Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/j0owTqfb6J2K4z_WjLAW8r1RFFM.roa
File:                     j0owTqfb6J2K4z_WjLAW8r1RFFM.roa (raw, json)
Hash identifier:          X5tA8t/omIcY6zR7IcyAjgCB8QTCsQ9yQsR/p/iKCPI=
Subject key identifier:   8F:4A:30:4E:A7:DB:E8:9D:8A:E3:3F:D6:8C:B0:16:F2:BD:51:14:53
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01997FE6002B26E8889850D820973F82917A
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/j0owTqfb6J2K4z_WjLAW8r1RFFM.roa
Signing time:             Thu 25 Sep 2025 08:03:23 +0000
ROA not before:           Thu 25 Sep 2025 08:03:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        82.163.64.0/22 maxlen: 24
                          82.163.168.0/22 maxlen: 24
                          82.163.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7f:e6:00:2b:26:e8:88:98:50:d8:20:97:3f:82:91:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Sep 25 08:03:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f4a304ea7dbe89d8ae33fd68cb016f2bd511453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:57:3d:ec:96:2e:1e:a5:7c:a7:02:1e:8f:91:
                    86:ec:cc:39:34:b0:72:7c:a4:5a:c8:53:27:16:f6:
                    53:de:0f:4e:27:ef:19:76:70:88:41:8d:4e:f5:99:
                    96:18:5e:09:bb:1e:4e:25:10:01:b0:1b:4c:f8:6d:
                    d7:97:ba:e8:de:f4:14:bc:b1:09:20:3f:7c:31:3d:
                    5d:51:77:c2:e5:d9:b8:46:5f:1a:dd:13:4d:31:e7:
                    e9:85:ba:e4:31:50:72:3e:2b:53:90:65:bf:65:c5:
                    c1:7f:ab:88:1b:cf:92:e0:e4:72:5e:de:65:41:83:
                    b5:f4:1f:26:dd:39:bd:49:d6:39:8b:91:23:15:38:
                    03:31:59:fb:c0:fe:92:de:5b:79:a9:2f:3a:25:93:
                    06:9b:cb:c7:57:c9:d9:d8:9a:a9:be:c4:69:be:59:
                    6f:fd:b2:3e:4a:ba:a9:e2:64:98:b9:a3:56:68:f5:
                    38:47:48:0c:18:d9:69:ed:c6:09:4c:c5:c1:b4:f5:
                    f5:74:de:9b:da:a7:11:a2:e1:bc:c2:16:53:52:3d:
                    5d:06:1a:bd:c5:00:09:7f:1e:3e:9c:b0:ab:f6:f7:
                    6c:93:a2:fc:a7:94:1c:de:83:e8:8d:eb:7a:14:36:
                    2d:c8:f3:d3:ad:3b:a3:fc:4e:f7:dd:f3:15:a4:14:
                    c3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:4A:30:4E:A7:DB:E8:9D:8A:E3:3F:D6:8C:B0:16:F2:BD:51:14:53
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/j0owTqfb6J2K4z_WjLAW8r1RFFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.64.0/22
                  82.163.168.0/22
                  82.163.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:1b:68:ea:80:3c:5c:08:fc:18:c4:c8:b5:24:cf:54:3e:65:
         ef:17:ea:7f:f3:c0:66:16:d6:6e:22:8a:2e:92:75:5a:35:95:
         ed:e2:ae:b0:42:93:37:46:ae:05:48:82:c6:77:8a:55:ee:d6:
         d0:79:36:bb:bb:2a:b0:5c:96:01:ca:0e:50:25:09:b0:7e:f3:
         a2:2a:b8:8e:d5:b6:77:37:07:4a:b1:94:5d:06:84:a2:5c:c0:
         34:3e:62:85:fc:03:01:27:54:8e:11:30:6d:a9:b4:38:1c:9c:
         89:b5:25:c6:aa:61:68:53:09:c4:66:e4:48:22:5d:3e:76:5c:
         64:70:ef:8f:15:d3:15:25:ed:e1:70:cc:72:ee:12:cb:4f:a7:
         39:ef:2b:0e:90:69:a1:89:42:7e:0f:d1:c6:d3:f0:e9:3e:fa:
         d9:52:26:99:70:d4:74:e2:ec:78:63:9e:9e:8a:f1:30:6f:06:
         ee:0a:ea:00:28:57:7d:9c:90:49:57:97:7e:48:3e:91:ce:4d:
         61:ea:01:d7:71:cd:a5:a8:b2:93:0b:6c:29:24:3b:a2:42:f0:
         c9:30:d0:46:09:9c:4f:77:8e:fb:2f:a4:4f:4a:3f:70:de:8a:
         4e:c8:2b:79:fc:e1:81:e9:d1:39:3b:56:8e:4f:82:bb:5b:78:
         ad:a1:59:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZl/5gArJuiImFDYIJc/gpF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwOTI1MDgwMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjRhMzA0ZWE3ZGJlODlkOGFlMzNmZDY4Y2IwMTZmMmJkNTExNDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlc97JYuHqV8pwIej5GG7Mw5NLBy
fKRayFMnFvZT3g9OJ+8ZdnCIQY1O9ZmWGF4Jux5OJRABsBtM+G3Xl7ro3vQUvLEJ
ID98MT1dUXfC5dm4Rl8a3RNNMefphbrkMVByPitTkGW/ZcXBf6uIG8+S4ORyXt5l
QYO19B8m3Tm9SdY5i5EjFTgDMVn7wP6S3lt5qS86JZMGm8vHV8nZ2JqpvsRpvllv
/bI+Srqp4mSYuaNWaPU4R0gMGNlp7cYJTMXBtPX1dN6b2qcRouG8whZTUj1dBhq9
xQAJfx4+nLCr9vdsk6L8p5Qc3oPojet6FDYtyPPTrTuj/E733fMVpBTDSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI9KME6n2+idiuM/1oywFvK9URRTMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvajBvd1RxZmI2SjJLNHpfV2pMQVc4cjFSRkZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCUqNAAwQC
UqOoAwQCUqPgMA0GCSqGSIb3DQEBCwUAA4IBAQBEG2jqgDxcCPwYxMi1JM9UPmXv
F+p/88BmFtZuIoouknVaNZXt4q6wQpM3Rq4FSILGd4pV7tbQeTa7uyqwXJYByg5Q
JQmwfvOiKriO1bZ3NwdKsZRdBoSiXMA0PmKF/AMBJ1SOETBtqbQ4HJyJtSXGqmFo
UwnEZuRIIl0+dlxkcO+PFdMVJe3hcMxy7hLLT6c57ysOkGmhiUJ+D9HG0/DpPvrZ
UiaZcNR04ux4Y56eivEwbwbuCuoAKFd9nJBJV5d+SD6Rzk1h6gHXcc2lqLKTC2wp
JDuiQvDJMNBGCZxPd477L6RPSj9w3opOyCt5/OGB6dE5O1aOT4K7W3itoVm1
-----END CERTIFICATE-----