Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/fEjbKtb8MPj04CT9r7hrNNjOJRw.roa
File:                     fEjbKtb8MPj04CT9r7hrNNjOJRw.roa (raw, json)
Hash identifier:          DYZ9UlAB6HCAVPjpvv91lPxzgrulNFWT3bl+f5HXyz8=
Subject key identifier:   7C:48:DB:2A:D6:FC:30:F8:F4:E0:24:FD:AF:B8:6B:34:D8:CE:25:1C
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019A113F770096D3088B543AD6C684920FCF
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/fEjbKtb8MPj04CT9r7hrNNjOJRw.roa
Signing time:             Thu 23 Oct 2025 13:26:03 +0000
ROA not before:           Thu 23 Oct 2025 13:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14576
IP address blocks:        193.233.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 19:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:11:3f:77:00:96:d3:08:8b:54:3a:d6:c6:84:92:0f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Oct 23 13:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c48db2ad6fc30f8f4e024fdafb86b34d8ce251c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:7d:a5:5e:91:5a:54:57:6b:b7:f2:bc:3a:a5:
                    8d:11:09:f8:63:10:05:40:96:da:cf:de:aa:b1:14:
                    b2:68:3d:16:73:f0:ac:4a:a4:ee:6f:28:eb:a9:0c:
                    4f:5b:68:48:5a:3c:2d:de:dc:c7:16:a1:f2:4b:83:
                    a3:84:c5:5c:21:06:b6:f4:5e:99:b2:52:5e:fe:90:
                    bb:40:67:c3:91:be:1c:8f:7b:38:d8:21:23:18:d6:
                    25:2f:bc:4e:ec:d3:2f:be:45:0d:7f:6e:3a:9e:28:
                    e4:fb:94:b2:8b:c2:a0:4b:81:c9:02:ff:46:bb:ba:
                    9b:f9:5b:2b:e2:4d:91:d7:a3:20:d7:be:e7:47:53:
                    3a:47:e5:59:be:7d:9e:75:67:69:83:55:1b:54:a9:
                    a3:08:d5:cd:41:93:fb:53:13:ed:de:25:09:81:9e:
                    22:54:a8:a6:8c:0c:ce:19:16:0d:6a:72:db:87:8d:
                    54:79:e7:55:7b:ad:e3:34:63:a6:57:44:68:20:a8:
                    2a:e3:ce:f4:83:68:47:f4:0c:1a:1b:d9:ba:65:62:
                    b2:ec:05:a8:dc:d9:5b:e5:fe:b3:a0:cd:6a:43:aa:
                    5c:ad:a7:c6:73:a3:5f:c2:1d:d7:db:e7:5e:b8:30:
                    29:d6:2e:d8:1e:7e:8b:a7:0a:04:9c:ab:8b:43:c2:
                    0f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:48:DB:2A:D6:FC:30:F8:F4:E0:24:FD:AF:B8:6B:34:D8:CE:25:1C
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/fEjbKtb8MPj04CT9r7hrNNjOJRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:1c:80:4f:8f:e6:cb:89:9e:87:73:0b:6a:51:5c:c2:1e:da:
         e0:a2:9d:61:27:54:43:38:92:4d:ec:da:27:5f:65:34:3b:9c:
         bc:b7:64:f1:b7:3e:c4:55:f5:6d:7d:ab:f1:c4:73:3f:04:ee:
         8c:fd:53:37:f3:85:3a:04:7e:ed:90:16:02:4a:99:64:2a:30:
         8d:d5:50:93:cd:ed:c5:0d:9b:e4:0e:d4:e2:7b:96:ad:8d:03:
         96:6a:be:4f:9c:02:8e:73:a8:93:47:c9:fc:f3:7b:f8:7c:65:
         99:eb:e1:3d:c9:a7:2a:d4:84:5f:49:43:f1:96:54:8e:39:56:
         97:e3:77:be:82:77:50:0e:eb:27:be:7b:62:c4:cf:14:76:68:
         d2:bb:3b:15:96:a5:cd:bf:b2:18:5d:4a:42:15:87:36:1f:ad:
         39:9d:57:2f:bb:f7:11:b7:2e:9f:ad:3f:9b:0b:f1:c7:47:dd:
         7d:76:26:3a:f7:59:6f:d5:aa:b1:dd:b6:3a:b1:2c:74:a1:98:
         9d:96:ec:df:ff:39:2c:da:44:2c:7c:12:b6:9a:5c:92:5e:65:
         c5:21:c8:19:9a:73:4f:3d:29:12:06:0c:6d:f6:f6:f4:38:98:
         81:6a:1b:e1:c2:70:17:cb:95:32:46:cf:11:f8:92:34:a8:d7:
         a4:a5:f0:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoRP3cAltMIi1Q61saEkg/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUxMDIzMTMyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzQ4ZGIyYWQ2ZmMzMGY4ZjRlMDI0ZmRhZmI4NmIzNGQ4Y2UyNTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0H2lXpFaVFdrt/K8OqWNEQn4YxAF
QJbaz96qsRSyaD0Wc/CsSqTubyjrqQxPW2hIWjwt3tzHFqHyS4OjhMVcIQa29F6Z
slJe/pC7QGfDkb4cj3s42CEjGNYlL7xO7NMvvkUNf246nijk+5Syi8KgS4HJAv9G
u7qb+Vsr4k2R16Mg177nR1M6R+VZvn2edWdpg1UbVKmjCNXNQZP7UxPt3iUJgZ4i
VKimjAzOGRYNanLbh41UeedVe63jNGOmV0RoIKgq4870g2hH9AwaG9m6ZWKy7AWo
3Nlb5f6zoM1qQ6pcrafGc6Nfwh3X2+deuDAp1i7YHn6LpwoEnKuLQ8IPDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxI2yrW/DD49OAk/a+4azTYziUcMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvZkVqYkt0YjhNUGowNENUOXI3aHJOTmpPSlJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwelbMA0G
CSqGSIb3DQEBCwUAA4IBAQCeHIBPj+bLiZ6HcwtqUVzCHtrgop1hJ1RDOJJN7Non
X2U0O5y8t2Txtz7EVfVtfavxxHM/BO6M/VM384U6BH7tkBYCSplkKjCN1VCTze3F
DZvkDtTie5atjQOWar5PnAKOc6iTR8n883v4fGWZ6+E9yacq1IRfSUPxllSOOVaX
43e+gndQDusnvntixM8UdmjSuzsVlqXNv7IYXUpCFYc2H605nVcvu/cRty6frT+b
C/HHR919diY691lv1aqx3bY6sSx0oZidluzf/zks2kQsfBK2mlySXmXFIcgZmnNP
PSkSBgxt9vb0OJiBahvhwnAXy5UyRs8R+JI0qNekpfCK
-----END CERTIFICATE-----