Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/eO1Hg2bQ0LWJz736BXYL29sRTxI.roa
File:                     eO1Hg2bQ0LWJz736BXYL29sRTxI.roa (raw, json)
Hash identifier:          HcMHeiosVQ+4/TAZPJOqS1U+rgX5YSFqAZBpZptf6lI=
Subject key identifier:   78:ED:47:83:66:D0:D0:B5:89:CF:BD:FA:05:76:0B:DB:DB:11:4F:12
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       019817EE8B775BEF6843381A992295775387
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/eO1Hg2bQ0LWJz736BXYL29sRTxI.roa
Signing time:             Thu 17 Jul 2025 10:29:25 +0000
ROA not before:           Thu 17 Jul 2025 10:29:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200724
IP address blocks:        213.33.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 19:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:ee:8b:77:5b:ef:68:43:38:1a:99:22:95:77:53:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jul 17 10:29:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78ed478366d0d0b589cfbdfa05760bdbdb114f12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3a:1d:95:d2:87:90:70:0f:73:bb:08:1b:72:
                    52:f4:2c:65:e5:8d:53:ef:8f:09:47:73:56:3c:97:
                    cd:58:a0:d2:f5:bd:c1:21:2c:89:c2:e6:fd:45:b6:
                    f3:f6:4d:e3:87:5a:9f:86:c7:3a:97:2b:f1:7a:49:
                    7d:2d:90:8d:a2:7b:01:5b:7c:ec:1c:52:03:45:b9:
                    fc:7b:5e:c5:eb:f0:ac:1f:cf:da:3f:71:5a:3a:8e:
                    1e:2a:db:7f:a8:04:88:18:14:e0:f1:61:a5:1d:72:
                    03:0f:a0:26:7a:f7:e5:ca:39:5c:8a:3f:a5:cb:ef:
                    ef:f6:92:25:ab:19:38:f3:b0:e9:57:02:5a:9d:4d:
                    0a:0c:92:77:0f:6e:82:b4:41:1c:5b:54:fb:47:28:
                    a0:da:e3:3f:08:a6:f4:2e:3b:75:b6:e0:bb:34:3c:
                    08:8a:3d:87:05:e7:b5:d0:0a:36:ec:3c:fb:f9:4f:
                    0b:41:43:e6:a7:dd:83:ec:29:26:24:b9:2c:e3:81:
                    e6:20:18:d5:50:9d:9d:d2:e2:ff:fd:c2:cd:c7:da:
                    94:a6:ce:c4:ba:2a:d7:15:e3:72:7b:c2:86:59:c3:
                    89:b2:b4:99:c0:ef:78:ba:c5:43:cb:8e:69:7f:e7:
                    0a:24:bc:dd:2d:f0:d2:22:6f:fa:0f:5a:1e:fa:cc:
                    a5:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:ED:47:83:66:D0:D0:B5:89:CF:BD:FA:05:76:0B:DB:DB:11:4F:12
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/eO1Hg2bQ0LWJz736BXYL29sRTxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:a6:6c:8a:b4:0b:13:1a:a7:40:1a:0d:9b:cd:ec:42:2d:2a:
         1f:96:e1:84:07:9b:8d:96:f3:73:79:c4:a6:42:ff:4f:c7:9c:
         6c:96:e1:bd:02:0f:3b:53:1e:1d:a0:d9:df:13:ff:b9:71:87:
         95:df:84:77:1c:df:04:c5:90:3e:15:b1:22:f5:6f:85:4b:f9:
         47:1a:f5:80:e8:0f:4f:09:6c:5a:a7:2b:25:65:f1:97:3c:71:
         8b:31:1e:8c:b0:94:cf:04:ff:06:a6:13:1a:84:7d:42:16:7c:
         8a:f6:47:40:10:c0:cb:d7:8e:10:66:c7:ef:f4:c8:e1:b7:81:
         77:fc:54:d9:4b:da:58:74:2a:7d:e5:97:62:49:98:79:ba:54:
         ce:75:12:f4:70:1a:e4:c7:ff:17:60:81:99:e7:d1:54:bd:d4:
         6c:4e:5f:e5:37:b2:3a:4f:e3:c5:06:ac:68:8d:dc:ef:80:51:
         87:5f:4e:3c:c8:a8:fc:7f:c7:4c:60:67:8a:34:dd:ee:ce:15:
         40:06:cf:31:53:5d:0a:07:52:66:71:26:ef:bf:86:a2:87:83:
         79:e9:75:7c:77:da:f7:3b:a2:a3:e9:2f:d1:bc:4d:6e:85:76:
         d2:af:a5:22:51:23:db:09:99:07:48:a8:53:8a:b7:dd:6f:5c:
         d8:88:a4:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgX7ot3W+9oQzgamSKVd1OHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjUwNzE3MTAyOTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGVkNDc4MzY2ZDBkMGI1ODljZmJkZmEwNTc2MGJkYmRiMTE0ZjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjodldKHkHAPc7sIG3JS9Cxl5Y1T
748JR3NWPJfNWKDS9b3BISyJwub9Rbbz9k3jh1qfhsc6lyvxekl9LZCNonsBW3zs
HFIDRbn8e17F6/CsH8/aP3FaOo4eKtt/qASIGBTg8WGlHXIDD6Amevflyjlcij+l
y+/v9pIlqxk487DpVwJanU0KDJJ3D26CtEEcW1T7Ryig2uM/CKb0Ljt1tuC7NDwI
ij2HBee10Ao27Dz7+U8LQUPmp92D7CkmJLks44HmIBjVUJ2d0uL//cLNx9qUps7E
uirXFeNye8KGWcOJsrSZwO94usVDy45pf+cKJLzdLfDSIm/6D1oe+sylpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjtR4Nm0NC1ic+9+gV2C9vbEU8SMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvZU8xSGcyYlEwTFdKejczNkJYWUwyOXNSVHhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SE1MA0G
CSqGSIb3DQEBCwUAA4IBAQCFpmyKtAsTGqdAGg2bzexCLSofluGEB5uNlvNzecSm
Qv9Px5xsluG9Ag87Ux4doNnfE/+5cYeV34R3HN8ExZA+FbEi9W+FS/lHGvWA6A9P
CWxapyslZfGXPHGLMR6MsJTPBP8GphMahH1CFnyK9kdAEMDL144QZsfv9Mjht4F3
/FTZS9pYdCp95ZdiSZh5ulTOdRL0cBrkx/8XYIGZ59FUvdRsTl/lN7I6T+PFBqxo
jdzvgFGHX048yKj8f8dMYGeKNN3uzhVABs8xU10KB1JmcSbvv4aih4N56XV8d9r3
O6Kj6S/RvE1uhXbSr6UiUSPbCZkHSKhTirfdb1zYiKSw
-----END CERTIFICATE-----