Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/4tkEYNCSDVFSV4yN09tQS4H9ll0.roa
File:                     4tkEYNCSDVFSV4yN09tQS4H9ll0.roa (raw, json)
Hash identifier:          DFOMcjMeVbK8Ftp6RD/k3U9BGqgzFs3va65G0d6TnJU=
Subject key identifier:   E2:D9:04:60:D0:92:0D:51:52:57:8C:8D:D3:DB:50:4B:81:FD:96:5D
Certificate issuer:       /CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
Certificate serial:       0199944BD8B0973A31B7C7ECD491868A83F2
Authority key identifier: 29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/4tkEYNCSDVFSV4yN09tQS4H9ll0.roa
Signing time:             Mon 29 Sep 2025 07:07:02 +0000
ROA not before:           Mon 29 Sep 2025 07:07:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47629
IP address blocks:        79.110.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Oct 2025 21:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:4b:d8:b0:97:3a:31:b7:c7:ec:d4:91:86:8a:83:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
        Validity
            Not Before: Sep 29 07:07:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2d90460d0920d5152578c8dd3db504b81fd965d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9b:e2:53:a1:e0:1c:ac:09:9e:bf:4b:bc:d1:
                    ce:00:ff:1b:c4:41:ce:7c:f1:75:b1:5d:6f:04:2c:
                    19:d4:04:98:82:ec:d2:87:fc:20:ed:8e:e0:94:a7:
                    97:86:c4:41:19:d3:84:24:50:57:d6:f0:c7:be:91:
                    53:08:24:a1:d1:40:cf:59:f8:be:f8:47:ef:56:ef:
                    f2:8f:44:35:a2:f9:16:91:4b:4e:25:63:2e:99:db:
                    91:e1:26:b5:f0:17:fb:1a:f4:2f:98:8f:8e:a9:9a:
                    38:ca:c9:3b:f4:fe:29:79:b2:09:ef:26:1c:31:ae:
                    2e:50:35:21:77:a3:4b:60:13:18:f9:ee:20:59:62:
                    00:72:70:fc:fa:8c:0b:7a:6e:72:c3:26:85:c6:72:
                    ff:5e:3b:a8:ab:d6:c0:e7:d6:74:72:9e:5d:62:af:
                    8d:87:42:a9:4e:cc:f5:c4:00:09:12:a8:39:2e:4b:
                    9b:cc:3d:06:4c:fd:e6:c1:b7:62:7a:c0:a3:1d:e7:
                    b1:54:a5:b4:45:ac:58:16:8f:d8:19:24:89:97:61:
                    c9:73:2b:b6:9a:60:a3:e9:a4:87:ea:f8:45:ae:d3:
                    a8:3c:ac:42:fb:fa:e1:d6:97:f3:42:77:e6:ca:ed:
                    8d:dd:4b:3a:43:34:6c:74:58:89:ab:d5:ee:80:b4:
                    39:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:D9:04:60:D0:92:0D:51:52:57:8C:8D:D3:DB:50:4B:81:FD:96:5D
            X509v3 Authority Key Identifier:
                keyid:29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/4tkEYNCSDVFSV4yN09tQS4H9ll0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:86:2d:be:9d:f8:0e:0d:30:1a:c7:0a:46:37:f3:18:69:51:
         7a:b1:ab:ac:9d:da:74:64:2a:8b:4c:b2:4f:10:e4:a9:60:07:
         ac:d5:9d:dc:2f:a6:40:9f:20:39:95:9f:a4:f0:a8:68:fe:60:
         d0:f6:2c:91:1f:e6:58:ec:c1:40:9e:d5:67:5e:ad:ce:7a:fd:
         05:c8:9c:8f:d5:76:b0:79:a0:2f:87:7b:f3:27:d0:92:d4:5b:
         cf:50:fb:05:ff:f5:6a:83:8b:c3:ad:d8:d0:4a:aa:04:7c:18:
         86:13:7e:5d:fa:13:81:5c:92:b5:90:6b:1f:6b:e1:2a:a1:99:
         f5:0c:f8:dc:c8:61:c7:b8:90:1a:a2:89:c7:36:8c:80:37:7b:
         37:10:33:1f:d7:ac:69:db:e6:36:f3:9a:05:2d:c3:82:49:04:
         4c:fc:eb:95:27:d7:23:94:07:2d:c7:15:34:70:6a:58:53:05:
         15:a0:f1:10:2f:2d:34:fb:39:93:ff:e4:88:ab:7e:26:61:83:
         8b:a4:19:a4:cc:74:d8:d8:f9:da:49:7e:e5:2c:be:00:e3:a2:
         5a:f5:bb:59:92:37:4a:c3:ef:63:02:5b:b6:02:42:81:3a:ce:
         b4:af:35:fa:b7:3a:5b:77:a6:77:72:ff:3f:17:c2:79:e2:4b:
         af:b8:a3:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmUS9iwlzoxt8fs1JGGioPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODM4NDFiYzA5ZjFmZDRmZTNkZTk5MTAxNmMwYjcxMjZm
YmE1MmUwHhcNMjUwOTI5MDcwNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmQ5MDQ2MGQwOTIwZDUxNTI1NzhjOGRkM2RiNTA0YjgxZmQ5NjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5viU6HgHKwJnr9LvNHOAP8bxEHO
fPF1sV1vBCwZ1ASYguzSh/wg7Y7glKeXhsRBGdOEJFBX1vDHvpFTCCSh0UDPWfi+
+EfvVu/yj0Q1ovkWkUtOJWMumduR4Sa18Bf7GvQvmI+OqZo4ysk79P4pebIJ7yYc
Ma4uUDUhd6NLYBMY+e4gWWIAcnD8+owLem5ywyaFxnL/Xjuoq9bA59Z0cp5dYq+N
h0KpTsz1xAAJEqg5LkubzD0GTP3mwbdiesCjHeexVKW0RaxYFo/YGSSJl2HJcyu2
mmCj6aSH6vhFrtOoPKxC+/rh1pfzQnfmyu2N3Us6QzRsdFiJq9XugLQ5mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLZBGDQkg1RUleMjdPbUEuB/ZZdMB8GA1UdIwQY
MBaAFCmDhBvAnx/U/j3pkQFsC3Em+6UuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2It
MWRkNWRhYjM2ZjlmLzEvNHRrRVlOQ1NEVkZTVjR5TjA5dFFTNEg5bGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2ItMWRkNWRhYjM2Zjlm
LzEvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT26nMA0G
CSqGSIb3DQEBCwUAA4IBAQAShi2+nfgODTAaxwpGN/MYaVF6sausndp0ZCqLTLJP
EOSpYAes1Z3cL6ZAnyA5lZ+k8Kho/mDQ9iyRH+ZY7MFAntVnXq3Oev0FyJyP1Xaw
eaAvh3vzJ9CS1FvPUPsF//Vqg4vDrdjQSqoEfBiGE35d+hOBXJK1kGsfa+EqoZn1
DPjcyGHHuJAaoonHNoyAN3s3EDMf16xp2+Y285oFLcOCSQRM/OuVJ9cjlActxxU0
cGpYUwUVoPEQLy00+zmT/+SIq34mYYOLpBmkzHTY2PnaSX7lLL4A46Ja9btZkjdK
w+9jAlu2AkKBOs60rzX6tzpbd6Z3cv8/F8J54kuvuKOp
-----END CERTIFICATE-----