Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/78374f-8c02-4a74-be96-9f47f9c5b923/1/EvvE5cYylw_MjstUmUy-jk4YLrA.roa
File:                     EvvE5cYylw_MjstUmUy-jk4YLrA.roa (raw, json)
Hash identifier:          gBE8rDGiUuVhCkWL45jKVIjPxTgyeFG4wEdX18IeEVI=
Subject key identifier:   12:FB:C4:E5:C6:32:97:0F:CC:8E:CB:54:99:4C:BE:8E:4E:18:2E:B0
Certificate issuer:       /CN=0f2703ab8d59754ab27a8a516854591bfb0f2db7
Certificate serial:       01982CECD5CB4B28CAAF63E40D643D0D374F
Authority key identifier: 0F:27:03:AB:8D:59:75:4A:B2:7A:8A:51:68:54:59:1B:FB:0F:2D:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DycDq41ZdUqyeopRaFRZG_sPLbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/78374f-8c02-4a74-be96-9f47f9c5b923/1/EvvE5cYylw_MjstUmUy-jk4YLrA.roa
Signing time:             Mon 21 Jul 2025 12:19:35 +0000
ROA not before:           Mon 21 Jul 2025 12:19:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206425
IP address blocks:        83.174.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/78374f-8c02-4a74-be96-9f47f9c5b923/1/DycDq41ZdUqyeopRaFRZG_sPLbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/78374f-8c02-4a74-be96-9f47f9c5b923/1/DycDq41ZdUqyeopRaFRZG_sPLbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DycDq41ZdUqyeopRaFRZG_sPLbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 18:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:ec:d5:cb:4b:28:ca:af:63:e4:0d:64:3d:0d:37:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f2703ab8d59754ab27a8a516854591bfb0f2db7
        Validity
            Not Before: Jul 21 12:19:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12fbc4e5c632970fcc8ecb54994cbe8e4e182eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:61:0b:25:67:1f:6d:dc:8e:d4:e3:e2:9a:64:
                    00:21:4b:bd:04:eb:43:26:79:80:54:45:0f:86:45:
                    fc:9c:44:cb:a1:23:a4:1e:a5:1f:ae:aa:2a:02:ef:
                    0a:d8:2b:26:d7:9d:b3:20:39:c9:0d:38:6e:72:73:
                    1a:08:4d:31:d5:0c:66:ee:b3:55:3e:38:fa:84:dc:
                    ec:3a:1f:f5:ed:e3:ee:fe:b2:fc:38:37:8b:77:a7:
                    5a:c5:22:cf:7b:31:f0:8a:a5:d6:07:5e:40:d4:29:
                    9f:13:c2:ac:db:7d:13:71:11:3f:e1:20:a3:c4:6b:
                    68:74:72:fb:72:bd:c2:bf:e0:06:8c:eb:06:30:24:
                    ef:29:09:e5:65:81:21:85:1b:4a:41:23:1d:6b:4e:
                    52:f0:1a:06:e7:d9:38:3d:44:6c:31:56:c0:c8:e3:
                    6b:21:3f:8c:57:2c:0e:32:00:98:8c:14:ff:f7:39:
                    b5:9e:c2:36:f5:ec:da:3d:7a:09:e6:e5:4e:58:dc:
                    99:b1:3e:65:9b:c2:11:67:1b:b8:3a:26:73:80:83:
                    f6:62:ee:4e:78:85:87:34:a9:a2:6a:34:f3:4c:e7:
                    e9:22:13:b7:9a:af:9b:8f:36:3e:be:00:8e:5c:b2:
                    ac:cc:84:67:7c:08:a4:d7:de:65:2d:88:d8:64:e5:
                    52:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:FB:C4:E5:C6:32:97:0F:CC:8E:CB:54:99:4C:BE:8E:4E:18:2E:B0
            X509v3 Authority Key Identifier:
