Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/dcdUaVsbK9eNo1r-m0RN5v4IuI0.roa
File:                     dcdUaVsbK9eNo1r-m0RN5v4IuI0.roa (raw, json)
Hash identifier:          16XY+REBNBY9vjc35N7Gk6wmQpGirjvhIjfgeZGXyFo=
Subject key identifier:   75:C7:54:69:5B:1B:2B:D7:8D:A3:5A:FE:9B:44:4D:E6:FE:08:B8:8D
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       01995650F4AFA3BB374CF625157417901763
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/dcdUaVsbK9eNo1r-m0RN5v4IuI0.roa
Signing time:             Wed 17 Sep 2025 06:16:10 +0000
ROA not before:           Wed 17 Sep 2025 06:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        62.164.195.0/24 maxlen: 24
                          194.76.114.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:56:50:f4:af:a3:bb:37:4c:f6:25:15:74:17:90:17:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Sep 17 06:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75c754695b1b2bd78da35afe9b444de6fe08b88d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:be:89:7e:76:d7:5d:50:50:be:1c:ec:5f:6c:
                    ef:ce:b4:eb:b2:5e:17:1e:87:a4:b7:68:03:c8:25:
                    b4:4c:fe:a2:f5:ff:f5:e5:a6:0a:19:a8:71:15:d7:
                    1f:cf:1d:81:71:8f:9e:33:71:d8:3d:a0:52:b9:8a:
                    d9:cf:5a:9c:4c:ea:cf:66:97:d7:a5:04:fd:4d:99:
                    8e:1e:a6:b5:bf:aa:64:f2:e3:05:11:6c:44:1a:8d:
                    a0:35:98:89:c5:0d:26:db:7f:c5:ea:90:94:53:d8:
                    89:df:55:d4:91:0b:e6:25:ce:1d:71:01:ac:c7:88:
                    88:58:43:f7:0d:4f:6b:7b:13:0d:ca:b3:3f:0c:f1:
                    9c:80:2d:fc:bf:79:56:27:8b:5d:21:8b:37:aa:8f:
                    f4:de:89:c4:d7:16:6b:75:e3:29:46:a3:db:f2:cb:
                    4e:16:58:7a:2c:f4:0b:66:5b:4e:ad:03:dc:8c:7e:
                    82:94:c3:d2:72:a8:9a:1d:b8:34:f5:7b:29:c6:cc:
                    57:4b:0c:32:19:61:e5:99:dc:3c:e8:b5:8b:34:c9:
                    00:a6:92:37:88:c4:60:f1:31:32:12:77:53:53:f3:
                    ba:2d:10:ec:e7:72:a1:a4:2b:61:7b:41:6f:5c:1c:
                    98:24:66:91:e4:00:93:5f:8a:54:2d:30:3c:f3:c8:
                    fa:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:C7:54:69:5B:1B:2B:D7:8D:A3:5A:FE:9B:44:4D:E6:FE:08:B8:8D
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/dcdUaVsbK9eNo1r-m0RN5v4IuI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.195.0/24
                  194.76.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:dc:92:68:12:6e:c4:0f:ea:dd:3b:c8:1c:5a:47:df:3a:66:
         c1:98:d2:d8:d4:ce:15:d9:ae:05:95:1f:99:ce:e4:df:c3:cb:
         24:6b:0f:79:e1:90:d3:ab:fa:6d:c8:da:ed:da:37:b9:b6:06:
         7f:5f:c7:22:42:be:1c:0f:cf:42:74:23:b0:91:e0:7e:60:13:
         a7:28:f1:04:da:f9:b9:09:87:6a:3e:06:92:20:43:41:0a:92:
         f1:c8:bd:57:c1:fa:6c:55:95:a0:c7:17:97:df:a4:ca:ea:b8:
         82:9a:78:47:2b:2b:3d:b7:20:4f:10:a5:ec:ae:67:94:0e:8c:
         73:43:0f:47:99:9b:67:de:eb:62:cb:4e:eb:18:3a:64:2d:d3:
         41:22:00:ad:70:cd:76:92:37:5b:b2:19:ce:10:4b:00:87:ba:
         b1:b8:0c:8f:3e:7e:5c:10:0e:15:f9:db:c1:1f:38:a1:01:a3:
         c0:20:a0:bf:3d:a9:fc:e4:1b:76:76:96:90:b4:d9:ab:9b:e1:
         38:05:2c:47:80:cb:58:47:70:28:4c:4e:28:d6:33:e3:24:e8:
         dd:f1:d6:ad:31:68:e8:c8:a9:e5:68:6b:f3:78:68:1a:5b:f4:
         ab:3b:21:1d:43:0c:76:9c:2d:f6:48:2b:26:e4:7b:5e:1c:ce:
         54:b2:51:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlWUPSvo7s3TPYlFXQXkBdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjUwOTE3MDYxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWM3NTQ2OTViMWIyYmQ3OGRhMzVhZmU5YjQ0NGRlNmZlMDhiODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuL6JfnbXXVBQvhzsX2zvzrTrsl4X
Hoekt2gDyCW0TP6i9f/15aYKGahxFdcfzx2BcY+eM3HYPaBSuYrZz1qcTOrPZpfX
pQT9TZmOHqa1v6pk8uMFEWxEGo2gNZiJxQ0m23/F6pCUU9iJ31XUkQvmJc4dcQGs
x4iIWEP3DU9rexMNyrM/DPGcgC38v3lWJ4tdIYs3qo/03onE1xZrdeMpRqPb8stO
Flh6LPQLZltOrQPcjH6ClMPScqiaHbg09XspxsxXSwwyGWHlmdw86LWLNMkAppI3
iMRg8TEyEndTU/O6LRDs53KhpCthe0FvXByYJGaR5ACTX4pULTA888j6ewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHXHVGlbGyvXjaNa/ptETeb+CLiNMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvZGNkVWFWc2JLOWVObzFyLW0wUk41djRJdUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPqTDAwQB
wkxyMA0GCSqGSIb3DQEBCwUAA4IBAQBH3JJoEm7ED+rdO8gcWkffOmbBmNLY1M4V
2a4FlR+ZzuTfw8skaw954ZDTq/ptyNrt2je5tgZ/X8ciQr4cD89CdCOwkeB+YBOn
KPEE2vm5CYdqPgaSIENBCpLxyL1XwfpsVZWgxxeX36TK6riCmnhHKys9tyBPEKXs
rmeUDoxzQw9HmZtn3utiy07rGDpkLdNBIgCtcM12kjdbshnOEEsAh7qxuAyPPn5c
EA4V+dvBHzihAaPAIKC/Pan85Bt2dpaQtNmrm+E4BSxHgMtYR3AoTE4o1jPjJOjd
8datMWjoyKnlaGvzeGgaW/SrOyEdQwx2nC32SCsm5HteHM5UslG5
-----END CERTIFICATE-----