Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/n8z2P2Omyk-Fk5ej9srj2X_GDFY.roa
File:                     n8z2P2Omyk-Fk5ej9srj2X_GDFY.roa (raw, json)
Hash identifier:          rGoNrW9HPpqy45mbCdtW82sJH1C6+5I0E8p7oRlnbGQ=
Subject key identifier:   9F:CC:F6:3F:63:A6:CA:4F:85:93:97:A3:F6:CA:E3:D9:7F:C6:0C:56
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       019A10D8024FD5C89641618CD676F378E179
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/n8z2P2Omyk-Fk5ej9srj2X_GDFY.roa
Signing time:             Thu 23 Oct 2025 11:33:03 +0000
ROA not before:           Thu 23 Oct 2025 11:33:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        194.26.195.0/24 maxlen: 24
                          217.114.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 17:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:d8:02:4f:d5:c8:96:41:61:8c:d6:76:f3:78:e1:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Oct 23 11:33:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fccf63f63a6ca4f859397a3f6cae3d97fc60c56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0f:be:7b:11:d7:05:66:ac:bb:4a:6f:0c:59:
                    c8:8a:b0:9a:e0:17:64:90:aa:1f:2f:4a:77:9b:a6:
                    33:3f:82:87:73:c2:b0:ae:3c:22:42:74:af:ff:98:
                    1e:c7:59:56:b0:db:84:3c:b7:32:92:65:fe:27:ab:
                    dd:90:c1:4f:d4:11:be:49:e8:24:89:f1:06:b4:b0:
                    d5:91:de:6c:5f:b8:77:25:3d:b4:70:5f:76:76:8f:
                    34:e1:e2:66:16:da:38:89:1c:fe:54:d9:c5:fb:95:
                    46:ea:8b:b9:64:1a:ab:d2:84:48:2f:91:f0:eb:cb:
                    01:b6:ce:94:c9:6f:b2:83:b0:83:af:c1:b0:a3:53:
                    38:15:df:c4:ac:b6:bd:ab:78:f1:97:e0:b6:03:69:
                    5e:9a:54:9a:0f:0a:65:64:6c:5e:31:9f:e8:c7:7e:
                    03:89:e1:4f:4e:c1:7e:c7:fa:a6:f7:5c:0f:28:74:
                    fb:05:b5:82:13:af:12:81:ad:06:34:88:eb:a2:08:
                    9a:33:62:6a:e4:ef:34:50:96:21:db:08:af:20:92:
                    a7:25:f8:7e:f8:8c:f6:c1:60:18:06:c6:f7:64:41:
                    0c:0f:c6:35:ba:bb:5d:90:84:ad:7b:1a:14:53:85:
                    b6:8f:3c:a8:88:c6:93:89:f2:fa:fa:9f:db:be:71:
                    ba:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:CC:F6:3F:63:A6:CA:4F:85:93:97:A3:F6:CA:E3:D9:7F:C6:0C:56
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/n8z2P2Omyk-Fk5ej9srj2X_GDFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.195.0/24
                  217.114.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:19:da:e8:fd:d1:09:b9:b1:ce:6f:8e:ff:87:ca:7c:d4:8d:
         9d:83:fc:ad:5f:aa:ea:10:4b:09:04:c6:f2:e1:2c:bc:6f:5d:
         a4:65:7d:b0:1a:2d:77:49:54:28:eb:74:8c:85:4c:ec:8e:33:
         2f:dd:a2:21:05:c0:fb:4c:8e:32:ae:eb:38:23:89:04:d4:30:
         f7:98:85:8d:1c:35:31:66:67:60:f8:a3:f5:58:84:8b:8a:bb:
         dc:3a:f3:70:d0:e2:69:f5:f1:c3:7d:04:36:d3:56:d7:71:d9:
         4d:9a:1f:1b:3b:16:85:cb:99:10:bf:6e:ae:7c:4d:8c:ed:7f:
         ff:24:10:72:46:5d:64:45:79:e5:f8:b9:ae:8a:39:7a:fb:5b:
         02:25:fd:ab:31:2a:a8:e8:23:79:23:eb:aa:24:6e:84:01:a9:
         93:ed:8b:cd:c8:9e:24:5e:e2:c4:c6:55:58:8f:cb:7d:0e:c0:
         a0:7c:24:85:6d:d3:c4:ba:e1:30:b7:7e:36:4e:49:a5:1c:a4:
         e5:d1:40:6f:70:56:28:70:85:1c:19:03:7d:a0:1f:35:11:4a:
         3b:3b:0c:81:60:b6:65:3c:50:83:00:2f:06:f8:1e:a0:81:7b:
         83:c3:24:95:5a:e9:bc:02:65:7b:6c:68:0a:75:f5:5d:a8:d1:
         6f:04:40:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoQ2AJP1ciWQWGM1nbzeOF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjUxMDIzMTEzMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmNjZjYzZjYzYTZjYTRmODU5Mzk3YTNmNmNhZTNkOTdmYzYwYzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQ++exHXBWasu0pvDFnIirCa4Bdk
kKofL0p3m6YzP4KHc8KwrjwiQnSv/5gex1lWsNuEPLcykmX+J6vdkMFP1BG+Segk
ifEGtLDVkd5sX7h3JT20cF92do804eJmFto4iRz+VNnF+5VG6ou5ZBqr0oRIL5Hw
68sBts6UyW+yg7CDr8Gwo1M4Fd/ErLa9q3jxl+C2A2lemlSaDwplZGxeMZ/ox34D
ieFPTsF+x/qm91wPKHT7BbWCE68Sga0GNIjrogiaM2Jq5O80UJYh2wivIJKnJfh+
+Iz2wWAYBsb3ZEEMD8Y1urtdkIStexoUU4W2jzyoiMaTifL6+p/bvnG6VQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ/M9j9jpspPhZOXo/bK49l/xgxWMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvbjh6MlAyT215ay1GazVlajlzcmoyWF9HREZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwhrDAwQA
2XIoMA0GCSqGSIb3DQEBCwUAA4IBAQBnGdro/dEJubHOb47/h8p81I2dg/ytX6rq
EEsJBMby4Sy8b12kZX2wGi13SVQo63SMhUzsjjMv3aIhBcD7TI4yrus4I4kE1DD3
mIWNHDUxZmdg+KP1WISLirvcOvNw0OJp9fHDfQQ201bXcdlNmh8bOxaFy5kQv26u
fE2M7X//JBByRl1kRXnl+Lmuijl6+1sCJf2rMSqo6CN5I+uqJG6EAamT7YvNyJ4k
XuLExlVYj8t9DsCgfCSFbdPEuuEwt342TkmlHKTl0UBvcFYocIUcGQN9oB81EUo7
OwyBYLZlPFCDAC8G+B6ggXuDwySVWum8AmV7bGgKdfVdqNFvBEAz
-----END CERTIFICATE-----