Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/CI51H2fHvf9O5PRdQks01a3u510.roa
File:                     CI51H2fHvf9O5PRdQks01a3u510.roa (raw, json)
Hash identifier:          WxRq8BNJredn3oBSIG06V75hKGowCex4s9btYuU89jo=
Subject key identifier:   08:8E:75:1F:67:C7:BD:FF:4E:E4:F4:5D:42:4B:34:D5:AD:EE:E7:5D
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       01990B7A1FAC3E3DA098ADC48F747B603C20
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/CI51H2fHvf9O5PRdQks01a3u510.roa
Signing time:             Tue 02 Sep 2025 17:29:36 +0000
ROA not before:           Tue 02 Sep 2025 17:29:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216068
IP address blocks:        185.69.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:7a:1f:ac:3e:3d:a0:98:ad:c4:8f:74:7b:60:3c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Sep  2 17:29:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=088e751f67c7bdff4ee4f45d424b34d5adeee75d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:bb:92:22:37:35:c7:4d:8f:0e:7c:3f:a3:42:
                    16:d0:64:22:ce:09:2e:64:bc:42:76:cc:37:6a:30:
                    c4:aa:d5:b1:56:54:ef:81:8f:13:8d:5d:d4:8a:5d:
                    09:68:b1:9a:5a:d4:5a:e8:48:ba:6e:f3:0c:12:b8:
                    8a:49:61:cc:75:ad:f8:17:0d:7d:c2:68:d6:a8:2e:
                    fa:46:8e:0d:5e:71:6e:9d:3b:d8:60:3e:01:00:17:
                    bc:32:26:47:1b:0d:da:c5:c8:71:5f:0e:d1:b2:92:
                    05:ca:a4:d4:75:03:f4:50:59:dd:8c:c5:da:75:7c:
                    c7:a1:d7:50:36:43:5f:28:cd:58:64:54:0f:5f:57:
                    2e:aa:77:de:7c:6b:29:00:06:72:c6:9e:ec:23:11:
                    e6:0f:e0:b5:54:3c:5d:69:63:fa:39:5f:17:3f:72:
                    55:66:af:e2:38:0e:69:d2:7d:78:1e:5b:ff:84:ef:
                    45:a5:8b:23:3b:79:ad:63:d0:c9:f5:12:eb:b5:f4:
                    f8:63:8f:89:f3:24:9d:37:b6:4c:55:3d:07:9e:6d:
                    d9:46:a2:cd:89:6a:be:38:1d:90:27:eb:b5:f6:0d:
                    fd:00:f3:26:49:7b:d8:bc:92:e0:a8:b4:c7:2b:9a:
                    36:fe:bb:52:17:4d:c0:71:bb:f7:eb:ef:72:2b:8b:
                    51:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:8E:75:1F:67:C7:BD:FF:4E:E4:F4:5D:42:4B:34:D5:AD:EE:E7:5D
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/CI51H2fHvf9O5PRdQks01a3u510.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:50:8e:1c:dd:95:84:03:2f:19:12:14:b6:6a:ec:5f:e1:49:
         a5:74:1b:42:41:19:44:9c:e6:db:a7:40:95:4c:0d:13:95:24:
         e9:61:db:cf:cd:25:60:62:7a:2c:61:f2:bf:51:1f:71:b4:20:
         ac:06:da:38:1d:c7:15:54:f9:ac:f4:17:86:09:fa:8e:79:53:
         0d:2c:6e:ea:05:7a:dc:ce:0e:52:b0:27:8f:07:3d:ce:e6:12:
         58:e5:e8:f4:24:30:54:40:d4:d9:f5:ef:df:14:fc:2b:e0:30:
         f2:45:fd:7d:39:6d:34:a8:12:2f:16:26:1d:df:ed:f2:b8:bf:
         5e:8d:02:48:91:ee:20:fe:89:ea:26:e1:9c:f0:63:6c:32:a5:
         e3:19:19:12:11:a2:d0:03:76:5c:83:b1:73:f6:60:c6:2c:7b:
         d9:39:eb:e9:b4:88:39:85:11:1b:14:93:b7:b0:40:25:2c:1e:
         e7:77:38:b7:aa:e6:d2:f6:91:f9:40:6f:35:40:8e:34:dc:00:
         6a:b7:22:af:a3:f5:3a:5d:e3:d4:f6:6d:5d:4d:9f:d1:1d:9f:
         b9:3b:2a:8c:17:e0:6e:18:c8:e8:ed:09:52:1d:00:69:03:ab:
         89:dd:df:2d:2c:f7:ec:c7:cc:f5:ec:f8:e1:4b:69:04:3d:c3:
         5d:ce:50:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkLeh+sPj2gmK3Ej3R7YDwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjUwOTAyMTcyOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODhlNzUxZjY3YzdiZGZmNGVlNGY0NWQ0MjRiMzRkNWFkZWVlNzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubuSIjc1x02PDnw/o0IW0GQizgku
ZLxCdsw3ajDEqtWxVlTvgY8TjV3Uil0JaLGaWtRa6Ei6bvMMEriKSWHMda34Fw19
wmjWqC76Ro4NXnFunTvYYD4BABe8MiZHGw3axchxXw7RspIFyqTUdQP0UFndjMXa
dXzHoddQNkNfKM1YZFQPX1cuqnfefGspAAZyxp7sIxHmD+C1VDxdaWP6OV8XP3JV
Zq/iOA5p0n14Hlv/hO9FpYsjO3mtY9DJ9RLrtfT4Y4+J8ySdN7ZMVT0Hnm3ZRqLN
iWq+OB2QJ+u19g39APMmSXvYvJLgqLTHK5o2/rtSF03Acbv36+9yK4tR6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiOdR9nx73/TuT0XUJLNNWt7uddMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvQ0k1MUgyZkh2ZjlPNVBSZFFrczAxYTN1NTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUXeMA0G
CSqGSIb3DQEBCwUAA4IBAQBIUI4c3ZWEAy8ZEhS2auxf4UmldBtCQRlEnObbp0CV
TA0TlSTpYdvPzSVgYnosYfK/UR9xtCCsBto4HccVVPms9BeGCfqOeVMNLG7qBXrc
zg5SsCePBz3O5hJY5ej0JDBUQNTZ9e/fFPwr4DDyRf19OW00qBIvFiYd3+3yuL9e
jQJIke4g/onqJuGc8GNsMqXjGRkSEaLQA3Zcg7Fz9mDGLHvZOevptIg5hREbFJO3
sEAlLB7ndzi3qubS9pH5QG81QI403ABqtyKvo/U6XePU9m1dTZ/RHZ+5OyqMF+Bu
GMjo7QlSHQBpA6uJ3d8tLPfsx8z17PjhS2kEPcNdzlAf
-----END CERTIFICATE-----