Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/a918cb-2044-4f1c-9700-93601a34f62f/1/oclKHAtmoA9vP-ZCW-nXoVl95RM.roa
File:                     oclKHAtmoA9vP-ZCW-nXoVl95RM.roa (raw, json)
Hash identifier:          xxuHEbUOU/3xe58FFQOG42uiHerR1Ojst9xa4iCrTKg=
Subject key identifier:   A1:C9:4A:1C:0B:66:A0:0F:6F:3F:E6:42:5B:E9:D7:A1:59:7D:E5:13
Certificate issuer:       /CN=7fb50e7d3b7fd2894cfb70e494608b320cc215c1
Certificate serial:       019A12C48FFDC7287C58FD4D53E776524CF8
Authority key identifier: 7F:B5:0E:7D:3B:7F:D2:89:4C:FB:70:E4:94:60:8B:32:0C:C2:15:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f7UOfTt_0olM-3DklGCLMgzCFcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/a918cb-2044-4f1c-9700-93601a34f62f/1/oclKHAtmoA9vP-ZCW-nXoVl95RM.roa
Signing time:             Thu 23 Oct 2025 20:31:03 +0000
ROA not before:           Thu 23 Oct 2025 20:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198104
IP address blocks:        2.57.237.0/24 maxlen: 24
                          2a12:a440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/a918cb-2044-4f1c-9700-93601a34f62f/1/f7UOfTt_0olM-3DklGCLMgzCFcE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/a918cb-2044-4f1c-9700-93601a34f62f/1/f7UOfTt_0olM-3DklGCLMgzCFcE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f7UOfTt_0olM-3DklGCLMgzCFcE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:12:c4:8f:fd:c7:28:7c:58:fd:4d:53:e7:76:52:4c:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fb50e7d3b7fd2894cfb70e494608b320cc215c1
        Validity
            Not Before: Oct 23 20:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1c94a1c0b66a00f6f3fe6425be9d7a1597de513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:f7:d9:1c:62:b0:74:c7:bc:72:cb:d1:10:bf:
                    7e:2f:54:69:a8:2b:d2:97:29:09:86:28:d5:10:b5:
                    6b:60:7b:04:6e:a0:7b:d7:5b:f3:91:38:fa:d5:ed:
                    ce:89:ae:65:fa:40:1b:d3:05:25:bc:8a:17:44:2c:
                    40:bf:34:4f:92:55:58:f5:94:21:21:8c:6d:58:55:
                    35:3e:f8:b1:c9:a8:52:61:00:c5:5f:b7:ae:ab:81:
                    1c:b2:08:5c:72:82:45:33:7b:fa:31:1c:0e:da:70:
                    6b:bf:e6:93:84:9c:38:a7:2b:40:44:56:a7:b4:a5:
                    c6:07:7e:b1:59:77:d5:00:07:ff:d8:2b:75:0f:d1:
                    c7:54:07:83:47:ea:5f:99:42:38:98:02:d9:ab:6f:
                    79:18:69:d0:ba:be:ee:f7:66:dd:a1:b8:1d:db:d2:
                    e1:48:9e:4f:08:09:62:79:57:87:66:ce:03:59:97:
                    d1:f4:b5:ca:ad:2f:30:5e:30:43:c1:7e:8c:6b:c3:
                    e2:3b:99:5c:af:68:eb:e1:60:88:5c:4c:dd:3f:7f:
                    f9:c8:fc:5a:78:37:ec:36:a2:b4:a2:fb:a2:cb:b2:
                    cc:08:ca:f7:87:a6:93:30:82:03:f3:a9:0c:a6:86:
                    ae:e5:02:f5:76:d0:b2:94:02:cc:f3:2f:65:74:a4:
                    cf:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C9:4A:1C:0B:66:A0:0F:6F:3F:E6:42:5B:E9:D7:A1:59:7D:E5:13
            X509v3 Authority Key Identifier:
