Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/J3l5rSoC85N4xAXm2HxvLusDt_A.roa
File:                     J3l5rSoC85N4xAXm2HxvLusDt_A.roa (raw, json)
Hash identifier:          jgHAZqarPBwPQhS0mFPS0Zo6XKz3AtLQwgXQdr9WvR4=
Subject key identifier:   27:79:79:AD:2A:02:F3:93:78:C4:05:E6:D8:7C:6F:2E:EB:03:B7:F0
Certificate issuer:       /CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
Certificate serial:       0197C5C9222D127DCA667217B79A3E050784
Authority key identifier: 0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/J3l5rSoC85N4xAXm2HxvLusDt_A.roa
Signing time:             Tue 01 Jul 2025 11:39:42 +0000
ROA not before:           Tue 01 Jul 2025 11:39:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215183
IP address blocks:        195.82.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:c9:22:2d:12:7d:ca:66:72:17:b7:9a:3e:05:07:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
        Validity
            Not Before: Jul  1 11:39:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=277979ad2a02f39378c405e6d87c6f2eeb03b7f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7d:d6:85:36:d1:ef:18:d1:a1:01:bb:ef:b0:
                    87:2f:12:7a:b5:c0:fb:c5:ec:03:7c:63:49:ec:a5:
                    52:ea:b5:28:6f:42:1c:99:b7:5d:c7:81:6e:b8:2f:
                    9a:74:49:0d:0b:60:eb:c7:4e:b4:db:dc:33:59:9a:
                    06:4f:17:23:88:13:3f:13:6d:cc:4c:8b:a1:d1:83:
                    a7:cf:e4:40:95:44:a7:7a:2e:e6:24:46:f3:03:90:
                    4a:b5:b1:bc:fb:b8:ce:59:57:00:82:f4:97:69:25:
                    92:8e:02:f7:69:ca:ac:d5:9f:98:f1:3f:f9:a8:7f:
                    56:a6:4f:3c:fa:42:e0:36:30:a8:bb:89:8c:f3:0c:
                    6d:ab:38:59:13:49:95:5d:e8:d1:40:7b:12:9f:73:
                    e3:22:bb:7c:63:8b:d9:cb:93:70:7d:2a:52:cf:43:
                    56:f1:18:22:fd:7b:e2:cf:fa:6d:76:b0:61:db:01:
                    0a:e5:62:cc:16:80:64:65:9e:42:8d:25:69:58:3c:
                    b4:9b:d3:c6:25:08:11:12:ac:23:c6:d8:25:13:54:
                    be:3b:51:a5:3d:61:02:e5:8f:9f:21:1e:b9:33:6f:
                    6e:96:cc:68:17:64:d6:5e:94:bd:34:25:7d:8f:ee:
                    c2:ea:a5:37:c6:e0:2f:e7:d6:1e:c7:4c:d7:f8:63:
                    87:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:79:79:AD:2A:02:F3:93:78:C4:05:E6:D8:7C:6F:2E:EB:03:B7:F0
            X509v3 Authority Key Identifier:
                keyid:0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/J3l5rSoC85N4xAXm2HxvLusDt_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.82.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:78:73:7b:38:53:ef:94:76:72:49:5a:f4:c5:6d:ab:ca:30:
         20:83:dc:ac:4f:32:ca:47:2d:fa:21:00:bf:42:e8:c0:a6:71:
         53:69:b2:93:5f:92:7d:98:39:1d:1a:b3:2f:5f:ce:87:a0:32:
         c3:da:8f:32:ab:2f:45:74:d6:cd:06:bc:f2:1a:37:5f:52:c9:
         41:52:b3:c7:2c:56:f2:8b:23:a7:12:b3:a7:74:2f:f2:da:ba:
         08:87:0d:d4:10:77:f9:fc:50:ae:63:36:33:72:e3:34:9e:84:
         4d:e6:31:bc:18:71:44:ef:f5:fc:81:c5:40:3b:d1:dc:62:69:
         5b:cc:16:b1:0d:d1:81:2b:a9:3a:ca:5f:46:35:e3:7c:66:d6:
         22:45:04:ad:80:a6:62:08:ae:16:df:55:f1:22:28:0f:b5:76:
         88:73:fb:89:c9:ed:20:2d:9d:c5:b8:b8:6a:bd:33:d1:9f:b5:
         3e:db:8d:7c:12:72:26:8a:d4:66:b1:12:f9:e9:fe:77:4b:7a:
         46:cc:71:8d:59:a6:36:d0:e5:6e:ba:f8:cf:4e:6f:81:83:49:
         63:bd:19:d6:4a:06:88:76:ac:e5:fe:28:db:68:d2:c1:c8:ff:
         77:65:00:15:9e:f4:28:a0:d0:2d:22:3d:be:57:b9:f5:85:c3:
         a6:f5:a6:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfFySItEn3KZnIXt5o+BQeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlM2YzMWM5ZWFjZTZmMGE1ZWNjZGI4ZGYyYjAxYzczNTE1
Njg2ODYwHhcNMjUwNzAxMTEzOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzc5NzlhZDJhMDJmMzkzNzhjNDA1ZTZkODdjNmYyZWViMDNiN2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxH3WhTbR7xjRoQG777CHLxJ6tcD7
xewDfGNJ7KVS6rUob0Icmbddx4FuuC+adEkNC2Drx06029wzWZoGTxcjiBM/E23M
TIuh0YOnz+RAlUSnei7mJEbzA5BKtbG8+7jOWVcAgvSXaSWSjgL3acqs1Z+Y8T/5
qH9Wpk88+kLgNjCou4mM8wxtqzhZE0mVXejRQHsSn3PjIrt8Y4vZy5NwfSpSz0NW
8Rgi/Xviz/ptdrBh2wEK5WLMFoBkZZ5CjSVpWDy0m9PGJQgREqwjxtglE1S+O1Gl
PWEC5Y+fIR65M29ulsxoF2TWXpS9NCV9j+7C6qU3xuAv59Yex0zX+GOHIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCd5ea0qAvOTeMQF5th8by7rA7fwMB8GA1UdIwQY
MBaAFA4/Mcnqzm8KXszbjfKwHHNRVoaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYt
ZGQ1ZGRkMDVkYjBiLzEvSjNsNXJTb0M4NU40eEFYbTJIeHZMdXNEdF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYtZGQ1ZGRkMDVkYjBi
LzEvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1KTMA0G
CSqGSIb3DQEBCwUAA4IBAQB3eHN7OFPvlHZySVr0xW2ryjAgg9ysTzLKRy36IQC/
QujApnFTabKTX5J9mDkdGrMvX86HoDLD2o8yqy9FdNbNBrzyGjdfUslBUrPHLFby
iyOnErOndC/y2roIhw3UEHf5/FCuYzYzcuM0noRN5jG8GHFE7/X8gcVAO9HcYmlb
zBaxDdGBK6k6yl9GNeN8ZtYiRQStgKZiCK4W31XxIigPtXaIc/uJye0gLZ3FuLhq
vTPRn7U+2418EnImitRmsRL56f53S3pGzHGNWaY20OVuuvjPTm+Bg0ljvRnWSgaI
dqzl/ijbaNLByP93ZQAVnvQooNAtIj2+V7n1hcOm9aaW
-----END CERTIFICATE-----