Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/EIIOUWRAqQ6t12GX9Fst3NQG0wo.roa
File:                     EIIOUWRAqQ6t12GX9Fst3NQG0wo.roa (raw, json)
Hash identifier:          xrA3LlgjK2Q/3KtBc6gxIkqYiO1nh94sOZQptzhrvgQ=
Subject key identifier:   10:82:0E:51:64:40:A9:0E:AD:D7:61:97:F4:5B:2D:DC:D4:06:D3:0A
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019A15FE5E58C5D5BB3DBD0AEDB28295A494
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/EIIOUWRAqQ6t12GX9Fst3NQG0wo.roa
Signing time:             Fri 24 Oct 2025 11:33:03 +0000
ROA not before:           Fri 24 Oct 2025 11:33:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211615
IP address blocks:        79.172.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 01:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:15:fe:5e:58:c5:d5:bb:3d:bd:0a:ed:b2:82:95:a4:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Oct 24 11:33:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10820e516440a90eadd76197f45b2ddcd406d30a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c7:a7:f4:67:3f:93:3a:96:3d:c3:f2:ca:c5:
                    a3:01:d6:d2:97:05:49:bd:a7:14:e0:0e:49:72:cf:
                    24:87:3a:2c:c7:ef:1c:25:d6:50:e1:50:41:20:06:
                    e2:65:23:94:02:2f:5e:72:23:bd:e9:35:81:29:c9:
                    34:09:a2:f2:29:54:a5:0e:dd:8f:c4:9f:e9:fc:91:
                    6e:bf:8e:8d:b1:34:d8:e9:b9:22:f0:f5:ef:c9:41:
                    66:d4:ca:e9:13:02:b2:18:e5:65:e4:d4:be:fa:d8:
                    3b:da:f7:d6:63:0f:e1:64:23:33:26:71:d5:57:c3:
                    d7:1a:f4:5d:e0:dc:0e:02:ee:65:8c:9b:fc:0b:c3:
                    41:7d:77:28:5c:34:58:f5:a2:a1:8e:e0:d2:6e:2b:
                    20:9b:76:d0:d6:32:1f:0a:53:cc:01:29:23:a3:76:
                    65:9b:4d:f4:90:86:29:8a:fe:51:68:02:af:ec:0b:
                    ea:94:a3:ae:69:16:6a:0d:72:90:83:28:f9:1e:96:
                    6d:69:0c:46:5a:08:81:80:40:1a:c8:d1:e9:58:08:
                    dc:f9:5c:eb:c4:56:19:6e:d2:6a:f5:7c:cf:5a:02:
                    6c:fa:59:14:ce:91:96:92:01:c6:f6:dc:f3:68:04:
                    76:7a:6e:9b:39:a4:ad:4d:5b:30:9f:af:34:12:27:
                    c2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:82:0E:51:64:40:A9:0E:AD:D7:61:97:F4:5B:2D:DC:D4:06:D3:0A
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/EIIOUWRAqQ6t12GX9Fst3NQG0wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:5e:c0:35:2e:5f:3b:f1:6d:28:3e:e3:fa:05:b5:3b:a2:6d:
         ff:a1:4b:6a:1e:1c:ce:e0:87:78:53:38:3a:de:68:58:58:a2:
         a5:79:bf:90:89:c9:77:17:95:c2:4c:f5:7d:c9:31:cf:76:61:
         2b:fc:e5:ab:92:c5:5b:83:42:63:51:db:25:6e:84:82:f7:7d:
         36:9f:7f:16:86:fd:34:28:7f:cd:0c:db:e0:27:2d:06:27:83:
         01:79:28:5c:32:46:52:cc:cd:9a:79:e9:64:cc:03:d9:a4:d1:
         b1:76:90:8d:65:96:46:4c:2e:02:dc:3f:48:9c:e5:1f:24:b8:
         f8:13:cd:81:76:cb:65:fc:1d:0d:cb:82:8a:88:0b:61:70:05:
         c0:8b:4e:5b:92:ea:ff:01:ee:38:b9:52:d3:50:a2:19:26:65:
         a7:d7:1f:9a:98:0b:a3:b6:5f:b8:ea:4b:ce:a6:cc:d2:13:a2:
         46:d6:77:aa:6e:9d:fc:c0:92:67:45:dd:06:d4:bf:af:4f:03:
         0b:d3:61:43:de:6d:16:77:93:fb:ae:60:16:b4:57:ed:9e:f8:
         79:0d:07:be:9c:ad:60:bc:3d:1b:74:05:79:2d:b9:58:90:5c:
         42:24:4b:a7:40:51:32:ac:07:7f:fb:f5:5f:7c:52:28:77:c5:
         3b:97:16:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoV/l5YxdW7Pb0K7bKClaSUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUxMDI0MTEzMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDgyMGU1MTY0NDBhOTBlYWRkNzYxOTdmNDViMmRkY2Q0MDZkMzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcen9Gc/kzqWPcPyysWjAdbSlwVJ
vacU4A5Jcs8khzosx+8cJdZQ4VBBIAbiZSOUAi9eciO96TWBKck0CaLyKVSlDt2P
xJ/p/JFuv46NsTTY6bki8PXvyUFm1MrpEwKyGOVl5NS++tg72vfWYw/hZCMzJnHV
V8PXGvRd4NwOAu5ljJv8C8NBfXcoXDRY9aKhjuDSbisgm3bQ1jIfClPMASkjo3Zl
m030kIYpiv5RaAKv7AvqlKOuaRZqDXKQgyj5HpZtaQxGWgiBgEAayNHpWAjc+Vzr
xFYZbtJq9XzPWgJs+lkUzpGWkgHG9tzzaAR2em6bOaStTVswn680EifCiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCCDlFkQKkOrddhl/RbLdzUBtMKMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvRUlJT1VXUkFxUTZ0MTJHWDlGc3QzTlFHMHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zIMA0G
CSqGSIb3DQEBCwUAA4IBAQAvXsA1Ll878W0oPuP6BbU7om3/oUtqHhzO4Id4Uzg6
3mhYWKKleb+Qicl3F5XCTPV9yTHPdmEr/OWrksVbg0JjUdslboSC9302n38Whv00
KH/NDNvgJy0GJ4MBeShcMkZSzM2aeelkzAPZpNGxdpCNZZZGTC4C3D9InOUfJLj4
E82Bdstl/B0Ny4KKiAthcAXAi05bkur/Ae44uVLTUKIZJmWn1x+amAujtl+46kvO
pszSE6JG1neqbp38wJJnRd0G1L+vTwML02FD3m0Wd5P7rmAWtFftnvh5DQe+nK1g
vD0bdAV5LblYkFxCJEunQFEyrAd/+/VffFIod8U7lxZm
-----END CERTIFICATE-----