Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/834298-37f7-4830-8943-e066e0041a05/1/mlI7o2WpJZBYyozovfozaIiNzyk.roa
File:                     mlI7o2WpJZBYyozovfozaIiNzyk.roa (raw, json)
Hash identifier:          Ja13LeLJgj0g0MQUt0A5EkvjaYCybl3TMMz53xHlb0M=
Subject key identifier:   9A:52:3B:A3:65:A9:25:90:58:CA:8C:E8:BD:FA:33:68:88:8D:CF:29
Certificate issuer:       /CN=212ba8ccf345eef0dcf7d0154920818f319c25f8
Certificate serial:       019A6E02F00D7212243F5C284258D88E2961
Authority key identifier: 21:2B:A8:CC:F3:45:EE:F0:DC:F7:D0:15:49:20:81:8F:31:9C:25:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ISuozPNF7vDc99AVSSCBjzGcJfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/834298-37f7-4830-8943-e066e0041a05/1/mlI7o2WpJZBYyozovfozaIiNzyk.roa
Signing time:             Mon 10 Nov 2025 13:44:37 +0000
ROA not before:           Mon 10 Nov 2025 13:44:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204255
IP address blocks:        2001:678:1120::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/834298-37f7-4830-8943-e066e0041a05/1/ISuozPNF7vDc99AVSSCBjzGcJfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/834298-37f7-4830-8943-e066e0041a05/1/ISuozPNF7vDc99AVSSCBjzGcJfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ISuozPNF7vDc99AVSSCBjzGcJfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6e:02:f0:0d:72:12:24:3f:5c:28:42:58:d8:8e:29:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=212ba8ccf345eef0dcf7d0154920818f319c25f8
        Validity
            Not Before: Nov 10 13:44:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a523ba365a9259058ca8ce8bdfa3368888dcf29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b5:e9:be:ab:84:53:dd:96:4b:ee:8f:c1:e8:
                    7e:bc:7b:42:33:18:31:93:13:a8:91:07:d5:1e:a0:
                    37:8a:c1:25:c0:ce:2d:5c:d6:29:71:81:8d:37:22:
                    fa:d0:d3:40:0b:ee:f5:00:28:c7:6d:63:41:e6:f2:
                    af:ae:75:2f:1f:47:47:96:1c:85:d0:1f:74:17:8c:
                    e6:9c:89:71:d6:38:f5:13:68:a8:27:17:a8:14:93:
                    af:9a:27:0b:3f:09:cb:f6:80:56:c8:a1:2a:cf:00:
                    b8:cf:c9:25:e8:37:41:8d:b1:9d:17:d1:05:7f:02:
                    3a:3f:fd:55:0b:37:17:a9:cd:30:26:1a:92:7d:c8:
                    5f:7b:9e:0e:da:fd:ea:78:22:24:c0:a6:bd:46:7a:
                    3f:b0:d1:e1:47:ed:a3:62:8c:4f:8c:fc:67:77:86:
                    1f:24:4e:87:e2:3c:e4:bd:11:0c:3d:20:1d:ab:d7:
                    b2:0e:bb:50:f2:d7:72:3e:92:40:26:e1:4a:95:09:
                    d1:39:a1:f3:1d:ca:42:82:0b:c4:2c:3f:7e:2c:98:
                    b2:82:6a:cc:9d:fc:8e:30:27:8c:5b:5a:02:bd:cd:
                    d5:e7:0d:56:de:0f:21:ea:87:85:d8:38:a0:6a:0a:
                    7c:7d:06:d8:ae:4c:5d:32:e5:a6:89:be:37:28:5c:
                    9c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:52:3B:A3:65:A9:25:90:58:CA:8C:E8:BD:FA:33:68:88:8D:CF:29
            X509v3 Authority Key Identifier:
