Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/XF_A1OqLQOFxzFrlgxq2nFpjuLg.roa
File:                     XF_A1OqLQOFxzFrlgxq2nFpjuLg.roa (raw, json)
Hash identifier:          p4fh9UqOmCpLLYivaRckgPPXZZFgQdPt41RX5/KwuqY=
Subject key identifier:   5C:5F:C0:D4:EA:8B:40:E1:71:CC:5A:E5:83:1A:B6:9C:5A:63:B8:B8
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0197CA3ECD86FDD9F77AB4544A758EEE601A
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/XF_A1OqLQOFxzFrlgxq2nFpjuLg.roa
Signing time:             Wed 02 Jul 2025 08:26:42 +0000
ROA not before:           Wed 02 Jul 2025 08:26:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210705
IP address blocks:        89.251.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 02:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:3e:cd:86:fd:d9:f7:7a:b4:54:4a:75:8e:ee:60:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jul  2 08:26:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c5fc0d4ea8b40e171cc5ae5831ab69c5a63b8b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:53:e1:2d:bb:f6:57:81:ad:d4:b0:d9:6a:23:
                    b2:2b:52:b9:93:79:41:fa:1f:b9:7c:30:10:ea:be:
                    2d:82:4a:5a:02:12:58:ce:c1:17:61:72:df:ce:e1:
                    f7:f4:49:42:9d:96:06:0d:2b:2b:2e:4b:e3:1a:84:
                    c3:b0:6a:51:cf:df:3d:4a:bc:cd:92:b9:43:73:00:
                    d4:3d:64:b9:ee:3c:f5:73:66:f4:68:f2:36:8b:8e:
                    27:f0:4f:d0:4a:4e:2e:b3:45:f5:4e:2c:ce:4b:db:
                    1f:fc:ce:7d:2d:f3:6e:a1:0d:5d:96:ce:d6:37:57:
                    75:9f:41:19:a7:f4:2f:f0:e1:ff:48:80:4a:1d:79:
                    2e:09:0d:06:6b:b9:18:be:4f:cc:fb:7d:ae:1c:e4:
                    19:11:da:b0:04:1f:5c:65:32:b0:85:e8:59:c8:60:
                    d1:04:dd:a4:dc:af:78:4a:7b:be:c1:28:a9:1c:1b:
                    30:71:05:2b:ba:7c:2c:7d:f9:10:fb:e5:11:d7:64:
                    b5:0c:e2:31:04:ad:db:2a:38:55:bd:49:49:70:7a:
                    45:75:79:80:b8:f8:89:a5:52:14:e5:d2:0e:aa:80:
                    6d:fb:c5:c9:8b:ae:2e:b2:7a:bc:c0:af:91:82:06:
                    db:b2:22:ca:2e:e0:04:03:e5:3b:b5:18:49:fd:c3:
                    fb:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:5F:C0:D4:EA:8B:40:E1:71:CC:5A:E5:83:1A:B6:9C:5A:63:B8:B8
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/XF_A1OqLQOFxzFrlgxq2nFpjuLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:c2:e0:42:8a:01:50:ab:d9:01:61:f9:99:da:c1:5e:8e:ab:
         6e:03:80:b5:5e:b0:75:4e:e3:3f:9d:0a:17:b1:af:a4:02:46:
         70:4a:75:b9:46:15:04:e1:71:97:be:7f:36:59:c1:68:6b:9a:
         8a:fd:3b:6f:4a:e2:b9:df:8f:e4:72:fa:16:65:53:f6:38:9e:
         b5:70:2a:6f:3b:78:c8:94:32:95:03:e5:6f:7c:75:82:ef:52:
         4f:a9:d5:c2:14:d7:0c:1f:ae:e1:39:fa:cb:ad:ce:07:93:11:
         f6:5e:6a:4d:b2:ac:ea:67:3d:6e:37:24:d0:2b:53:60:a5:91:
         5e:7b:98:05:4d:53:db:dc:41:0b:55:1d:a9:bc:9e:a8:56:e8:
         b1:71:fd:4e:de:49:2c:f8:1f:fb:d7:32:37:db:4a:15:b3:1e:
         5f:8f:a3:51:52:5d:04:c2:9b:6c:93:5d:c0:fc:90:7a:b2:b9:
         d7:2e:93:7f:37:36:fd:39:d7:8c:56:c2:23:6f:ff:c3:25:01:
         23:28:50:4c:48:9c:3e:d0:b3:92:f4:20:3e:80:35:8a:a7:2c:
         20:79:63:2c:de:fb:9d:43:af:2d:c1:4c:e7:2c:43:99:8e:ab:
         29:c9:ea:9f:ae:95:c4:9b:3a:c7:67:6f:9a:8b:9d:6b:17:a7:
         3d:34:31:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfKPs2G/dn3erRUSnWO7mAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNzAyMDgyNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzVmYzBkNGVhOGI0MGUxNzFjYzVhZTU4MzFhYjY5YzVhNjNiOGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1PhLbv2V4Gt1LDZaiOyK1K5k3lB
+h+5fDAQ6r4tgkpaAhJYzsEXYXLfzuH39ElCnZYGDSsrLkvjGoTDsGpRz989SrzN
krlDcwDUPWS57jz1c2b0aPI2i44n8E/QSk4us0X1TizOS9sf/M59LfNuoQ1dls7W
N1d1n0EZp/Qv8OH/SIBKHXkuCQ0Ga7kYvk/M+32uHOQZEdqwBB9cZTKwhehZyGDR
BN2k3K94Snu+wSipHBswcQUrunwsffkQ++UR12S1DOIxBK3bKjhVvUlJcHpFdXmA
uPiJpVIU5dIOqoBt+8XJi64usnq8wK+RggbbsiLKLuAEA+U7tRhJ/cP7owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxfwNTqi0Dhccxa5YMatpxaY7i4MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWEZfQTFPcUxRT0Z4ekZybGd4cTJuRnBqdUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsKMA0G
CSqGSIb3DQEBCwUAA4IBAQDewuBCigFQq9kBYfmZ2sFejqtuA4C1XrB1TuM/nQoX
sa+kAkZwSnW5RhUE4XGXvn82WcFoa5qK/TtvSuK534/kcvoWZVP2OJ61cCpvO3jI
lDKVA+VvfHWC71JPqdXCFNcMH67hOfrLrc4HkxH2XmpNsqzqZz1uNyTQK1NgpZFe
e5gFTVPb3EELVR2pvJ6oVuixcf1O3kks+B/71zI320oVsx5fj6NRUl0Ewptsk13A
/JB6srnXLpN/Nzb9OdeMVsIjb//DJQEjKFBMSJw+0LOS9CA+gDWKpywgeWMs3vud
Q68twUznLEOZjqspyeqfrpXEmzrHZ2+ai51rF6c9NDEm
-----END CERTIFICATE-----