                keyid:7F:B5:0E:7D:3B:7F:D2:89:4C:FB:70:E4:94:60:8B:32:0C:C2:15:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7UOfTt_0olM-3DklGCLMgzCFcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a918cb-2044-4f1c-9700-93601a34f62f/1/oclKHAtmoA9vP-ZCW-nXoVl95RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a918cb-2044-4f1c-9700-93601a34f62f/1/f7UOfTt_0olM-3DklGCLMgzCFcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.237.0/24
                IPv6:
                  2a12:a440::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:c9:ca:1a:15:ce:02:bc:13:af:24:ab:0e:9d:6b:fd:39:08:
         51:30:69:2a:11:08:c7:1d:f5:11:8a:eb:50:f0:41:db:29:ab:
         7f:7d:80:9d:bc:17:53:fa:73:09:88:5d:6a:83:a4:31:e5:88:
         ba:fc:f5:c1:99:97:c7:ec:89:40:56:e0:e5:e0:b9:ec:f2:63:
         dc:7d:4d:41:e6:0e:c2:09:26:cb:eb:43:8b:e2:45:c9:0b:f0:
         f5:fc:d9:d6:57:5b:f9:8f:54:ce:81:39:92:64:73:99:29:ce:
         c2:32:a1:b1:00:26:2b:e0:ed:87:11:01:33:7b:96:77:ed:9c:
         a1:ef:f5:7f:29:d5:34:59:98:25:ad:ed:ef:6f:dc:83:0a:1b:
         38:4f:8d:aa:80:6c:fc:d4:f0:ee:e7:a1:6e:dd:e5:f9:e3:06:
         fb:c9:74:9e:b2:88:eb:02:b6:fb:d2:a7:c1:f2:95:88:be:f9:
         84:d0:ce:98:29:c4:fd:b7:12:3b:a5:9b:04:19:4a:e4:ce:de:
         65:9f:cc:02:46:62:aa:a5:47:52:9e:b1:86:48:c6:85:ab:8a:
         3b:1a:bc:ea:d5:08:0f:8a:e2:65:b5:42:dd:98:f9:c5:3a:70:
         ce:51:10:35:5e:41:f0:f4:a3:13:c5:6c:f8:2e:de:73:3d:f8:
         ab:fb:cb:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoSxI/9xyh8WP1NU+d2Ukz4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmYjUwZTdkM2I3ZmQyODk0Y2ZiNzBlNDk0NjA4YjMyMGNj
MjE1YzEwHhcNMjUxMDIzMjAzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWM5NGExYzBiNjZhMDBmNmYzZmU2NDI1YmU5ZDdhMTU5N2RlNTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ffZHGKwdMe8csvREL9+L1RpqCvS
lykJhijVELVrYHsEbqB711vzkTj61e3Oia5l+kAb0wUlvIoXRCxAvzRPklVY9ZQh
IYxtWFU1PvixyahSYQDFX7euq4EcsghccoJFM3v6MRwO2nBrv+aThJw4pytARFan
tKXGB36xWXfVAAf/2Ct1D9HHVAeDR+pfmUI4mALZq295GGnQur7u92bdobgd29Lh
SJ5PCAlieVeHZs4DWZfR9LXKrS8wXjBDwX6Ma8PiO5lcr2jr4WCIXEzdP3/5yPxa
eDfsNqK0ovuiy7LMCMr3h6aTMIID86kMpoau5QL1dtCylALM8y9ldKTPBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKHJShwLZqAPbz/mQlvp16FZfeUTMB8GA1UdIwQY
MBaAFH+1Dn07f9KJTPtw5JRgizIMwhXBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjdVT2ZUdF8wb2xNLTNEa2xHQ0xNZ3pDRmNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9hOTE4Y2ItMjA0NC00ZjFjLTk3MDAt
OTM2MDFhMzRmNjJmLzEvb2NsS0hBdG1vQTl2UC1aQ1ctblhvVmw5NVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9hOTE4Y2ItMjA0NC00ZjFjLTk3MDAtOTM2MDFhMzRmNjJm
LzEvZjdVT2ZUdF8wb2xNLTNEa2xHQ0xNZ3pDRmNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAAjntMA0E
AgACMAcDBQMqEqRAMA0GCSqGSIb3DQEBCwUAA4IBAQAJycoaFc4CvBOvJKsOnWv9
OQhRMGkqEQjHHfURiutQ8EHbKat/fYCdvBdT+nMJiF1qg6Qx5Yi6/PXBmZfH7IlA
VuDl4Lns8mPcfU1B5g7CCSbL60OL4kXJC/D1/NnWV1v5j1TOgTmSZHOZKc7CMqGx
ACYr4O2HEQEze5Z37Zyh7/V/KdU0WZglre3vb9yDChs4T42qgGz81PDu56Fu3eX5
4wb7yXSesojrArb70qfB8pWIvvmE0M6YKcT9txI7pZsEGUrkzt5ln8wCRmKqpUdS
nrGGSMaFq4o7Grzq1QgPiuJltULdmPnFOnDOURA1XkHw9KMTxWz4Lt5zPfir+8ub
-----END CERTIFICATE-----