Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/73tqE571_Q0YwEwjCE58YlFHMXk.roa
File:                     73tqE571_Q0YwEwjCE58YlFHMXk.roa (raw, json)
Hash identifier:          LWxsZte/tNDijN3qQ3Qa1cWyLizhCCiRgOy1MO2N6BY=
Subject key identifier:   EF:7B:6A:13:9E:F5:FD:0D:18:C0:4C:23:08:4E:7C:62:51:47:31:79
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198228E97982475EB64F3E2A47647B2D919
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/73tqE571_Q0YwEwjCE58YlFHMXk.roa
Signing time:             Sat 19 Jul 2025 12:00:26 +0000
ROA not before:           Sat 19 Jul 2025 12:00:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206411
IP address blocks:        193.163.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:22:8e:97:98:24:75:eb:64:f3:e2:a4:76:47:b2:d9:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 19 12:00:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef7b6a139ef5fd0d18c04c23084e7c6251473179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c0:3c:ad:24:a1:ea:e6:f8:70:e4:49:00:d5:
                    ef:32:e9:d6:d1:46:65:cf:a6:3a:a7:54:70:20:db:
                    ad:9c:1f:33:1b:ed:b8:80:ae:7e:df:36:4a:96:06:
                    e7:21:ae:7e:1a:d6:c7:b9:2e:30:a6:9b:a1:cb:ae:
                    fc:be:57:cc:4d:f2:ef:e3:0e:c2:b8:db:1c:ff:27:
                    2f:6a:54:e8:85:90:b4:10:98:42:21:cc:26:f5:37:
                    d4:ca:55:28:ef:e9:7b:4d:3a:c6:ca:d6:ee:7b:9c:
                    75:66:02:f5:e7:1d:94:f7:b8:00:bd:ed:2d:3c:58:
                    cf:b5:fe:58:c5:c9:01:28:68:f9:a6:59:c6:98:e1:
                    e7:4b:31:e2:41:be:56:fa:9b:47:d3:45:de:8a:17:
                    cb:fd:7a:04:46:71:99:df:85:5e:ad:c3:b0:84:11:
                    c3:79:a1:35:6e:cc:58:fd:b1:45:2d:a0:ea:cd:9a:
                    1a:7f:fb:30:ed:d2:19:f6:ab:73:57:ba:02:e2:89:
                    54:23:c0:c2:bc:e4:dc:dd:2e:4f:6b:10:14:98:49:
                    4e:fd:d8:89:dd:bb:25:e9:86:01:40:32:90:0e:14:
                    04:3a:3b:89:2e:45:3a:5e:d0:5d:cc:b4:59:c8:47:
                    0a:a1:26:ba:a7:ff:5f:f2:de:d2:10:ab:b5:17:97:
                    4c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:7B:6A:13:9E:F5:FD:0D:18:C0:4C:23:08:4E:7C:62:51:47:31:79
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/73tqE571_Q0YwEwjCE58YlFHMXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:ef:7e:41:8d:69:a8:60:06:0a:d0:2d:51:a7:72:fd:d5:21:
         dd:88:f4:39:a2:ae:e6:3c:04:68:46:5b:e4:ef:1b:1a:fa:d4:
         d2:f1:b9:99:0e:66:e9:1b:27:a8:99:b2:ef:8f:70:f6:41:c4:
         5f:27:80:93:bf:e5:7f:82:d8:fe:fa:9f:c3:23:78:81:f1:48:
         43:39:85:9a:5c:61:2f:ed:04:c6:5d:d1:08:d9:c0:31:9d:f3:
         b9:0d:64:4a:7d:a4:ab:65:6d:7d:f1:b6:01:4c:2d:f8:59:54:
         28:3f:d9:b6:86:82:01:04:d5:f7:3c:72:0c:60:e7:e5:14:96:
         84:40:d8:bf:9c:c1:45:d9:df:30:72:4e:a6:38:10:f1:d1:47:
         79:db:fd:c0:5d:f0:f6:7d:96:10:54:2d:5b:ce:d9:11:0a:94:
         21:ef:de:0b:e0:62:57:7a:e6:cc:ff:38:5a:1e:2c:9a:88:30:
         46:a7:51:95:a6:c9:cb:44:21:58:50:a9:ce:71:2b:c2:65:79:
         e2:80:72:48:43:ea:9f:6a:de:65:3f:47:a0:9e:c3:53:9e:b6:
         2a:a2:cd:8e:99:b7:e6:d9:f3:f4:13:e8:1f:b1:6d:d0:83:89:
         93:96:ed:cf:8e:51:ff:8e:e4:26:86:be:4c:44:2e:5d:7a:ef:
         6b:4e:32:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgijpeYJHXrZPPipHZHstkZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNzE5MTIwMDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjdiNmExMzllZjVmZDBkMThjMDRjMjMwODRlN2M2MjUxNDczMTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8A8rSSh6ub4cORJANXvMunW0UZl
z6Y6p1RwINutnB8zG+24gK5+3zZKlgbnIa5+GtbHuS4wppuhy678vlfMTfLv4w7C
uNsc/ycvalTohZC0EJhCIcwm9TfUylUo7+l7TTrGytbue5x1ZgL15x2U97gAve0t
PFjPtf5YxckBKGj5plnGmOHnSzHiQb5W+ptH00XeihfL/XoERnGZ34VercOwhBHD
eaE1bsxY/bFFLaDqzZoaf/sw7dIZ9qtzV7oC4olUI8DCvOTc3S5PaxAUmElO/diJ
3bsl6YYBQDKQDhQEOjuJLkU6XtBdzLRZyEcKoSa6p/9f8t7SEKu1F5dMZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO97ahOe9f0NGMBMIwhOfGJRRzF5MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNzN0cUU1NzFfUTBZd0V3akNFNThZbEZITVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaNVMA0G
CSqGSIb3DQEBCwUAA4IBAQAv735BjWmoYAYK0C1Rp3L91SHdiPQ5oq7mPARoRlvk
7xsa+tTS8bmZDmbpGyeombLvj3D2QcRfJ4CTv+V/gtj++p/DI3iB8UhDOYWaXGEv
7QTGXdEI2cAxnfO5DWRKfaSrZW198bYBTC34WVQoP9m2hoIBBNX3PHIMYOflFJaE
QNi/nMFF2d8wck6mOBDx0Ud52/3AXfD2fZYQVC1bztkRCpQh794L4GJXeubM/zha
HiyaiDBGp1GVpsnLRCFYUKnOcSvCZXnigHJIQ+qfat5lP0egnsNTnrYqos2Ombfm
2fP0E+gfsW3Qg4mTlu3PjlH/juQmhr5MRC5deu9rTjLC
-----END CERTIFICATE-----