Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7Cal7JVaGMGF2YH2vEwO5lUMdtU.roa
File:                     7Cal7JVaGMGF2YH2vEwO5lUMdtU.roa (raw, json)
Hash identifier:          Zy7i2gNyzGt7vMk5cxc1v5uZvXlslkr2p2SjfFlDND8=
Subject key identifier:   EC:26:A5:EC:95:5A:18:C1:85:D9:81:F6:BC:4C:0E:E6:55:0C:76:D5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01991FD432628EE3A61C5861FD6D0FBBC6C1
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7Cal7JVaGMGF2YH2vEwO5lUMdtU.roa
Signing time:             Sat 06 Sep 2025 16:20:24 +0000
ROA not before:           Sat 06 Sep 2025 16:20:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273197
IP address blocks:        185.226.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 23:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1f:d4:32:62:8e:e3:a6:1c:58:61:fd:6d:0f:bb:c6:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Sep  6 16:20:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec26a5ec955a18c185d981f6bc4c0ee6550c76d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:14:bd:d0:ec:28:a6:82:81:1d:68:5c:93:89:
                    be:83:a1:f4:cf:10:d9:8f:04:4e:7c:db:d0:55:f2:
                    11:ea:ff:de:e9:89:28:36:3a:c9:80:31:60:6a:4a:
                    d9:37:c2:09:d5:0e:4c:da:85:ce:92:d3:ed:a0:07:
                    73:1a:91:25:a0:ae:8b:58:4c:fa:b4:38:f1:c5:80:
                    e8:49:f3:29:5a:c3:70:2e:de:73:c4:19:a5:a4:de:
                    d7:60:c8:30:52:9f:7b:c8:cb:b3:57:7d:76:f3:73:
                    fe:95:00:bd:92:73:c4:4b:45:bb:4e:78:1a:ed:3d:
                    b1:b8:7e:e9:04:bf:4f:ba:9c:ab:d1:0d:3f:4e:2d:
                    40:01:6e:0b:2b:2d:c5:b3:50:94:08:33:a6:89:c5:
                    d2:61:25:a4:7b:7f:63:2f:68:93:6d:70:91:06:85:
                    b9:c6:49:f5:6b:04:7c:f2:03:89:88:3e:4f:6c:f6:
                    7f:df:a6:74:36:90:39:ef:88:44:85:59:96:9f:78:
                    ad:dd:ba:0c:34:c9:79:31:0a:4d:30:b8:2d:5f:8d:
                    c3:64:b0:d2:2d:60:bd:71:1d:f7:29:eb:3b:e3:22:
                    36:dd:f8:da:eb:85:e3:b3:f2:06:f6:3e:60:d6:f9:
                    81:60:7e:cf:75:80:df:32:4a:42:25:ac:6f:3a:7c:
                    45:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:26:A5:EC:95:5A:18:C1:85:D9:81:F6:BC:4C:0E:E6:55:0C:76:D5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7Cal7JVaGMGF2YH2vEwO5lUMdtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:82:64:4a:13:4c:94:a4:49:30:b6:e4:9c:e0:81:2d:22:3f:
         30:d7:c2:5a:4c:b4:eb:1c:d5:91:26:e5:15:4e:81:79:4d:bd:
         17:c7:ab:39:78:fe:76:47:c4:0b:74:a9:fc:e8:f0:d1:bd:5e:
         14:93:d5:6a:13:a9:b9:04:d4:97:eb:5f:40:51:94:85:ad:24:
         d9:5f:6b:97:b9:5c:5b:17:b7:aa:82:85:72:e4:25:d2:50:04:
         2a:36:d1:6c:f8:70:81:7b:47:08:ae:7b:2f:20:ff:a2:1f:a5:
         35:e7:bb:f2:90:02:40:45:09:8e:70:22:d7:38:4e:34:4e:87:
         ac:30:70:93:31:1e:db:16:c7:ca:da:9a:0a:7f:79:85:ca:af:
         38:e0:f2:7d:1c:52:6d:bd:49:3e:22:75:11:28:7f:e2:43:b8:
         30:7a:bf:a7:fc:70:b3:27:9c:0e:d6:66:bd:75:be:ad:e5:79:
         ba:7c:de:9f:92:c6:cd:37:b3:df:31:9d:fb:a1:44:9e:04:2a:
         e9:08:f9:16:a5:72:8c:30:bc:26:fb:ba:fe:7d:7a:36:5d:a3:
         98:74:83:54:5f:35:08:52:71:87:e1:e9:51:b7:b0:17:09:26:
         d2:a5:a9:5a:9d:97:af:db:4f:5f:f0:d3:7b:10:c1:03:9f:d8:
         bb:4d:12:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkf1DJijuOmHFhh/W0Pu8bBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwOTA2MTYyMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzI2YTVlYzk1NWExOGMxODVkOTgxZjZiYzRjMGVlNjU1MGM3NmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhS90OwopoKBHWhck4m+g6H0zxDZ
jwROfNvQVfIR6v/e6YkoNjrJgDFgakrZN8IJ1Q5M2oXOktPtoAdzGpEloK6LWEz6
tDjxxYDoSfMpWsNwLt5zxBmlpN7XYMgwUp97yMuzV31283P+lQC9knPES0W7Tnga
7T2xuH7pBL9Pupyr0Q0/Ti1AAW4LKy3Fs1CUCDOmicXSYSWke39jL2iTbXCRBoW5
xkn1awR88gOJiD5PbPZ/36Z0NpA574hEhVmWn3it3boMNMl5MQpNMLgtX43DZLDS
LWC9cR33Kes74yI23fja64Xjs/IG9j5g1vmBYH7PdYDfMkpCJaxvOnxFXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwmpeyVWhjBhdmB9rxMDuZVDHbVMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvN0NhbDdKVmFHTUdGMllIMnZFd081bFVNZHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueLBMA0G
CSqGSIb3DQEBCwUAA4IBAQCIgmRKE0yUpEkwtuSc4IEtIj8w18JaTLTrHNWRJuUV
ToF5Tb0Xx6s5eP52R8QLdKn86PDRvV4Uk9VqE6m5BNSX619AUZSFrSTZX2uXuVxb
F7eqgoVy5CXSUAQqNtFs+HCBe0cIrnsvIP+iH6U157vykAJARQmOcCLXOE40Toes
MHCTMR7bFsfK2poKf3mFyq844PJ9HFJtvUk+InURKH/iQ7gwer+n/HCzJ5wO1ma9
db6t5Xm6fN6fksbNN7PfMZ37oUSeBCrpCPkWpXKMMLwm+7r+fXo2XaOYdINUXzUI
UnGH4elRt7AXCSbSpalanZev209f8NN7EMEDn9i7TRK6
-----END CERTIFICATE-----