Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/e5h93GJcw_yYu-HPlsFYMzfWdiw.roa
File:                     e5h93GJcw_yYu-HPlsFYMzfWdiw.roa (raw, json)
Hash identifier:          oKEC7H50ILmV8ZefC45forraqPebyPkE3IFXMuMi43Y=
Subject key identifier:   7B:98:7D:DC:62:5C:C3:FC:98:BB:E1:CF:96:C1:58:33:37:D6:76:2C
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019A0CE8EE012C75EC7A4523BF9C3FB749AD
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/e5h93GJcw_yYu-HPlsFYMzfWdiw.roa
Signing time:             Wed 22 Oct 2025 17:13:03 +0000
ROA not before:           Wed 22 Oct 2025 17:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        80.246.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Oct 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0c:e8:ee:01:2c:75:ec:7a:45:23:bf:9c:3f:b7:49:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Oct 22 17:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b987ddc625cc3fc98bbe1cf96c1583337d6762c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:59:2b:73:d6:86:98:62:5f:af:d5:2b:d7:e1:
                    03:48:56:8a:f8:e6:12:fd:a5:5a:be:8c:9f:00:a2:
                    ca:69:a4:61:76:44:0e:07:6d:53:83:32:64:bc:fa:
                    5e:86:8c:69:d7:3a:fc:6c:a0:b0:0e:ec:01:97:73:
                    a6:ee:e9:45:ff:e5:ac:d3:d7:18:57:a3:b7:ad:9b:
                    17:1d:7d:07:c3:59:7d:95:e8:64:98:74:f3:a6:66:
                    0f:5e:25:24:cf:0c:68:e7:eb:83:b1:d8:3e:8b:93:
                    48:01:eb:cb:1f:b6:6b:54:c2:ee:76:df:ab:ca:a4:
                    f6:70:2b:fe:3d:8e:6a:d0:c8:04:5c:e1:9d:2a:25:
                    ce:36:c4:25:0d:91:20:bd:21:02:4c:b8:75:29:53:
                    d6:f8:bc:6e:69:24:58:05:d0:b4:31:d2:39:49:a9:
                    07:36:9a:60:90:d5:4c:ee:c2:2e:97:c9:23:2a:45:
                    fb:97:c5:d9:b8:ef:a1:1b:d4:25:18:83:06:7c:80:
                    49:69:25:ed:50:a3:0e:11:14:7f:4f:4a:b5:d5:69:
                    ad:2d:53:60:43:2d:89:0e:b9:14:a0:21:41:fc:ce:
                    58:3a:77:ca:0d:c4:e0:d2:01:88:91:f4:c9:f0:d8:
                    2e:2b:44:f5:37:79:f1:b6:de:6a:7a:30:fd:be:0f:
                    56:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:98:7D:DC:62:5C:C3:FC:98:BB:E1:CF:96:C1:58:33:37:D6:76:2C
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/e5h93GJcw_yYu-HPlsFYMzfWdiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:fc:3f:47:b4:0c:bd:2d:ab:f2:43:b1:37:e9:57:45:5b:a9:
         e4:c4:d8:4f:fa:e3:3e:b2:2e:ea:ef:92:91:10:dd:df:c0:9a:
         98:9d:03:e6:04:72:a0:9b:04:e1:9a:26:3d:11:cd:82:cc:b0:
         7b:0c:c7:61:94:e0:2b:8e:b9:3c:59:10:91:5b:22:b8:27:2f:
         c5:07:af:5f:9b:f1:c2:44:d0:c6:d3:bb:f5:ae:3b:b9:08:57:
         23:31:2d:bf:8a:e7:60:dd:f1:00:6d:72:21:97:3e:d2:47:e6:
         10:31:d6:9d:31:b9:0a:ff:78:f7:e2:17:7c:97:0d:98:4f:16:
         e8:9c:2c:3f:ed:23:70:3f:94:33:90:1d:16:09:cb:6f:4f:ca:
         d2:36:27:e6:36:fe:d0:98:2a:63:49:81:cb:df:0e:c3:41:c9:
         22:1a:86:b6:00:41:16:7f:06:1d:3a:c5:36:93:d1:4b:89:0f:
         e7:fc:7a:b0:94:4a:18:78:b6:9f:9c:74:d9:06:09:73:7d:29:
         a4:c1:49:76:ca:5c:42:7c:98:8c:f3:e7:af:fb:8c:41:ec:22:
         aa:4a:a6:0b:a9:c7:3b:73:c2:3c:65:2d:44:24:62:e3:fe:7b:
         47:95:b0:ac:e5:fa:41:f1:02:a5:28:34:48:4f:4c:3c:ed:53:
         ef:9e:8d:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoM6O4BLHXsekUjv5w/t0mtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUxMDIyMTcxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjk4N2RkYzYyNWNjM2ZjOThiYmUxY2Y5NmMxNTgzMzM3ZDY3NjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVkrc9aGmGJfr9Ur1+EDSFaK+OYS
/aVavoyfAKLKaaRhdkQOB21TgzJkvPpehoxp1zr8bKCwDuwBl3Om7ulF/+Ws09cY
V6O3rZsXHX0Hw1l9lehkmHTzpmYPXiUkzwxo5+uDsdg+i5NIAevLH7ZrVMLudt+r
yqT2cCv+PY5q0MgEXOGdKiXONsQlDZEgvSECTLh1KVPW+LxuaSRYBdC0MdI5SakH
NppgkNVM7sIul8kjKkX7l8XZuO+hG9QlGIMGfIBJaSXtUKMOERR/T0q11WmtLVNg
Qy2JDrkUoCFB/M5YOnfKDcTg0gGIkfTJ8NguK0T1N3nxtt5qejD9vg9WMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuYfdxiXMP8mLvhz5bBWDM31nYsMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvZTVoOTNHSmN3X3lZdS1IUGxzRllNemZXZGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPbmMA0G
CSqGSIb3DQEBCwUAA4IBAQBf/D9HtAy9LavyQ7E36VdFW6nkxNhP+uM+si7q75KR
EN3fwJqYnQPmBHKgmwThmiY9Ec2CzLB7DMdhlOArjrk8WRCRWyK4Jy/FB69fm/HC
RNDG07v1rju5CFcjMS2/iudg3fEAbXIhlz7SR+YQMdadMbkK/3j34hd8lw2YTxbo
nCw/7SNwP5QzkB0WCctvT8rSNifmNv7QmCpjSYHL3w7DQckiGoa2AEEWfwYdOsU2
k9FLiQ/n/HqwlEoYeLafnHTZBglzfSmkwUl2ylxCfJiM8+ev+4xB7CKqSqYLqcc7
c8I8ZS1EJGLj/ntHlbCs5fpB8QKlKDRIT0w87VPvno0J
-----END CERTIFICATE-----