Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/Ty1NtQJC-SrxY6eJfhox2-em8K4.roa
File:                     Ty1NtQJC-SrxY6eJfhox2-em8K4.roa (raw, json)
Hash identifier:          j0JyxyVGj0pdP8vRFBLbCp/BX87IN/jSCJpd5JPPu+c=
Subject key identifier:   4F:2D:4D:B5:02:42:F9:2A:F1:63:A7:89:7E:1A:31:DB:E7:A6:F0:AE
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019A0BDD9939CA8F3205183716561C22FA66
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/Ty1NtQJC-SrxY6eJfhox2-em8K4.roa
Signing time:             Wed 22 Oct 2025 12:21:03 +0000
ROA not before:           Wed 22 Oct 2025 12:21:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207764
IP address blocks:        81.15.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:dd:99:39:ca:8f:32:05:18:37:16:56:1c:22:fa:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Oct 22 12:21:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f2d4db50242f92af163a7897e1a31dbe7a6f0ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0c:c3:b8:de:46:ec:ad:8d:aa:e7:38:c5:ea:
                    68:4a:a1:2f:63:ca:62:4a:3e:b8:28:95:3a:5d:d4:
                    f9:76:5a:4b:b0:74:34:ac:3f:03:9b:69:6f:a1:86:
                    34:e7:9a:48:b1:2e:f7:57:55:fa:1f:0b:88:79:fe:
                    62:fc:06:90:86:03:42:2d:8c:d7:4f:69:c7:77:7b:
                    f9:d9:ba:2a:27:a7:3c:9a:d3:bc:eb:95:a5:23:2a:
                    7d:46:38:97:68:5c:ae:7c:e2:33:a9:95:f7:5f:e5:
                    5d:09:d3:d0:5f:81:bf:28:c7:d1:5c:90:98:24:71:
                    fd:d9:57:64:a6:bd:a2:ea:fe:d5:79:a1:b3:7f:36:
                    1e:2d:ef:a4:08:5e:19:f9:56:d9:2d:4f:3a:1e:f7:
                    4b:37:ce:36:51:41:60:93:14:8b:14:8c:0f:0e:38:
                    1a:9a:e3:dc:c3:6b:b4:15:05:39:0e:31:48:f0:5c:
                    0f:e3:aa:da:cc:13:91:bc:be:2d:3e:0d:c7:56:ac:
                    41:c7:65:e3:e7:2c:e8:27:f6:f3:75:30:7e:29:7a:
                    97:82:a2:70:ce:1b:40:7f:8f:e1:43:0b:89:ef:08:
                    c2:64:a3:74:61:c4:d0:cd:57:16:4c:5d:9b:90:d6:
                    ee:98:5b:85:5c:d9:2b:43:08:9c:36:36:41:f2:0d:
                    63:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:2D:4D:B5:02:42:F9:2A:F1:63:A7:89:7E:1A:31:DB:E7:A6:F0:AE
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/Ty1NtQJC-SrxY6eJfhox2-em8K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:65:0d:b7:ea:63:b8:1a:29:bb:17:a8:83:b3:df:f6:ab:2c:
         95:fc:e4:3e:0e:9b:51:8a:39:72:44:6f:bc:12:10:29:e2:40:
         9c:c5:96:e4:3d:bc:a6:d9:9a:6a:29:7b:06:0b:93:de:d9:5c:
         64:73:cd:21:22:4d:9c:bf:fc:ab:24:64:11:a5:94:b1:24:87:
         e6:9d:f5:10:e2:6e:d7:9c:d1:6f:a6:d0:6d:3e:26:35:bd:7b:
         d8:1f:de:d9:ac:82:49:5d:8d:b5:ec:48:06:a0:03:e0:26:2e:
         a1:ad:e9:37:b9:42:fb:3d:f7:9a:61:e4:60:41:d0:70:9f:1b:
         7f:3f:cb:0c:67:87:36:79:fa:b2:a9:dd:34:63:43:64:be:62:
         7f:97:99:b7:6c:87:39:bb:0e:63:36:5e:d2:a2:c2:57:bf:de:
         65:ee:5f:42:24:ef:78:13:ac:88:5e:e7:fa:51:02:b5:9d:23:
         c3:8d:ec:10:5b:f2:f9:77:01:d5:04:ba:59:cd:f1:ca:e6:0e:
         8d:92:cf:63:c2:2e:07:41:70:b4:e5:1a:7b:fc:07:48:2c:5b:
         81:ec:d7:28:02:4c:85:25:47:e2:e3:8b:ed:06:44:b6:0d:24:
         3c:8d:8f:8a:a8:2e:93:a6:54:69:94:1e:04:83:4a:24:72:cb:
         33:4f:f6:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoL3Zk5yo8yBRg3FlYcIvpmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUxMDIyMTIyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjJkNGRiNTAyNDJmOTJhZjE2M2E3ODk3ZTFhMzFkYmU3YTZmMGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgzDuN5G7K2Nquc4xepoSqEvY8pi
Sj64KJU6XdT5dlpLsHQ0rD8Dm2lvoYY055pIsS73V1X6HwuIef5i/AaQhgNCLYzX
T2nHd3v52boqJ6c8mtO865WlIyp9RjiXaFyufOIzqZX3X+VdCdPQX4G/KMfRXJCY
JHH92Vdkpr2i6v7VeaGzfzYeLe+kCF4Z+VbZLU86HvdLN842UUFgkxSLFIwPDjga
muPcw2u0FQU5DjFI8FwP46razBORvL4tPg3HVqxBx2Xj5yzoJ/bzdTB+KXqXgqJw
zhtAf4/hQwuJ7wjCZKN0YcTQzVcWTF2bkNbumFuFXNkrQwicNjZB8g1j0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8tTbUCQvkq8WOniX4aMdvnpvCuMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvVHkxTnRRSkMtU3J4WTZlSmZob3gyLWVtOEs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQ/aMA0G
CSqGSIb3DQEBCwUAA4IBAQBsZQ236mO4Gim7F6iDs9/2qyyV/OQ+DptRijlyRG+8
EhAp4kCcxZbkPbym2ZpqKXsGC5Pe2Vxkc80hIk2cv/yrJGQRpZSxJIfmnfUQ4m7X
nNFvptBtPiY1vXvYH97ZrIJJXY217EgGoAPgJi6hrek3uUL7PfeaYeRgQdBwnxt/
P8sMZ4c2efqyqd00Y0NkvmJ/l5m3bIc5uw5jNl7SosJXv95l7l9CJO94E6yIXuf6
UQK1nSPDjewQW/L5dwHVBLpZzfHK5g6Nks9jwi4HQXC05Rp7/AdILFuB7NcoAkyF
JUfi44vtBkS2DSQ8jY+KqC6TplRplB4Eg0okcsszT/YB
-----END CERTIFICATE-----