                keyid:21:2B:A8:CC:F3:45:EE:F0:DC:F7:D0:15:49:20:81:8F:31:9C:25:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ISuozPNF7vDc99AVSSCBjzGcJfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/834298-37f7-4830-8943-e066e0041a05/1/mlI7o2WpJZBYyozovfozaIiNzyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/834298-37f7-4830-8943-e066e0041a05/1/ISuozPNF7vDc99AVSSCBjzGcJfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1120::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:40:15:49:fd:40:e0:ed:c1:cf:fc:bd:bb:ad:ee:bc:ec:5a:
         b0:d4:7e:d8:bb:36:97:b8:71:9f:f9:f5:e9:cd:ee:7d:f0:0b:
         9c:47:05:37:33:b0:d2:af:fa:da:4f:14:0d:65:b7:eb:3f:22:
         a4:53:e5:8f:97:07:83:5e:4d:6e:d8:d7:36:8a:ad:1a:09:11:
         b8:b6:98:56:d1:be:7c:22:b3:8a:fd:7f:38:db:af:dc:20:d2:
         e5:27:66:09:b0:da:30:bb:13:d6:7a:73:bf:20:85:57:df:95:
         cc:cc:ac:a2:52:b1:0b:97:81:44:10:77:ee:81:b4:2d:fa:93:
         5a:83:9b:71:39:d0:86:77:f0:1b:90:e2:29:15:c1:c1:6c:15:
         fb:ea:fb:17:c1:7b:16:c0:b0:a0:62:82:92:53:c6:50:73:fe:
         a0:fc:1a:df:0d:e6:03:c7:43:b9:0f:0f:69:93:4e:ee:c5:e3:
         05:fc:64:13:9c:bc:96:1e:55:d7:81:d4:44:7c:1e:d7:76:40:
         06:cd:73:bd:28:d5:54:1b:69:d8:9e:0e:1a:9c:cb:74:90:ac:
         a4:0d:c9:40:7b:9b:f8:90:b5:17:1e:8b:95:62:67:70:25:9d:
         c0:83:8b:1f:3e:0e:97:52:96:93:30:ae:58:45:47:6f:35:86:
         d3:0f:24:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZpuAvANchIkP1woQljYjilhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMmJhOGNjZjM0NWVlZjBkY2Y3ZDAxNTQ5MjA4MThmMzE5
YzI1ZjgwHhcNMjUxMTEwMTM0NDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTUyM2JhMzY1YTkyNTkwNThjYThjZThiZGZhMzM2ODg4OGRjZjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rXpvquEU92WS+6Pweh+vHtCMxgx
kxOokQfVHqA3isElwM4tXNYpcYGNNyL60NNAC+71ACjHbWNB5vKvrnUvH0dHlhyF
0B90F4zmnIlx1jj1E2ioJxeoFJOvmicLPwnL9oBWyKEqzwC4z8kl6DdBjbGdF9EF
fwI6P/1VCzcXqc0wJhqSfchfe54O2v3qeCIkwKa9Rno/sNHhR+2jYoxPjPxnd4Yf
JE6H4jzkvREMPSAdq9eyDrtQ8tdyPpJAJuFKlQnROaHzHcpCggvELD9+LJiygmrM
nfyOMCeMW1oCvc3V5w1W3g8h6oeF2Digagp8fQbYrkxdMuWmib43KFychQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJpSO6NlqSWQWMqM6L36M2iIjc8pMB8GA1UdIwQY
MBaAFCErqMzzRe7w3PfQFUkggY8xnCX4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVN1b3pQTkY3dkRjOTlBVlNTQ0JqekdjSmZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC84MzQyOTgtMzdmNy00ODMwLTg5NDMt
ZTA2NmUwMDQxYTA1LzEvbWxJN28yV3BKWkJZeW96b3Zmb3phSWlOenlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC84MzQyOTgtMzdmNy00ODMwLTg5NDMtZTA2NmUwMDQxYTA1
LzEvSVN1b3pQTkY3dkRjOTlBVlNTQ0JqekdjSmZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBEg
MA0GCSqGSIb3DQEBCwUAA4IBAQAVQBVJ/UDg7cHP/L27re687Fqw1H7YuzaXuHGf
+fXpze598AucRwU3M7DSr/raTxQNZbfrPyKkU+WPlweDXk1u2Nc2iq0aCRG4tphW
0b58IrOK/X8426/cINLlJ2YJsNowuxPWenO/IIVX35XMzKyiUrELl4FEEHfugbQt
+pNag5txOdCGd/AbkOIpFcHBbBX76vsXwXsWwLCgYoKSU8ZQc/6g/BrfDeYDx0O5
Dw9pk07uxeMF/GQTnLyWHlXXgdREfB7XdkAGzXO9KNVUG2nYng4anMt0kKykDclA
e5v4kLUXHouVYmdwJZ3Ag4sfPg6XUpaTMK5YRUdvNYbTDyTN
-----END CERTIFICATE-----