Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/__x5Ic-9bwQ1SbZ8epBuTBTo8j4.roa
File:                     __x5Ic-9bwQ1SbZ8epBuTBTo8j4.roa (raw, json)
Hash identifier:          f7wZGJuveG3jCNyR/mvzX8qDCmg/cdnCEqkzqJwo/p4=
Subject key identifier:   FF:FC:79:21:CF:BD:6F:04:35:49:B6:7C:7A:90:6E:4C:14:E8:F2:3E
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       0197D5A2C1850026A8731C82F1A085228C63
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/__x5Ic-9bwQ1SbZ8epBuTBTo8j4.roa
Signing time:             Fri 04 Jul 2025 13:31:42 +0000
ROA not before:           Fri 04 Jul 2025 13:31:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211439
IP address blocks:        82.206.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d5:a2:c1:85:00:26:a8:73:1c:82:f1:a0:85:22:8c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Jul  4 13:31:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fffc7921cfbd6f043549b67c7a906e4c14e8f23e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8f:61:e5:e0:5e:ff:d5:68:6d:a3:23:01:c9:
                    75:0b:e5:2e:ac:78:27:b3:d1:9b:62:47:26:39:26:
                    43:32:d7:9a:4d:c2:41:9c:c9:01:09:26:9c:5d:0f:
                    de:6e:3b:0c:a6:6d:93:49:f9:6e:98:a1:cd:9c:4b:
                    fe:5d:ce:0e:2d:16:b4:b8:a2:c0:b8:83:0c:f8:53:
                    5e:08:3b:d1:68:b8:37:4f:12:25:71:99:6b:cc:9b:
                    b7:10:d6:63:ca:2a:6d:57:42:e4:0e:f2:dd:d4:cc:
                    8a:43:f0:a3:33:4f:3f:87:36:b6:b7:7a:0a:90:5b:
                    b4:9b:79:6b:ac:4e:b2:fc:1f:56:f4:fe:e6:01:d0:
                    25:e9:33:04:fc:ae:ab:b1:9d:08:df:ae:23:3a:89:
                    66:48:94:48:69:f0:3c:ca:2b:61:e1:c6:71:b0:da:
                    f2:d2:12:09:22:21:cc:10:eb:ad:b5:ca:cc:54:f4:
                    ae:43:e9:36:b4:1f:f9:0b:a7:82:cb:3c:7d:08:c3:
                    11:82:8a:d1:ed:ce:f3:b8:5b:64:6f:79:71:25:0e:
                    ae:b8:26:c9:70:15:46:6a:29:63:7d:2d:66:bd:ee:
                    c5:40:60:f2:bf:96:3e:14:f7:69:2d:1a:d8:4f:32:
                    18:dc:f6:4f:84:fd:0a:79:71:13:e5:b3:9e:e0:5e:
                    98:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:FC:79:21:CF:BD:6F:04:35:49:B6:7C:7A:90:6E:4C:14:E8:F2:3E
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/__x5Ic-9bwQ1SbZ8epBuTBTo8j4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:42:74:e8:eb:96:c1:7e:10:ea:96:f5:8d:fd:25:93:ee:a6:
         a4:3e:bb:40:20:e5:90:54:e6:11:b1:28:ea:be:fd:ae:c4:15:
         54:f3:6e:8e:cb:27:cb:c5:d5:d8:69:b0:0a:36:6d:e3:5d:08:
         ea:19:b9:45:e0:34:6d:73:53:e2:a3:85:ef:e4:b3:1c:2e:1f:
         c4:d0:94:f6:54:68:b0:99:b6:96:fe:4f:8f:da:c0:fd:3c:35:
         b1:b0:5e:31:41:d3:46:cf:46:56:b9:79:05:44:27:e8:5a:13:
         f1:a9:b9:d0:37:95:3f:1e:14:36:8c:8d:67:e4:05:1d:d6:3b:
         08:02:f1:6a:ce:a3:68:5e:fe:0c:68:1a:ee:1b:42:72:f4:c7:
         ab:3d:5b:14:77:91:11:4a:0a:9f:cb:f3:ea:1e:7b:64:49:ee:
         f1:b0:eb:95:e2:d0:37:93:1b:81:7f:d0:f0:87:e3:57:5e:7a:
         1e:b8:c5:df:d2:98:08:90:9a:6e:09:45:b9:60:7b:35:9e:8e:
         cc:9d:47:c1:3a:c1:fc:b6:bd:b4:9b:01:c7:75:9a:f8:c5:74:
         75:2a:0c:1f:98:4c:58:bf:05:f6:70:8a:5c:11:e2:c6:74:b7:
         01:0b:05:77:fe:25:bc:36:0b:37:e6:a5:1d:7b:ce:4e:6b:13:
         3f:51:06:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfVosGFACaocxyC8aCFIoxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjUwNzA0MTMzMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmZjNzkyMWNmYmQ2ZjA0MzU0OWI2N2M3YTkwNmU0YzE0ZThmMjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0I9h5eBe/9VobaMjAcl1C+UurHgn
s9GbYkcmOSZDMteaTcJBnMkBCSacXQ/ebjsMpm2TSflumKHNnEv+Xc4OLRa0uKLA
uIMM+FNeCDvRaLg3TxIlcZlrzJu3ENZjyiptV0LkDvLd1MyKQ/CjM08/hza2t3oK
kFu0m3lrrE6y/B9W9P7mAdAl6TME/K6rsZ0I364jOolmSJRIafA8yith4cZxsNry
0hIJIiHMEOuttcrMVPSuQ+k2tB/5C6eCyzx9CMMRgorR7c7zuFtkb3lxJQ6uuCbJ
cBVGailjfS1mve7FQGDyv5Y+FPdpLRrYTzIY3PZPhP0KeXET5bOe4F6YhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/8eSHPvW8ENUm2fHqQbkwU6PI+MB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvX194NUljLTlid1ExU2JaOGVwQnVUQlRvOGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUs4TMA0G
CSqGSIb3DQEBCwUAA4IBAQBAQnTo65bBfhDqlvWN/SWT7qakPrtAIOWQVOYRsSjq
vv2uxBVU826OyyfLxdXYabAKNm3jXQjqGblF4DRtc1Pio4Xv5LMcLh/E0JT2VGiw
mbaW/k+P2sD9PDWxsF4xQdNGz0ZWuXkFRCfoWhPxqbnQN5U/HhQ2jI1n5AUd1jsI
AvFqzqNoXv4MaBruG0Jy9MerPVsUd5ERSgqfy/PqHntkSe7xsOuV4tA3kxuBf9Dw
h+NXXnoeuMXf0pgIkJpuCUW5YHs1no7MnUfBOsH8tr20mwHHdZr4xXR1KgwfmExY
vwX2cIpcEeLGdLcBCwV3/iW8Ngs35qUde85OaxM/UQaY
-----END CERTIFICATE-----