Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/zWLkf9J7tc5E8tsLSE-YhUD6XZY.roa
File:                     zWLkf9J7tc5E8tsLSE-YhUD6XZY.roa (raw, json)
Hash identifier:          +Totm03QQJ2SJRLIDXG7rNkdSX+/Y9DffvcFrN9L3w4=
Subject key identifier:   CD:62:E4:7F:D2:7B:B5:CE:44:F2:DB:0B:48:4F:98:85:40:FA:5D:96
Certificate issuer:       /CN=f0a9005423147453909366c6b4d09c31958acc1c
Certificate serial:       0199151334F26908C477CC7032FCBE701DB4
Authority key identifier: F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/zWLkf9J7tc5E8tsLSE-YhUD6XZY.roa
Signing time:             Thu 04 Sep 2025 14:13:24 +0000
ROA not before:           Thu 04 Sep 2025 14:13:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        89.58.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 02:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:13:34:f2:69:08:c4:77:cc:70:32:fc:be:70:1d:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0a9005423147453909366c6b4d09c31958acc1c
        Validity
            Not Before: Sep  4 14:13:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd62e47fd27bb5ce44f2db0b484f988540fa5d96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f7:7f:43:64:82:f0:49:2f:b5:07:7b:9a:f2:
                    5e:e0:f9:92:df:9e:ff:40:5a:b6:f1:85:b6:34:a5:
                    ef:b8:fd:f2:2a:fb:e1:64:c4:fa:20:e5:3d:2d:c3:
                    22:d7:d6:84:c7:c9:5d:27:d1:4a:f1:21:2e:e1:3f:
                    f4:a9:2b:48:53:c0:65:72:c4:34:07:0b:fc:ea:61:
                    49:38:90:6c:e0:c2:d9:d4:70:12:63:21:bd:9b:a8:
                    a5:18:65:72:9e:0d:33:3d:34:ea:88:ed:91:a8:11:
                    91:78:37:09:c6:e9:01:9a:20:1d:fc:cf:eb:ef:7c:
                    93:e9:53:4b:99:c2:2f:13:5c:0c:2a:65:6d:c6:51:
                    4a:54:2d:ef:fb:66:1f:a9:45:78:ab:75:0c:5d:d0:
                    6d:38:9f:0e:af:57:32:e3:b6:79:18:a8:e6:ea:20:
                    d5:a7:34:a3:d9:95:9c:64:e1:80:22:c0:5d:19:a2:
                    3b:31:10:27:84:9c:2f:a6:b6:36:10:73:fa:cb:15:
                    37:c3:8d:28:39:f9:41:63:39:37:0b:aa:1c:43:5d:
                    75:14:c1:e9:44:88:01:0f:9a:b0:58:72:5b:f5:67:
                    ed:79:5d:55:8c:fb:40:fa:78:4d:48:1e:09:4c:5b:
                    68:ff:5a:86:c7:f6:5c:97:51:2b:f8:24:da:67:b7:
                    18:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:62:E4:7F:D2:7B:B5:CE:44:F2:DB:0B:48:4F:98:85:40:FA:5D:96
            X509v3 Authority Key Identifier:
                keyid:F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/zWLkf9J7tc5E8tsLSE-YhUD6XZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.58.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:83:24:81:b5:2f:8b:21:54:2e:e3:e8:4d:c1:44:f8:8c:0e:
         db:42:19:1f:97:bb:04:e7:fb:0a:20:37:21:5f:e4:23:2a:1b:
         80:3c:16:68:20:1d:11:e6:76:e6:d6:56:27:3a:c4:f0:14:c7:
         07:cd:55:1b:81:91:8b:34:d9:a5:9d:c9:57:5c:20:bb:ad:94:
         6c:b5:d1:a1:2a:f2:12:f2:7c:82:dd:74:94:aa:c1:cc:4e:3f:
         08:4d:c2:6e:8e:5c:c7:4a:76:0a:b4:e8:9b:7d:38:33:3c:e6:
         a3:bd:2a:2c:26:23:d6:73:94:49:27:1d:cc:c3:01:70:9d:c2:
         cd:16:76:37:d4:9f:db:f4:81:df:f0:f1:7a:56:73:65:b8:9d:
         b5:0a:43:13:f5:68:f8:96:78:e4:d6:68:cf:12:94:fc:02:1d:
         89:b4:db:26:d7:5c:83:36:54:dc:1a:15:a9:4b:34:c4:4d:67:
         b7:44:e6:21:79:18:39:d7:1f:fa:f0:b6:49:c4:17:5b:5e:40:
         eb:ba:25:c8:eb:b3:fc:a6:74:19:ad:7e:a9:5e:24:bf:cf:08:
         50:d6:7c:06:01:6f:ff:6f:3c:ad:98:8c:10:ff:d2:e2:6b:25:
         c8:f9:b0:e6:d5:bd:74:06:ea:e3:20:74:1a:b7:cb:30:86:51:
         9c:9c:56:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkVEzTyaQjEd8xwMvy+cB20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYTkwMDU0MjMxNDc0NTM5MDkzNjZjNmI0ZDA5YzMxOTU4
YWNjMWMwHhcNMjUwOTA0MTQxMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDYyZTQ3ZmQyN2JiNWNlNDRmMmRiMGI0ODRmOTg4NTQwZmE1ZDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfd/Q2SC8EkvtQd7mvJe4PmS357/
QFq28YW2NKXvuP3yKvvhZMT6IOU9LcMi19aEx8ldJ9FK8SEu4T/0qStIU8BlcsQ0
Bwv86mFJOJBs4MLZ1HASYyG9m6ilGGVyng0zPTTqiO2RqBGReDcJxukBmiAd/M/r
73yT6VNLmcIvE1wMKmVtxlFKVC3v+2YfqUV4q3UMXdBtOJ8Or1cy47Z5GKjm6iDV
pzSj2ZWcZOGAIsBdGaI7MRAnhJwvprY2EHP6yxU3w40oOflBYzk3C6ocQ111FMHp
RIgBD5qwWHJb9WfteV1VjPtA+nhNSB4JTFto/1qGx/Zcl1Er+CTaZ7cYdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1i5H/Se7XORPLbC0hPmIVA+l2WMB8GA1UdIwQY
MBaAFPCpAFQjFHRTkJNmxrTQnDGViswcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMt
MzBkNzlmOWFhODc3LzEveldMa2Y5Sjd0YzVFOHRzTFNFLVloVUQ2WFpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMtMzBkNzlmOWFhODc3
LzEvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWTpwMA0G
CSqGSIb3DQEBCwUAA4IBAQA2gySBtS+LIVQu4+hNwUT4jA7bQhkfl7sE5/sKIDch
X+QjKhuAPBZoIB0R5nbm1lYnOsTwFMcHzVUbgZGLNNmlnclXXCC7rZRstdGhKvIS
8nyC3XSUqsHMTj8ITcJujlzHSnYKtOibfTgzPOajvSosJiPWc5RJJx3MwwFwncLN
FnY31J/b9IHf8PF6VnNluJ21CkMT9Wj4lnjk1mjPEpT8Ah2JtNsm11yDNlTcGhWp
SzTETWe3ROYheRg51x/68LZJxBdbXkDruiXI67P8pnQZrX6pXiS/zwhQ1nwGAW//
bzytmIwQ/9LiayXI+bDm1b10BurjIHQat8swhlGcnFbE
-----END CERTIFICATE-----