Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/Ug5OZUw2t52YYq4lNyDJFv5PGBw.roa
File:                     Ug5OZUw2t52YYq4lNyDJFv5PGBw.roa (raw, json)
Hash identifier:          BN0crTwkRjQqvCuIkxT3iocirXaIB8RG4Z6mXTQrDxk=
Subject key identifier:   52:0E:4E:65:4C:36:B7:9D:98:62:AE:25:37:20:C9:16:FE:4F:18:1C
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       019A14F1364B794A25E47FE20B0265ADE984
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/Ug5OZUw2t52YYq4lNyDJFv5PGBw.roa
Signing time:             Fri 24 Oct 2025 06:39:03 +0000
ROA not before:           Fri 24 Oct 2025 06:39:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57834
IP address blocks:        176.235.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 18:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:14:f1:36:4b:79:4a:25:e4:7f:e2:0b:02:65:ad:e9:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Oct 24 06:39:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=520e4e654c36b79d9862ae253720c916fe4f181c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d7:28:45:4b:31:e8:e6:5e:ac:5f:e3:01:be:
                    93:01:33:42:03:a7:f1:04:ec:76:dc:ed:63:fa:d4:
                    c0:a2:f0:8e:5e:32:43:83:64:b7:98:d4:ab:83:ae:
                    f2:1f:d3:24:e4:af:9c:8b:f5:dd:f9:b9:4e:e8:69:
                    c6:5a:a0:a9:73:39:12:de:e9:bb:78:81:cf:2e:6a:
                    20:50:19:8a:b8:f3:96:97:c5:a5:0a:69:6e:78:36:
                    5b:9b:b7:78:0e:5d:2c:f1:4a:34:0a:13:33:12:d9:
                    9f:b7:bc:4e:c7:82:fd:36:43:9a:3c:b5:99:38:e7:
                    92:0c:63:c6:69:67:8c:2d:93:da:ff:45:45:63:d0:
                    1b:81:85:97:dc:34:27:ac:7b:d6:7b:da:93:71:b1:
                    71:2a:6b:e9:5c:1e:ec:86:68:4b:19:f4:23:6d:84:
                    d4:32:aa:26:24:bc:fa:ad:8c:fa:52:d7:62:3c:76:
                    7e:65:89:5d:41:35:31:e1:6d:3f:46:82:ba:0f:6b:
                    04:dc:fe:ea:1e:f5:76:3e:c2:b2:89:8e:79:d4:40:
                    e1:b2:36:32:de:da:85:e2:13:bc:c0:1e:ce:f6:b1:
                    06:43:67:82:54:88:1e:90:ff:0b:12:5d:22:a5:8a:
                    ea:fe:35:9d:83:f5:3c:83:9e:11:54:6d:ca:1b:66:
                    50:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:0E:4E:65:4C:36:B7:9D:98:62:AE:25:37:20:C9:16:FE:4F:18:1C
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/Ug5OZUw2t52YYq4lNyDJFv5PGBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.235.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:a5:e3:00:c5:5e:58:a7:47:a2:2e:20:43:80:d1:16:01:76:
         c2:87:3e:85:41:09:f2:1c:38:40:45:a0:77:ee:72:b0:b8:be:
         01:f6:21:a2:99:51:3c:d8:c3:17:31:af:17:6f:ce:f7:3a:61:
         96:22:fd:74:db:ca:fa:53:b5:77:97:19:44:20:37:70:bc:30:
         74:0a:cd:3e:42:1c:6a:ee:27:85:c6:e4:70:73:ad:45:a9:eb:
         c9:a8:66:c3:4d:30:b1:36:31:1a:77:6a:91:d4:21:0a:5e:b8:
         8c:07:7e:c7:59:ef:38:f4:e2:c3:c4:d9:c9:98:d2:7f:26:48:
         2b:6e:45:f6:cc:da:a6:bc:4b:43:bb:c8:7a:73:15:43:f0:a0:
         32:59:ad:60:8b:38:42:b8:4e:7b:5b:0a:4b:b8:97:d8:36:39:
         22:62:2e:dc:29:7b:0b:45:30:3e:7d:ce:a0:d5:9a:81:8e:3a:
         54:19:ff:c6:58:d0:d9:f0:6f:43:73:f5:50:fb:da:be:83:10:
         40:4e:9f:b5:48:3b:5e:46:a4:93:b8:13:01:2d:94:1d:3c:a7:
         53:68:cb:58:da:6b:84:d6:2a:77:34:cf:c2:0b:02:f5:d8:14:
         c8:9d:56:4b:5d:ac:37:8c:71:5c:eb:60:27:fb:59:3a:2b:7a:
         be:27:5e:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoU8TZLeUol5H/iCwJlremEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUxMDI0MDYzOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjBlNGU2NTRjMzZiNzlkOTg2MmFlMjUzNzIwYzkxNmZlNGYxODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdcoRUsx6OZerF/jAb6TATNCA6fx
BOx23O1j+tTAovCOXjJDg2S3mNSrg67yH9Mk5K+ci/Xd+blO6GnGWqCpczkS3um7
eIHPLmogUBmKuPOWl8WlCmlueDZbm7d4Dl0s8Uo0ChMzEtmft7xOx4L9NkOaPLWZ
OOeSDGPGaWeMLZPa/0VFY9AbgYWX3DQnrHvWe9qTcbFxKmvpXB7shmhLGfQjbYTU
MqomJLz6rYz6UtdiPHZ+ZYldQTUx4W0/RoK6D2sE3P7qHvV2PsKyiY551EDhsjYy
3tqF4hO8wB7O9rEGQ2eCVIgekP8LEl0ipYrq/jWdg/U8g54RVG3KG2ZQVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIOTmVMNredmGKuJTcgyRb+TxgcMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvVWc1T1pVdzJ0NTJZWXE0bE55REpGdjVQR0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsOt6MA0G
CSqGSIb3DQEBCwUAA4IBAQBFpeMAxV5Yp0eiLiBDgNEWAXbChz6FQQnyHDhARaB3
7nKwuL4B9iGimVE82MMXMa8Xb873OmGWIv1028r6U7V3lxlEIDdwvDB0Cs0+Qhxq
7ieFxuRwc61FqevJqGbDTTCxNjEad2qR1CEKXriMB37HWe849OLDxNnJmNJ/Jkgr
bkX2zNqmvEtDu8h6cxVD8KAyWa1gizhCuE57WwpLuJfYNjkiYi7cKXsLRTA+fc6g
1ZqBjjpUGf/GWNDZ8G9Dc/VQ+9q+gxBATp+1SDteRqSTuBMBLZQdPKdTaMtY2muE
1ip3NM/CCwL12BTInVZLXaw3jHFc62An+1k6K3q+J15p
-----END CERTIFICATE-----