Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/W2nNEF8qHTKft1xSAnUWoLZGFiY.roa
File:                     W2nNEF8qHTKft1xSAnUWoLZGFiY.roa (raw, json)
Hash identifier:          dDsFO7ipduSuI7GlAukzs3zzXlpJSjZo32XEFl3Fb7g=
Subject key identifier:   5B:69:CD:10:5F:2A:1D:32:9F:B7:5C:52:02:75:16:A0:B6:46:16:26
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       019A15290C8B5A65FAC355E7287EA39F8F36
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/W2nNEF8qHTKft1xSAnUWoLZGFiY.roa
Signing time:             Fri 24 Oct 2025 07:40:02 +0000
ROA not before:           Fri 24 Oct 2025 07:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        92.53.184.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:15:29:0c:8b:5a:65:fa:c3:55:e7:28:7e:a3:9f:8f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Oct 24 07:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b69cd105f2a1d329fb75c52027516a0b6461626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ed:1c:b3:c6:04:83:64:44:1e:4a:6d:fa:43:
                    d6:8f:51:a8:af:51:f5:3f:d7:94:dd:17:72:6a:7d:
                    45:6f:b4:3b:dc:0d:2e:38:41:f3:4a:40:16:08:15:
                    65:03:7d:ef:ca:4c:79:dc:0d:a0:84:8b:0e:f4:14:
                    f6:eb:f4:15:9d:12:9e:ef:3b:e0:17:03:dd:56:74:
                    3e:5b:07:e1:02:81:d5:7f:67:ff:ed:ee:3f:8d:41:
                    3d:c6:1f:0e:ee:15:41:bb:e6:9e:4e:2d:52:7a:f2:
                    3e:28:40:c0:84:78:a8:e9:8d:de:fd:0a:8b:65:dc:
                    95:90:00:b6:67:01:6d:68:9a:51:ed:04:53:5a:bf:
                    49:02:82:dc:0e:25:fd:b5:cb:d2:f4:0d:64:67:29:
                    8b:65:48:96:10:a2:0c:b3:0b:c6:00:b5:b4:23:88:
                    82:87:18:06:36:5e:5c:a1:f0:87:1f:8a:86:51:4e:
                    02:b1:37:2d:5c:b9:4f:9d:af:85:67:fb:80:79:45:
                    eb:88:0c:e1:05:b6:45:9d:ac:38:26:1b:82:37:30:
                    1f:7b:09:f1:ae:52:4c:34:2f:e8:c7:0f:86:49:ce:
                    14:2c:63:7e:96:d4:ad:3d:94:a6:3d:cb:58:aa:97:
                    eb:2c:de:03:84:51:ca:9f:c1:b6:7d:39:95:43:7f:
                    ca:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:69:CD:10:5F:2A:1D:32:9F:B7:5C:52:02:75:16:A0:B6:46:16:26
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/W2nNEF8qHTKft1xSAnUWoLZGFiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:4a:97:e4:39:44:3e:4a:8d:55:d8:55:92:d4:16:e9:30:51:
         99:81:27:81:7d:3a:22:10:be:c1:57:cc:82:ec:bd:e2:10:a7:
         99:12:01:4f:d7:8f:18:45:04:f8:e7:ef:68:f5:7c:f7:28:29:
         c8:b2:82:c3:c5:32:03:1d:20:ee:95:dc:17:2a:45:98:9f:00:
         7a:1a:bb:52:2c:ba:67:b3:9e:5f:d2:6d:f5:be:88:da:27:7e:
         1b:d1:58:47:04:25:23:66:40:f1:bf:90:b2:63:30:c0:69:55:
         03:91:0d:26:fb:32:93:f1:7a:ff:41:63:d4:ad:0d:e7:03:45:
         46:4b:60:a3:84:f9:87:04:a4:b2:dd:2f:3d:6e:9d:20:69:5e:
         20:a1:6a:bd:43:66:77:31:b6:76:8d:70:d5:2a:d2:0b:04:38:
         5c:76:81:f9:74:39:41:e9:63:ac:2d:6b:ed:7c:b7:2f:11:8d:
         b7:9d:e5:ad:25:81:3c:49:ed:ba:2f:e7:42:fc:f4:a1:ce:ce:
         99:eb:e3:73:b3:c3:2a:f6:58:67:0c:3c:b1:05:4e:ef:ab:76:
         d8:2a:5a:02:79:ea:d9:da:34:d2:5d:3e:10:dd:66:86:3b:58:
         ec:6b:57:ab:ab:69:db:03:ab:f7:21:54:1f:57:01:52:f3:80:
         0d:2d:21:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoVKQyLWmX6w1XnKH6jn482MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjUxMDI0MDc0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjY5Y2QxMDVmMmExZDMyOWZiNzVjNTIwMjc1MTZhMGI2NDYxNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAze0cs8YEg2REHkpt+kPWj1Gor1H1
P9eU3Rdyan1Fb7Q73A0uOEHzSkAWCBVlA33vykx53A2ghIsO9BT26/QVnRKe7zvg
FwPdVnQ+WwfhAoHVf2f/7e4/jUE9xh8O7hVBu+aeTi1SevI+KEDAhHio6Y3e/QqL
ZdyVkAC2ZwFtaJpR7QRTWr9JAoLcDiX9tcvS9A1kZymLZUiWEKIMswvGALW0I4iC
hxgGNl5cofCHH4qGUU4CsTctXLlPna+FZ/uAeUXriAzhBbZFnaw4JhuCNzAfewnx
rlJMNC/oxw+GSc4ULGN+ltStPZSmPctYqpfrLN4DhFHKn8G2fTmVQ3/KgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtpzRBfKh0yn7dcUgJ1FqC2RhYmMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvVzJuTkVGOHFIVEtmdDF4U0FuVVdvTFpHRmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDW4MA0G
CSqGSIb3DQEBCwUAA4IBAQATSpfkOUQ+So1V2FWS1BbpMFGZgSeBfToiEL7BV8yC
7L3iEKeZEgFP148YRQT45+9o9Xz3KCnIsoLDxTIDHSDuldwXKkWYnwB6GrtSLLpn
s55f0m31vojaJ34b0VhHBCUjZkDxv5CyYzDAaVUDkQ0m+zKT8Xr/QWPUrQ3nA0VG
S2CjhPmHBKSy3S89bp0gaV4goWq9Q2Z3MbZ2jXDVKtILBDhcdoH5dDlB6WOsLWvt
fLcvEY23neWtJYE8Se26L+dC/PShzs6Z6+Nzs8Mq9lhnDDyxBU7vq3bYKloCeerZ
2jTSXT4Q3WaGO1jsa1erq2nbA6v3IVQfVwFS84ANLSGF
-----END CERTIFICATE-----