Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/ea6BO6jv5qXL6KOn3swl4W7fpN8.roa
File:                     ea6BO6jv5qXL6KOn3swl4W7fpN8.roa (raw, json)
Hash identifier:          qb7RyOCex8dd5d/iXyz9TFdFXAm9eOIl5Q9VrGqRffk=
Subject key identifier:   79:AE:81:3B:A8:EF:E6:A5:CB:E8:A3:A7:DE:CC:25:E1:6E:DF:A4:DF
Certificate issuer:       /CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Certificate serial:       0197E9FCAA23805C772EA72CF283EC9B72F8
Authority key identifier: 48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/ea6BO6jv5qXL6KOn3swl4W7fpN8.roa
Signing time:             Tue 08 Jul 2025 12:22:19 +0000
ROA not before:           Tue 08 Jul 2025 12:22:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        195.39.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 11:41:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:fc:aa:23:80:5c:77:2e:a7:2c:f2:83:ec:9b:72:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
        Validity
            Not Before: Jul  8 12:22:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79ae813ba8efe6a5cbe8a3a7decc25e16edfa4df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:84:c6:3a:44:da:1d:87:ed:d8:3e:36:99:b4:
                    cc:81:40:f1:89:b7:6d:03:cf:e9:e2:ed:18:6c:af:
                    dc:32:46:64:97:5e:41:d0:95:61:aa:bd:c1:93:7f:
                    79:44:86:10:28:24:9f:22:81:4f:ab:37:f3:bb:84:
                    e2:c9:35:fc:f3:67:b4:fc:79:6b:66:61:ca:14:04:
                    f9:a9:9b:fc:87:a4:4a:e5:c2:2a:66:fb:cc:a1:6c:
                    8f:0b:05:56:a8:0b:8d:bd:9d:a5:33:16:d0:8b:c3:
                    d4:b5:b8:a7:da:f5:72:7f:6b:af:ec:a2:b6:5b:9b:
                    80:e9:51:d6:f5:93:fa:99:8e:13:62:fc:20:ac:76:
                    d1:cd:d8:b8:70:af:cb:7f:56:45:43:0b:c4:f5:c6:
                    0b:7d:54:a9:ef:55:ab:0d:f4:63:a4:f0:a4:b0:ca:
                    32:36:d1:a2:c8:84:36:49:e7:37:bc:28:e7:33:52:
                    d1:86:10:42:9d:5b:91:22:96:a4:f2:fa:7b:f7:e2:
                    b8:88:75:a4:5e:f7:d8:f6:a9:cd:f6:ec:1c:f5:de:
                    64:7f:96:79:7b:36:a5:64:6c:45:6c:58:d8:3f:62:
                    d5:8b:11:97:eb:89:3a:2d:44:9c:4d:39:e7:a6:12:
                    3b:89:c2:89:80:13:0d:f1:9c:8d:8f:93:34:bc:00:
                    2b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:AE:81:3B:A8:EF:E6:A5:CB:E8:A3:A7:DE:CC:25:E1:6E:DF:A4:DF
            X509v3 Authority Key Identifier:
                keyid:48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/ea6BO6jv5qXL6KOn3swl4W7fpN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.39.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:8b:89:2f:88:fc:53:da:af:9a:4e:27:98:05:c3:7f:ea:47:
         e3:e2:ec:ac:8b:80:a3:e7:b7:51:50:57:ec:46:5f:71:86:37:
         04:84:aa:6a:35:14:b6:5a:3c:be:c4:44:80:ed:65:eb:30:3d:
         27:16:7a:a9:be:0a:f8:c6:2f:56:8b:02:49:72:cc:29:60:0e:
         5e:c2:f3:5c:64:04:cc:91:60:79:3f:a0:98:5a:be:aa:75:0d:
         d5:d3:23:d4:81:77:7c:7e:54:90:79:6f:a4:aa:ee:ab:8d:dd:
         cf:75:d3:b2:00:39:46:f6:16:ab:10:99:27:eb:5d:52:31:32:
         51:5e:03:7d:29:7d:3c:87:d1:16:e0:2f:d1:91:0c:cf:86:5e:
         83:62:7b:f5:b5:ec:3b:b3:84:2c:db:54:b9:95:5a:6c:ac:6a:
         ab:eb:fc:73:4e:a3:bd:2b:b3:62:8f:1a:09:3a:d2:a0:3e:24:
         cf:4f:f9:5e:c2:bb:c8:aa:e3:35:59:75:ff:94:02:36:13:0d:
         cd:42:ca:9f:c6:91:d9:4f:8d:54:50:c4:8d:14:e2:38:e3:49:
         cc:5b:50:44:c3:99:85:34:8e:41:ba:c4:bf:43:67:ac:17:f4:
         19:e0:ef:4b:df:4b:94:2f:5e:6a:46:75:07:fc:52:58:75:fd:
         ce:76:ea:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfp/KojgFx3Lqcs8oPsm3L4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4OGM2NWRjMzU5YjU4Y2E2YmE1ZDNkYWViODc0ZjA1ODY4
NGU4YzYwHhcNMjUwNzA4MTIyMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWFlODEzYmE4ZWZlNmE1Y2JlOGEzYTdkZWNjMjVlMTZlZGZhNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoTGOkTaHYft2D42mbTMgUDxibdt
A8/p4u0YbK/cMkZkl15B0JVhqr3Bk395RIYQKCSfIoFPqzfzu4TiyTX882e0/Hlr
ZmHKFAT5qZv8h6RK5cIqZvvMoWyPCwVWqAuNvZ2lMxbQi8PUtbin2vVyf2uv7KK2
W5uA6VHW9ZP6mY4TYvwgrHbRzdi4cK/Lf1ZFQwvE9cYLfVSp71WrDfRjpPCksMoy
NtGiyIQ2Sec3vCjnM1LRhhBCnVuRIpak8vp79+K4iHWkXvfY9qnN9uwc9d5kf5Z5
ezalZGxFbFjYP2LVixGX64k6LUScTTnnphI7icKJgBMN8ZyNj5M0vAAr/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmugTuo7+aly+ijp97MJeFu36TfMB8GA1UdIwQY
MBaAFEiMZdw1m1jKa6XT2uuHTwWGhOjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQt
YjBkNzJlOTEwZWZlLzEvZWE2Qk82anY1cVhMNktPbjNzd2w0VzdmcE44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQtYjBkNzJlOTEwZWZl
LzEvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyfWMA0G
CSqGSIb3DQEBCwUAA4IBAQAMi4kviPxT2q+aTieYBcN/6kfj4uysi4Cj57dRUFfs
Rl9xhjcEhKpqNRS2Wjy+xESA7WXrMD0nFnqpvgr4xi9WiwJJcswpYA5ewvNcZATM
kWB5P6CYWr6qdQ3V0yPUgXd8flSQeW+kqu6rjd3PddOyADlG9harEJkn611SMTJR
XgN9KX08h9EW4C/RkQzPhl6DYnv1tew7s4Qs21S5lVpsrGqr6/xzTqO9K7NijxoJ
OtKgPiTPT/lewrvIquM1WXX/lAI2Ew3NQsqfxpHZT41UUMSNFOI440nMW1BEw5mF
NI5BusS/Q2esF/QZ4O9L30uUL15qRnUH/FJYdf3Oduop
-----END CERTIFICATE-----