Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1-6yxVWwLuvZ8bwcn5ojarU6mwcQ.roa
File:                     1-6yxVWwLuvZ8bwcn5ojarU6mwcQ.roa (raw, json)
Hash identifier:          gJ0li0SiIKgEqMk2QQMCa+hbN6IWAHVPgpIEncKDzS0=
Subject key identifier:   FB:AC:B1:55:6C:0B:BA:F6:7C:6F:07:27:E6:88:DA:AD:4E:A6:C1:C4
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01981D78B209576959C6FF0CB83FCD6D97BA
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1-6yxVWwLuvZ8bwcn5ojarU6mwcQ.roa
Signing time:             Fri 18 Jul 2025 12:18:25 +0000
ROA not before:           Fri 18 Jul 2025 12:18:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213702
IP address blocks:        84.21.189.0/24 maxlen: 24
                          195.66.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1d:78:b2:09:57:69:59:c6:ff:0c:b8:3f:cd:6d:97:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul 18 12:18:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbacb1556c0bbaf67c6f0727e688daad4ea6c1c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c7:4b:a4:7a:29:9b:7e:8d:b9:7f:27:76:b9:
                    f7:f7:a1:45:8e:43:05:c9:66:ad:cc:e2:9e:65:50:
                    ea:29:03:47:8d:48:01:35:4d:a7:e7:54:01:5a:70:
                    da:ae:59:9c:3f:41:be:9b:24:b7:7d:e2:75:a1:5b:
                    d6:b2:ef:81:12:8c:6d:b0:5a:f0:ed:77:37:da:7b:
                    b8:51:4a:3a:13:4b:54:a1:aa:4b:9c:43:f0:5f:ad:
                    cc:74:c1:a4:0a:bd:9a:48:21:76:8c:ad:09:99:89:
                    be:24:bf:17:b0:a2:2a:b0:0a:90:b4:fd:b0:a7:1b:
                    e6:47:4a:d9:24:79:a1:ad:9a:a3:06:9f:fa:a6:79:
                    28:09:a9:4a:69:ea:11:54:5d:bd:cf:8e:25:7f:19:
                    c0:4d:ee:65:bc:9c:db:fc:c5:d8:db:42:7d:dd:2d:
                    a8:50:24:af:e6:de:10:98:2f:23:53:60:bf:83:5d:
                    3a:78:68:4c:e4:41:dc:9b:6a:b7:48:07:80:95:6c:
                    49:7e:58:8b:62:9a:94:35:15:3a:af:ea:97:8b:4a:
                    0e:47:b6:c4:bc:41:b1:7e:cc:cb:26:1f:c3:e1:5c:
                    c8:86:0d:f6:b7:83:ca:29:45:97:c7:10:79:28:3d:
                    93:2c:a3:af:0c:d7:9a:7c:8d:fb:ee:54:0a:6c:b0:
                    01:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:AC:B1:55:6C:0B:BA:F6:7C:6F:07:27:E6:88:DA:AD:4E:A6:C1:C4
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1-6yxVWwLuvZ8bwcn5ojarU6mwcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.189.0/24
                  195.66.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:97:70:9b:f4:91:f7:65:e4:ad:0d:97:3a:fc:ad:79:02:2d:
         60:2e:b3:82:5f:1c:69:6c:37:70:8d:8e:b8:25:4e:74:62:2d:
         aa:7f:c5:66:64:6b:44:ee:0b:e5:a1:4c:b7:ed:a8:bc:b0:84:
         f5:b3:ed:c6:5d:c8:06:1a:31:2a:e1:52:51:d5:48:b1:3d:1b:
         8c:75:64:40:02:93:1e:8c:18:97:52:e0:f3:5c:93:ba:e4:41:
         6c:4a:92:cb:2c:df:90:36:10:9c:9b:78:8c:39:01:02:a8:4d:
         c0:f6:e5:b5:d5:c8:73:ee:8d:e4:86:67:42:c3:c1:27:22:12:
         a0:5e:25:b3:ce:60:ab:be:b2:2c:ec:05:b2:94:27:4f:84:dd:
         9d:da:66:bf:87:09:51:bd:b4:c0:21:c9:31:77:50:6d:c7:b5:
         10:f8:fe:dd:57:39:9f:b3:9f:de:d3:c7:ef:46:30:5a:da:06:
         91:10:df:fb:82:84:d0:36:1e:44:25:0d:41:bc:c7:81:35:78:
         88:6b:91:3f:78:46:0e:17:18:a7:8c:01:3c:49:9f:31:a9:76:
         92:90:99:ad:2b:ba:7c:07:30:be:92:bd:96:a6:d5:e0:de:85:
         c5:b4:ae:12:50:d3:b5:b0:cd:ff:2b:68:49:43:a6:57:42:4e:
         47:ab:ef:f4
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZgdeLIJV2lZxv8MuD/NbZe6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNzE4MTIxODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmFjYjE1NTZjMGJiYWY2N2M2ZjA3MjdlNjg4ZGFhZDRlYTZjMWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsdLpHopm36NuX8ndrn396FFjkMF
yWatzOKeZVDqKQNHjUgBNU2n51QBWnDarlmcP0G+myS3feJ1oVvWsu+BEoxtsFrw
7Xc32nu4UUo6E0tUoapLnEPwX63MdMGkCr2aSCF2jK0JmYm+JL8XsKIqsAqQtP2w
pxvmR0rZJHmhrZqjBp/6pnkoCalKaeoRVF29z44lfxnATe5lvJzb/MXY20J93S2o
UCSv5t4QmC8jU2C/g106eGhM5EHcm2q3SAeAlWxJfliLYpqUNRU6r+qXi0oOR7bE
vEGxfszLJh/D4VzIhg32t4PKKUWXxxB5KD2TLKOvDNeafI377lQKbLABgwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPussVVsC7r2fG8HJ+aI2q1OpsHEMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMS02eXhWV3dMdXZaOGJ3Y241b2phclU2bXdjUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzAvNDlhZGM2LWJhODktNDAzZi1hZGE5LThjNTAwN2MyYTRi
Ni8xL2ZWV2FyN19Ba3hKQzRkWTNLWXp4M1NJLVRDWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFQVvQME
AMNCGzANBgkqhkiG9w0BAQsFAAOCAQEALJdwm/SR92XkrQ2XOvyteQItYC6zgl8c
aWw3cI2OuCVOdGItqn/FZmRrRO4L5aFMt+2ovLCE9bPtxl3IBhoxKuFSUdVIsT0b
jHVkQAKTHowYl1Lg81yTuuRBbEqSyyzfkDYQnJt4jDkBAqhNwPbltdXIc+6N5IZn
QsPBJyISoF4ls85gq76yLOwFspQnT4Tdndpmv4cJUb20wCHJMXdQbce1EPj+3Vc5
n7Of3tPH70YwWtoGkRDf+4KE0DYeRCUNQbzHgTV4iGuRP3hGDhcYp4wBPEmfMal2
kpCZrSu6fAcwvpK9lqbV4N6FxbSuElDTtbDN/ytoSUOmV0JOR6vv9A==
-----END CERTIFICATE-----