Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/2tFj9_tuvHdE6yjNxLbekXML8wY.roa
File:                     2tFj9_tuvHdE6yjNxLbekXML8wY.roa (raw, json)
Hash identifier:          /lbJk8NoZ4p8z6eLLr9xWEF8qpeemJ917/7L62Dt9OY=
Subject key identifier:   DA:D1:63:F7:FB:6E:BC:77:44:EB:28:CD:C4:B6:DE:91:73:0B:F3:06
Certificate issuer:       /CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
Certificate serial:       0197E46E4B7E4C3145913D37AC9D7529C7D6
Authority key identifier: D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/2tFj9_tuvHdE6yjNxLbekXML8wY.roa
Signing time:             Mon 07 Jul 2025 10:28:42 +0000
ROA not before:           Mon 07 Jul 2025 10:28:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207270
IP address blocks:        85.117.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:6e:4b:7e:4c:31:45:91:3d:37:ac:9d:75:29:c7:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
        Validity
            Not Before: Jul  7 10:28:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dad163f7fb6ebc7744eb28cdc4b6de91730bf306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7a:f9:5e:5b:0a:d0:91:f1:a1:a8:f1:39:49:
                    10:04:fd:63:37:ea:4a:b1:9f:aa:03:2d:e9:d5:06:
                    4b:22:be:72:db:c7:f5:16:af:bf:81:1a:cd:7b:19:
                    fd:93:44:06:54:98:97:00:af:1c:a5:c4:29:70:1c:
                    44:9f:7c:d7:58:37:6d:c1:7f:62:c6:e0:7e:ea:7a:
                    ca:0b:55:e8:c3:42:80:25:d1:b6:71:96:3b:1e:23:
                    95:90:a3:73:00:31:7b:87:71:c6:5f:c1:35:15:cb:
                    6c:7b:0d:76:ef:17:db:31:eb:5c:73:85:42:e6:56:
                    85:04:a4:60:ab:3b:da:e7:9b:14:f9:88:8f:9a:a3:
                    9e:7d:54:41:16:2c:9f:0e:61:9f:7f:4f:7f:68:73:
                    4e:a5:30:95:d4:2c:dc:d1:44:b6:0f:85:e1:28:e1:
                    fb:99:2f:af:76:5a:c2:c5:a6:de:b3:eb:3f:95:de:
                    48:e0:f6:6c:c5:31:94:c2:4b:ab:33:fe:32:6c:45:
                    67:6e:ed:2f:ba:01:b3:8a:58:b9:47:fc:e9:34:82:
                    e3:df:32:1f:ea:ae:2c:6a:d2:10:f2:7e:10:a9:b6:
                    d8:dd:04:16:4f:81:c9:ed:e8:36:fd:7c:6f:f1:9a:
                    13:4e:59:5d:74:b3:7c:7c:0b:a8:c3:e6:0b:78:a2:
                    8c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D1:63:F7:FB:6E:BC:77:44:EB:28:CD:C4:B6:DE:91:73:0B:F3:06
            X509v3 Authority Key Identifier:
                keyid:D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/2tFj9_tuvHdE6yjNxLbekXML8wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:ec:e2:c8:8c:b7:61:14:ca:90:53:18:8d:62:27:e5:9b:0e:
         72:02:c4:e6:e1:2a:fc:30:2e:31:81:90:31:2a:30:0a:06:10:
         42:d4:1a:ca:39:86:41:fb:8e:69:6b:e5:00:56:c7:a8:62:72:
         89:aa:e5:c0:e9:74:34:f8:08:e8:53:2c:92:42:e5:0f:ff:24:
         b1:65:47:f9:02:33:bf:ed:a5:b3:4d:5f:91:77:8c:9f:15:15:
         00:ee:73:14:d2:49:f7:4d:0d:6f:8e:c6:a7:a8:94:09:d4:63:
         74:ae:51:cb:78:3d:b5:42:bc:49:a1:65:07:42:ca:88:2d:8f:
         ab:83:87:b1:46:a4:ae:b9:b4:e4:97:f6:33:6c:5f:28:20:84:
         85:fa:96:73:30:10:49:88:83:76:01:da:89:aa:d6:87:ed:15:
         c0:16:70:6f:dc:97:44:01:91:d5:1a:a3:80:a4:4d:c9:b7:ac:
         83:33:f9:e9:23:cd:af:b4:2a:73:e4:76:ec:7b:79:40:9a:ce:
         08:9e:b6:d9:ce:26:bc:71:02:b4:f4:4a:fb:98:0d:59:c8:6e:
         7b:d7:fd:f9:17:30:d8:bd:9e:a3:43:ca:af:f0:f7:a5:d6:bd:
         e6:da:50:9d:25:66:7f:30:21:84:a6:2e:3d:e1:f2:81:fd:5d:
         b7:8a:af:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfkbkt+TDFFkT03rJ11KcfWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NjczOGE4ZGFkYWMyZDBkM2FlZGRiOTM0ZjgyMDA2NmI5
ZjVmZWIwHhcNMjUwNzA3MTAyODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWQxNjNmN2ZiNmViYzc3NDRlYjI4Y2RjNGI2ZGU5MTczMGJmMzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinr5XlsK0JHxoajxOUkQBP1jN+pK
sZ+qAy3p1QZLIr5y28f1Fq+/gRrNexn9k0QGVJiXAK8cpcQpcBxEn3zXWDdtwX9i
xuB+6nrKC1Xow0KAJdG2cZY7HiOVkKNzADF7h3HGX8E1Fctsew127xfbMetcc4VC
5laFBKRgqzva55sU+YiPmqOefVRBFiyfDmGff09/aHNOpTCV1Czc0US2D4XhKOH7
mS+vdlrCxabes+s/ld5I4PZsxTGUwkurM/4ybEVnbu0vugGzili5R/zpNILj3zIf
6q4satIQ8n4QqbbY3QQWT4HJ7eg2/Xxv8ZoTTllddLN8fAuow+YLeKKMPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrRY/f7brx3ROsozcS23pFzC/MGMB8GA1UdIwQY
MBaAFNZnOKja2sLQ067duTT4IAZrn1/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQt
NmExZTBlYzcxZGE4LzEvMnRGajlfdHV2SGRFNnlqTnhMYmVrWE1MOHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQtNmExZTBlYzcxZGE4
LzEvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXUpMA0G
CSqGSIb3DQEBCwUAA4IBAQAz7OLIjLdhFMqQUxiNYiflmw5yAsTm4Sr8MC4xgZAx
KjAKBhBC1BrKOYZB+45pa+UAVseoYnKJquXA6XQ0+AjoUyySQuUP/ySxZUf5AjO/
7aWzTV+Rd4yfFRUA7nMU0kn3TQ1vjsanqJQJ1GN0rlHLeD21QrxJoWUHQsqILY+r
g4exRqSuubTkl/YzbF8oIISF+pZzMBBJiIN2AdqJqtaH7RXAFnBv3JdEAZHVGqOA
pE3Jt6yDM/npI82vtCpz5Hbse3lAms4InrbZzia8cQK09Er7mA1ZyG571/35FzDY
vZ6jQ8qv8Pel1r3m2lCdJWZ/MCGEpi494fKB/V23iq8K
-----END CERTIFICATE-----