Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/2VoJCzWsH7tpLExh3zAv4J_Y_tU.roa
File:                     2VoJCzWsH7tpLExh3zAv4J_Y_tU.roa (raw, json)
Hash identifier:          Q/j6x4CenxZPHo/oZBc7mYlTQJH6IXj/6gsMiwILFUE=
Subject key identifier:   D9:5A:09:0B:35:AC:1F:BB:69:2C:4C:61:DF:30:2F:E0:9F:D8:FE:D5
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01993948CA2920853FAE8A9F1810BA77707F
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/2VoJCzWsH7tpLExh3zAv4J_Y_tU.roa
Signing time:             Thu 11 Sep 2025 14:58:15 +0000
ROA not before:           Thu 11 Sep 2025 14:58:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22773
IP address blocks:        84.32.52.0/22 maxlen: 24
                          88.216.129.0/24 maxlen: 24
                          88.216.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 08:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:39:48:ca:29:20:85:3f:ae:8a:9f:18:10:ba:77:70:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Sep 11 14:58:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d95a090b35ac1fbb692c4c61df302fe09fd8fed5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c5:ae:8c:6c:fe:73:ba:22:2b:d5:65:5c:87:
                    38:f5:d1:26:2d:8f:64:0f:7d:35:bd:68:01:d0:27:
                    9c:01:a3:ba:ce:3d:50:03:c9:30:87:38:be:16:73:
                    a6:73:fb:06:77:fa:8b:69:11:fe:0c:c4:68:a7:12:
                    25:21:21:31:5e:09:ec:7e:f2:dc:f6:0e:e8:08:bd:
                    a3:82:37:e1:c8:86:39:f4:35:b7:17:69:09:bf:22:
                    1d:2e:59:03:57:f2:18:0d:18:8c:41:a3:ff:08:59:
                    e3:0e:b7:04:76:65:b9:ef:1d:71:7f:68:13:30:f4:
                    78:0a:c4:b6:4d:67:aa:48:97:48:e1:17:9a:f3:db:
                    37:86:56:9d:ab:2b:d3:b1:46:a1:10:fd:3b:3f:3b:
                    94:74:2c:80:42:fd:d1:85:23:10:d7:2d:e2:4c:40:
                    e7:19:e6:6b:6d:6e:17:ca:60:b0:f0:7a:a3:b3:b8:
                    c8:f3:80:36:cc:7e:88:fb:e0:bb:ce:0d:b5:dc:52:
                    ab:fc:9e:3b:8d:a3:af:bf:3f:a5:be:c4:16:bc:5a:
                    3d:7d:ad:c5:4f:cb:8e:5c:82:c6:7d:4b:78:73:b8:
                    6a:60:dd:e2:87:8e:e0:e2:55:46:6e:24:1d:22:39:
                    a3:45:d0:45:44:71:51:a2:b5:65:fa:7b:9a:75:ba:
                    3f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:5A:09:0B:35:AC:1F:BB:69:2C:4C:61:DF:30:2F:E0:9F:D8:FE:D5
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/2VoJCzWsH7tpLExh3zAv4J_Y_tU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.52.0/22
                  88.216.129.0/24
                  88.216.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:f5:1d:1c:29:f0:37:c2:16:76:0b:7a:fb:92:f4:c5:7a:6f:
         2e:27:9c:ab:95:fa:91:a7:ad:55:38:8d:bc:91:be:65:ab:0b:
         0c:05:35:ff:1e:e5:46:df:ab:38:19:12:1e:7e:22:07:e7:82:
         0b:eb:9d:58:cc:fd:15:91:a7:e6:8c:75:2f:fe:47:69:18:67:
         ba:dd:f2:52:7b:78:49:cb:0e:0e:ab:ec:fc:7b:ed:94:8c:11:
         ab:a8:53:e5:4c:03:b0:6e:a1:92:c8:56:e1:46:43:d7:9a:a4:
         8c:82:27:51:8e:05:a0:82:fd:98:7d:b3:1e:aa:f5:49:a0:39:
         eb:9f:ed:15:c4:3f:8c:39:3a:c6:44:ff:bf:f3:5e:21:d1:c1:
         d2:66:b0:5b:3a:5b:02:cb:32:d6:96:a6:cf:fb:9f:56:69:f1:
         86:9c:33:b2:0b:4e:b6:9c:d7:f0:a7:52:90:66:65:67:04:d8:
         ef:2f:48:b2:10:a4:4b:67:7d:73:82:c9:e5:70:37:30:80:15:
         74:48:6e:55:bb:b2:4a:d3:09:9c:5f:5c:ab:b5:15:fd:f0:e5:
         04:df:c8:7f:32:47:0d:63:32:e7:57:2a:42:7f:a8:aa:66:9d:
         73:e7:f7:a4:bb:0e:de:d8:2b:44:3b:99:2c:03:1a:a6:74:cd:
         85:cd:3b:1b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZk5SMopIIU/roqfGBC6d3B/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwOTExMTQ1ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTVhMDkwYjM1YWMxZmJiNjkyYzRjNjFkZjMwMmZlMDlmZDhmZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MWujGz+c7oiK9VlXIc49dEmLY9k
D301vWgB0CecAaO6zj1QA8kwhzi+FnOmc/sGd/qLaRH+DMRopxIlISExXgnsfvLc
9g7oCL2jgjfhyIY59DW3F2kJvyIdLlkDV/IYDRiMQaP/CFnjDrcEdmW57x1xf2gT
MPR4CsS2TWeqSJdI4Rea89s3hladqyvTsUahEP07PzuUdCyAQv3RhSMQ1y3iTEDn
GeZrbW4XymCw8Hqjs7jI84A2zH6I++C7zg213FKr/J47jaOvvz+lvsQWvFo9fa3F
T8uOXILGfUt4c7hqYN3ih47g4lVGbiQdIjmjRdBFRHFRorVl+nuadbo/XQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNlaCQs1rB+7aSxMYd8wL+Cf2P7VMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvMlZvSkN6V3NIN3RwTEV4aDN6QXY0Sl9ZX3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCVCA0AwQA
WNiBAwQCWNj8MA0GCSqGSIb3DQEBCwUAA4IBAQCN9R0cKfA3whZ2C3r7kvTFem8u
J5yrlfqRp61VOI28kb5lqwsMBTX/HuVG36s4GRIefiIH54IL651YzP0VkafmjHUv
/kdpGGe63fJSe3hJyw4Oq+z8e+2UjBGrqFPlTAOwbqGSyFbhRkPXmqSMgidRjgWg
gv2YfbMeqvVJoDnrn+0VxD+MOTrGRP+/814h0cHSZrBbOlsCyzLWlqbP+59WafGG
nDOyC062nNfwp1KQZmVnBNjvL0iyEKRLZ31zgsnlcDcwgBV0SG5Vu7JK0wmcX1yr
tRX98OUE38h/MkcNYzLnVypCf6iqZp1z5/ekuw7e2CtEO5ksAxqmdM2FzTsb
-----END CERTIFICATE-----