+KLzrobwE43y6/S0kVPaVE0pYxqJ72Z5jUNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8/aoX55CsNyLxGdYH4ItVqIO+cMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvYno5cWhmbmtLdzNJdkVaMWdmZ2kxV29nNzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5PCMA0G
CSqGSIb3DQEBCwUAA4IBAQAnpFsJCTKXEeLeTfLISDw1auM9cKZO+qMasyVq4E4Q
JgZIGRQFITB9NfJpabv67dhA1FTykbfTbhxNwhDlaOzdqdTLkJd9Mrz5ivstPVx5
2XW7b16bQqhY2KfRxl6ymCCX0dHE81Z2ja9D2lxHvMGFYChCTjsatI91bbzhqicw
aOZjJnYpdY1z5xWHK3e1Lu0a3Fv0r2JjSYkl+/guynY+J39Uxj0D/WtVoEQBbGxR
r8XILoPx7vXBmzm78mVKs43W7WAZZqdFmnSC+XyX/NgvRnas4awmFsC+a3rLv2vN
SmK8Hgw0V7N/oVsexIarSK5LLv2+xcwlR+J8D7HaXcuA
-----END CERTIFICATE-----