Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EK4M7i3dhLiC3bocad5TPQB0z6M.roa
File:                     EK4M7i3dhLiC3bocad5TPQB0z6M.roa (raw, json)
Hash identifier:          z39XmsucuiWnOtfG/PMc4Z3tJ/1vjqBLb5bJYMqvTCM=
Subject key identifier:   10:AE:0C:EE:2D:DD:84:B8:82:DD:BA:1C:69:DE:53:3D:00:74:CF:A3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019A5878B9E8081881A371517DDF733B1ECA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EK4M7i3dhLiC3bocad5TPQB0z6M.roa
Signing time:             Thu 06 Nov 2025 09:21:38 +0000
ROA not before:           Thu 06 Nov 2025 09:21:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33842
IP address blocks:        109.61.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:58:78:b9:e8:08:18:81:a3:71:51:7d:df:73:3b:1e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov  6 09:21:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10ae0cee2ddd84b882ddba1c69de533d0074cfa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4c:3f:2f:d1:16:90:39:98:35:23:85:78:fe:
                    e4:00:8a:1d:91:17:4e:4b:c6:23:24:72:b9:a3:12:
                    2b:23:ac:59:35:10:a4:f9:08:36:7c:18:b7:8c:3c:
                    f0:a0:b8:e6:79:b5:01:9f:4a:c7:ee:a9:96:15:a5:
                    1c:bd:51:b6:db:a1:46:16:92:08:ee:47:fb:fd:0b:
                    f1:fa:f2:53:15:5d:e9:13:83:8a:96:23:e1:a9:d2:
                    08:f8:e6:b2:3f:1b:4f:30:2d:20:a1:1b:5b:b3:ce:
                    bb:ba:d0:45:66:76:33:1f:2a:3a:f8:0e:07:c1:fb:
                    62:3a:9b:7a:d3:d5:e3:69:32:db:fd:72:56:41:8b:
                    ac:10:a1:9a:5e:f3:86:71:69:d9:58:ec:6e:49:32:
                    14:d3:0c:35:d5:a7:d5:d2:40:42:59:e1:03:f1:aa:
                    88:11:1b:73:6d:5f:85:95:3c:aa:29:69:5c:02:a4:
                    bf:85:4d:f2:cd:36:68:5e:00:ca:48:ee:45:3f:88:
                    80:9d:8f:6f:ac:16:cc:68:3f:16:04:e7:8a:48:c2:
                    88:44:42:e8:a9:c1:5d:47:2f:4e:ff:c2:de:c4:3b:
                    59:94:67:8b:76:e2:1b:57:2c:13:73:a8:b1:12:a5:
                    7e:f9:3a:a7:62:a1:96:ea:e8:41:fc:1b:09:5b:c0:
                    af:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:AE:0C:EE:2D:DD:84:B8:82:DD:BA:1C:69:DE:53:3D:00:74:CF:A3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EK4M7i3dhLiC3bocad5TPQB0z6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.61.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a4:38:b3:ae:ef:51:e0:eb:ce:9f:e5:6f:27:11:a1:fb:bc:
         95:84:fa:8f:3a:52:8e:48:28:08:78:8b:68:de:b0:6c:61:0d:
         8f:9b:69:f0:23:38:dc:50:8e:d1:d5:03:70:02:b7:cc:c0:51:
         b5:80:11:8c:79:17:3c:76:95:57:da:b8:66:38:5d:8b:47:61:
         9b:e5:00:a5:ef:8f:f8:1c:23:6e:f9:87:2a:7a:eb:2e:64:71:
         d2:a4:db:fa:b6:a2:17:62:0d:ff:bd:19:ca:a0:45:09:94:3d:
         a4:ed:d7:96:1d:63:cb:3f:f6:b5:1e:bd:c8:08:ef:b8:b6:4e:
         d4:51:49:fe:0b:3c:c2:69:c4:e6:96:d6:36:a6:bb:9e:ac:b7:
         e4:ce:12:42:71:7b:d0:a9:60:b9:fd:d1:e3:71:1b:53:ed:92:
         f3:f1:52:2c:dd:b6:44:29:0d:9a:d5:84:2b:aa:70:56:85:e9:
         23:10:a8:8a:98:7a:df:14:72:59:f7:b4:41:f8:f6:93:94:4f:
         a7:f1:c8:32:8d:40:d4:43:a2:ee:89:21:64:94:9f:c5:b5:ab:
         cc:b8:de:47:a6:c4:1d:d6:b2:18:75:f4:3f:59:84:2b:e8:e8:
         ff:2e:26:b3:9e:3a:66:ea:3b:bd:64:4d:f6:3e:79:53:3f:0b:
         6a:27:e4:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpYeLnoCBiBo3FRfd9zOx7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMTA2MDkyMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGFlMGNlZTJkZGQ4NGI4ODJkZGJhMWM2OWRlNTMzZDAwNzRjZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Uw/L9EWkDmYNSOFeP7kAIodkRdO
S8YjJHK5oxIrI6xZNRCk+Qg2fBi3jDzwoLjmebUBn0rH7qmWFaUcvVG226FGFpII
7kf7/Qvx+vJTFV3pE4OKliPhqdII+OayPxtPMC0goRtbs867utBFZnYzHyo6+A4H
wftiOpt609XjaTLb/XJWQYusEKGaXvOGcWnZWOxuSTIU0ww11afV0kBCWeED8aqI
ERtzbV+FlTyqKWlcAqS/hU3yzTZoXgDKSO5FP4iAnY9vrBbMaD8WBOeKSMKIRELo
qcFdRy9O/8LexDtZlGeLduIbVywTc6ixEqV++TqnYqGW6uhB/BsJW8CvDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCuDO4t3YS4gt26HGneUz0AdM+jMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRUs0TTdpM2RoTGlDM2JvY2FkNVRQUUIwejZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbT1sMA0G
CSqGSIb3DQEBCwUAA4IBAQCcpDizru9R4OvOn+VvJxGh+7yVhPqPOlKOSCgIeIto
3rBsYQ2Pm2nwIzjcUI7R1QNwArfMwFG1gBGMeRc8dpVX2rhmOF2LR2Gb5QCl74/4
HCNu+YcqeusuZHHSpNv6tqIXYg3/vRnKoEUJlD2k7deWHWPLP/a1Hr3ICO+4tk7U
UUn+CzzCacTmltY2pruerLfkzhJCcXvQqWC5/dHjcRtT7ZLz8VIs3bZEKQ2a1YQr
qnBWhekjEKiKmHrfFHJZ97RB+PaTlE+n8cgyjUDUQ6LuiSFklJ/FtavMuN5HpsQd
1rIYdfQ/WYQr6Oj/Liaznjpm6ju9ZE32PnlTPwtqJ+QC
-----END CERTIFICATE-----