Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/8IbY418lGCc-3Moz0-nHHKuh4LA.roa
File:                     8IbY418lGCc-3Moz0-nHHKuh4LA.roa (raw, json)
Hash identifier:          WZ59TYG9fVS7gQMAnCKCSShz/vEQxOQYrZNnjsR3v8c=
Subject key identifier:   F0:86:D8:E3:5F:25:18:27:3E:DC:CA:33:D3:E9:C7:1C:AB:A1:E0:B0
Certificate issuer:       /CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
Certificate serial:       019A5E0687AE646F0D02DFFF7D6039A6253B
Authority key identifier: C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/8IbY418lGCc-3Moz0-nHHKuh4LA.roa
Signing time:             Fri 07 Nov 2025 11:14:37 +0000
ROA not before:           Fri 07 Nov 2025 11:14:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215074
IP address blocks:        85.235.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5e:06:87:ae:64:6f:0d:02:df:ff:7d:60:39:a6:25:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
        Validity
            Not Before: Nov  7 11:14:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f086d8e35f2518273edcca33d3e9c71caba1e0b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:75:c7:ca:38:ac:ce:62:19:fb:13:e8:c1:bd:
                    20:45:06:80:6e:05:1d:75:0a:85:6e:b5:37:57:09:
                    c5:0d:59:fb:eb:df:55:ef:5a:9d:79:41:33:0a:21:
                    b5:c1:ea:fb:b9:46:9b:aa:48:5e:5b:bb:f9:86:b1:
                    40:92:86:a5:2a:57:e2:a2:c7:51:92:2e:22:2f:35:
                    87:a0:fc:3f:c8:72:c9:52:6c:6b:1e:22:58:93:10:
                    82:2c:7d:80:48:ab:82:20:8f:69:f1:58:6a:cc:04:
                    aa:17:3d:de:e0:d7:e1:2e:b8:ec:70:11:77:35:43:
                    31:d1:3a:dc:63:f8:e7:0a:41:da:81:ed:77:65:27:
                    2e:06:e3:c6:bc:db:4e:80:93:b6:85:1e:22:e0:b0:
                    04:09:c4:7d:9e:2c:5e:07:6a:25:a7:39:79:cd:0b:
                    d1:f9:5c:94:23:91:8a:92:3c:cf:b4:6b:19:b4:8e:
                    91:96:e3:c5:1d:db:f8:76:6c:7a:9b:82:fc:d3:5b:
                    52:65:2a:14:16:78:a7:6a:ab:35:8c:be:e8:db:58:
                    31:48:e3:b4:dd:3e:97:75:6e:92:63:b2:c5:ba:c1:
                    b5:df:56:bf:3c:ce:f5:ca:89:dc:5e:7e:2f:ce:a1:
                    08:da:93:72:7c:55:6a:8c:cb:63:59:50:3b:dd:ad:
                    4a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:86:D8:E3:5F:25:18:27:3E:DC:CA:33:D3:E9:C7:1C:AB:A1:E0:B0
            X509v3 Authority Key Identifier:
                keyid:C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/8IbY418lGCc-3Moz0-nHHKuh4LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:a0:73:bd:e5:62:af:d1:b8:89:af:fd:18:26:5b:7e:3c:d8:
         52:5d:67:ef:80:e0:ac:04:be:f3:4f:28:3e:ef:9c:d6:f1:b1:
         94:18:8d:14:22:c7:9e:38:07:0d:b4:03:f6:2e:87:87:3d:61:
         0e:46:7b:2c:b9:ab:1e:d0:11:9a:6d:4d:38:a0:86:f9:49:69:
         c0:bb:cd:de:2c:c2:6f:52:a7:a4:7a:d9:a3:2f:7e:94:09:e0:
         ba:a8:73:f7:e8:63:76:49:96:da:0c:57:7c:d5:b6:d4:85:a9:
         2a:c8:55:ed:38:96:b4:f2:a1:54:ee:76:fb:24:5b:7f:b9:da:
         aa:fb:4d:e0:f0:76:31:d9:64:ab:17:9a:c8:8e:1f:19:fb:aa:
         18:e3:89:c2:5c:65:89:d7:65:4d:4a:74:2c:b0:5f:1e:6c:b2:
         e3:3c:f4:78:16:75:68:c6:94:6a:ae:44:87:0a:82:b3:57:de:
         b1:0d:aa:57:e1:ac:78:b5:f7:3c:06:b5:dd:3b:c5:94:aa:c8:
         92:86:6d:31:2c:33:40:f4:f0:f4:bf:bb:d7:3a:8a:e0:c9:d8:
         6d:a5:6e:1c:ae:d1:c7:9f:79:34:98:26:e2:58:87:76:cc:00:
         d1:75:87:2b:11:78:2d:a3:e0:9f:2f:12:ae:8c:60:c7:97:da:
         46:50:aa:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpeBoeuZG8NAt//fWA5piU7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NWExZGExY2IxYzkyMGFlMmY5Yjc0ODI3MGZkZWQ4NzM3
YTkxODQwHhcNMjUxMTA3MTExNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDg2ZDhlMzVmMjUxODI3M2VkY2NhMzNkM2U5YzcxY2FiYTFlMGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXXHyjiszmIZ+xPowb0gRQaAbgUd
dQqFbrU3VwnFDVn7699V71qdeUEzCiG1wer7uUabqkheW7v5hrFAkoalKlfiosdR
ki4iLzWHoPw/yHLJUmxrHiJYkxCCLH2ASKuCII9p8VhqzASqFz3e4NfhLrjscBF3
NUMx0TrcY/jnCkHage13ZScuBuPGvNtOgJO2hR4i4LAECcR9nixeB2olpzl5zQvR
+VyUI5GKkjzPtGsZtI6RluPFHdv4dmx6m4L801tSZSoUFninaqs1jL7o21gxSOO0
3T6XdW6SY7LFusG131a/PM71yoncXn4vzqEI2pNyfFVqjMtjWVA73a1KEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCG2ONfJRgnPtzKM9PpxxyroeCwMB8GA1UdIwQY
MBaAFMZaHaHLHJIK4vm3SCcP3thzepGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAt
MzZiYWM4ZDkxZTJlLzEvOEliWTQxOGxHQ2MtM01vejAtbkhIS3VoNExBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAtMzZiYWM4ZDkxZTJl
LzEveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVetQMA0G
CSqGSIb3DQEBCwUAA4IBAQBSoHO95WKv0biJr/0YJlt+PNhSXWfvgOCsBL7zTyg+
75zW8bGUGI0UIseeOAcNtAP2LoeHPWEORnssuase0BGabU04oIb5SWnAu83eLMJv
UqeketmjL36UCeC6qHP36GN2SZbaDFd81bbUhakqyFXtOJa08qFU7nb7JFt/udqq
+03g8HYx2WSrF5rIjh8Z+6oY44nCXGWJ12VNSnQssF8ebLLjPPR4FnVoxpRqrkSH
CoKzV96xDapX4ax4tfc8BrXdO8WUqsiShm0xLDNA9PD0v7vXOorgydhtpW4crtHH
n3k0mCbiWId2zADRdYcrEXgto+CfLxKujGDHl9pGUKpK
-----END CERTIFICATE-----