                keyid:0F:27:03:AB:8D:59:75:4A:B2:7A:8A:51:68:54:59:1B:FB:0F:2D:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DycDq41ZdUqyeopRaFRZG_sPLbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/78374f-8c02-4a74-be96-9f47f9c5b923/1/EvvE5cYylw_MjstUmUy-jk4YLrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/78374f-8c02-4a74-be96-9f47f9c5b923/1/DycDq41ZdUqyeopRaFRZG_sPLbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.174.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:74:3c:3a:5a:3d:0e:17:53:bb:76:52:91:af:ca:3a:bb:b1:
         4d:08:c6:fc:7b:40:5e:69:1d:01:09:db:81:e6:fd:22:0a:ce:
         62:eb:ff:ad:c8:46:03:ed:f9:d0:52:27:07:b8:03:e3:0c:9c:
         79:13:ab:f1:8d:cd:75:cb:b8:a2:04:a2:a0:b7:48:0f:32:a0:
         18:2d:95:ea:13:14:41:83:d0:db:1b:37:12:89:3d:46:69:09:
         9d:a9:e4:01:b9:06:07:c4:c8:98:a1:1a:dc:0c:59:85:1b:de:
         af:66:5a:a2:94:2c:da:24:82:ad:4e:0f:29:6c:1d:7b:73:55:
         4f:16:25:3d:c7:62:2f:68:1d:a1:3b:03:ab:48:9e:1c:d0:04:
         52:99:d1:3d:74:df:27:9f:e0:a6:fa:47:c6:92:e1:65:df:ad:
         03:61:dd:8b:a3:0e:bc:6a:83:5d:dd:c3:15:7d:f7:d2:71:56:
         07:e7:39:3b:b0:2a:98:c2:d7:fc:64:ff:b0:72:79:ae:3c:0b:
         a0:d5:7d:b8:92:d8:42:5c:d5:91:be:7b:25:d6:e1:e7:a4:6f:
         cb:d6:ff:3f:9f:2e:03:cd:97:eb:02:da:25:01:c5:ab:44:01:
         4b:cb:fd:5e:ad:d0:ff:fe:d3:ec:12:2d:5c:8b:6f:69:93:9b:
         8b:11:1a:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgs7NXLSyjKr2PkDWQ9DTdPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjcwM2FiOGQ1OTc1NGFiMjdhOGE1MTY4NTQ1OTFiZmIw
ZjJkYjcwHhcNMjUwNzIxMTIxOTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmZiYzRlNWM2MzI5NzBmY2M4ZWNiNTQ5OTRjYmU4ZTRlMTgyZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGELJWcfbdyO1OPimmQAIUu9BOtD
JnmAVEUPhkX8nETLoSOkHqUfrqoqAu8K2Csm152zIDnJDThucnMaCE0x1Qxm7rNV
Pjj6hNzsOh/17ePu/rL8ODeLd6daxSLPezHwiqXWB15A1CmfE8Ks230TcRE/4SCj
xGtodHL7cr3Cv+AGjOsGMCTvKQnlZYEhhRtKQSMda05S8BoG59k4PURsMVbAyONr
IT+MVywOMgCYjBT/9zm1nsI29ezaPXoJ5uVOWNyZsT5lm8IRZxu4OiZzgIP2Yu5O
eIWHNKmiajTzTOfpIhO3mq+bjzY+vgCOXLKszIRnfAik195lLYjYZOVSZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBL7xOXGMpcPzI7LVJlMvo5OGC6wMB8GA1UdIwQY
MBaAFA8nA6uNWXVKsnqKUWhUWRv7Dy23MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHljRHE0MVpkVXF5ZW9wUmFGUlpHX3NQTGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi83ODM3NGYtOGMwMi00YTc0LWJlOTYt
OWY0N2Y5YzViOTIzLzEvRXZ2RTVjWXlsd19NanN0VW1VeS1qazRZTHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi83ODM3NGYtOGMwMi00YTc0LWJlOTYtOWY0N2Y5YzViOTIz
LzEvRHljRHE0MVpkVXF5ZW9wUmFGUlpHX3NQTGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU66WMA0G
CSqGSIb3DQEBCwUAA4IBAQBBdDw6Wj0OF1O7dlKRr8o6u7FNCMb8e0BeaR0BCduB
5v0iCs5i6/+tyEYD7fnQUicHuAPjDJx5E6vxjc11y7iiBKKgt0gPMqAYLZXqExRB
g9DbGzcSiT1GaQmdqeQBuQYHxMiYoRrcDFmFG96vZlqilCzaJIKtTg8pbB17c1VP
FiU9x2IvaB2hOwOrSJ4c0ARSmdE9dN8nn+Cm+kfGkuFl360DYd2Low68aoNd3cMV
fffScVYH5zk7sCqYwtf8ZP+wcnmuPAug1X24kthCXNWRvnsl1uHnpG/L1v8/ny4D
zZfrAtolAcWrRAFLy/1erdD//tPsEi1ci29pk5uLERoI
-----END CERTIFICATE-----