Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hI_aMIJq_zztE4QaYlyyh15pZbY.roa
File:                     hI_aMIJq_zztE4QaYlyyh15pZbY.roa (raw, json)
Hash identifier:          TOauPLGg92WUlxUQAN9bMud/4FLI1u+QFbd0YxtRxys=
Subject key identifier:   84:8F:DA:30:82:6A:FF:3C:ED:13:84:1A:62:5C:B2:87:5E:69:65:B6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01999EF078525BF51CFC26E7D6937F320E85
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hI_aMIJq_zztE4QaYlyyh15pZbY.roa
Signing time:             Wed 01 Oct 2025 08:43:03 +0000
ROA not before:           Wed 01 Oct 2025 08:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        79.99.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:f0:78:52:5b:f5:1c:fc:26:e7:d6:93:7f:32:0e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct  1 08:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=848fda30826aff3ced13841a625cb2875e6965b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:78:5b:49:f8:8f:36:4c:a2:d4:03:c9:11:5e:
                    09:3e:e9:fb:6f:a6:d0:d7:1f:24:e8:26:cd:87:2d:
                    c5:24:d7:cd:e3:5e:fd:fc:ac:0a:3a:21:f0:bf:3a:
                    92:f1:28:45:ba:de:19:22:8a:00:1b:71:79:fe:4c:
                    08:ed:ad:bc:59:2d:3c:e7:d1:ff:2c:6c:26:af:3e:
                    ae:10:b1:cd:a6:33:8a:a5:2f:37:12:4f:95:93:6c:
                    2a:d3:d9:ba:10:da:15:84:8d:9b:42:e1:d1:07:45:
                    db:9a:8e:5e:b4:59:23:af:fc:8f:88:72:3e:13:47:
                    5d:69:39:68:03:51:a6:7d:e4:92:7b:6b:20:d9:01:
                    3c:14:05:e2:7e:2d:66:b9:b9:3c:5c:50:49:8e:70:
                    17:d1:1e:b4:e5:83:b0:ce:da:45:a9:0e:7e:50:fd:
                    27:f3:d0:be:27:d8:b9:cb:b3:36:48:0d:06:63:05:
                    34:e8:dd:23:bb:de:37:84:dc:c5:87:78:2b:cc:c3:
                    e5:1c:af:de:43:39:69:3f:25:b9:41:c4:51:25:8a:
                    9f:b5:7e:2c:f2:09:8f:0e:f1:d8:64:9b:de:c5:34:
                    74:c1:97:18:73:77:84:e9:75:f9:0c:f0:57:df:1b:
                    4e:2c:d1:46:09:39:85:94:5f:94:f7:aa:ca:eb:49:
                    cf:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8F:DA:30:82:6A:FF:3C:ED:13:84:1A:62:5C:B2:87:5E:69:65:B6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hI_aMIJq_zztE4QaYlyyh15pZbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:e0:7f:da:f9:37:09:c8:65:cb:c6:84:09:66:3a:85:7b:be:
         3a:19:ec:47:8a:33:fc:7b:a4:7c:f2:a1:82:fe:79:1f:2c:bc:
         06:4c:02:5c:cf:1c:16:de:36:e8:60:a6:3a:7c:0c:0a:a4:9f:
         db:b1:69:f0:0b:1a:37:6d:e7:53:a9:6d:cb:46:93:c2:ec:56:
         cb:32:20:62:ab:c7:3a:7e:9d:c9:60:ed:42:60:95:f3:63:88:
         52:dc:20:7c:9c:c4:d4:e7:43:e0:76:37:74:61:61:77:bf:5a:
         d7:fc:81:27:d3:50:5a:f6:3e:43:aa:3e:f6:46:c5:2f:79:20:
         82:b8:0d:aa:62:33:7c:26:50:d2:65:a7:06:b8:c1:61:13:72:
         f3:65:88:e5:6f:c8:dc:fd:08:01:ef:b5:3f:f2:95:e2:ba:18:
         bf:08:4e:60:fa:5b:be:12:d4:cf:e6:64:52:b6:d8:84:7a:03:
         5b:c8:23:eb:c4:74:d9:10:98:55:5e:02:4b:f8:be:9c:71:bf:
         df:36:2e:32:72:0e:ed:64:e7:f5:9e:df:32:b5:f7:c2:75:64:
         b8:12:0a:7b:6f:1b:c5:e6:d2:3c:a2:c1:ce:86:cc:99:fc:50:
         ee:4a:46:9b:92:f3:c5:56:48:4e:a9:46:ba:08:92:e1:cb:be:
         eb:60:64:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZme8HhSW/Uc/Cbn1pN/Mg6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMDAxMDg0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhmZGEzMDgyNmFmZjNjZWQxMzg0MWE2MjVjYjI4NzVlNjk2NWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXhbSfiPNkyi1APJEV4JPun7b6bQ
1x8k6CbNhy3FJNfN4179/KwKOiHwvzqS8ShFut4ZIooAG3F5/kwI7a28WS0859H/
LGwmrz6uELHNpjOKpS83Ek+Vk2wq09m6ENoVhI2bQuHRB0Xbmo5etFkjr/yPiHI+
E0ddaTloA1GmfeSSe2sg2QE8FAXifi1mubk8XFBJjnAX0R605YOwztpFqQ5+UP0n
89C+J9i5y7M2SA0GYwU06N0ju943hNzFh3grzMPlHK/eQzlpPyW5QcRRJYqftX4s
8gmPDvHYZJvexTR0wZcYc3eE6XX5DPBX3xtOLNFGCTmFlF+U96rK60nPDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISP2jCCav887ROEGmJcsodeaWW2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaElfYU1JSnFfenp0RTRRYVlseXloMTVwWmJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2NLMA0G
CSqGSIb3DQEBCwUAA4IBAQAq4H/a+TcJyGXLxoQJZjqFe746GexHijP8e6R88qGC
/nkfLLwGTAJczxwW3jboYKY6fAwKpJ/bsWnwCxo3bedTqW3LRpPC7FbLMiBiq8c6
fp3JYO1CYJXzY4hS3CB8nMTU50Pgdjd0YWF3v1rX/IEn01Ba9j5Dqj72RsUveSCC
uA2qYjN8JlDSZacGuMFhE3LzZYjlb8jc/QgB77U/8pXiuhi/CE5g+lu+EtTP5mRS
ttiEegNbyCPrxHTZEJhVXgJL+L6ccb/fNi4ycg7tZOf1nt8ytffCdWS4Egp7bxvF
5tI8osHOhsyZ/FDuSkabkvPFVkhOqUa6CJLhy77rYGQQ
-----END CERTIFICATE-----