Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/W2ZxVVsdMfGy_Po2_OhnZw7e3EM.roa
File:                     W2ZxVVsdMfGy_Po2_OhnZw7e3EM.roa (raw, json)
Hash identifier:          C0KyrF8gqSr+LRGOJ/BuMCH900IqSYoTwnHErqXre5E=
Subject key identifier:   5B:66:71:55:5B:1D:31:F1:B2:FC:FA:36:FC:E8:67:67:0E:DE:DC:43
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       01995C6DCD3F1882AF97500B40167D00DE4C
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/W2ZxVVsdMfGy_Po2_OhnZw7e3EM.roa
Signing time:             Thu 18 Sep 2025 10:45:23 +0000
ROA not before:           Thu 18 Sep 2025 10:45:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        193.219.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 19:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:6d:cd:3f:18:82:af:97:50:0b:40:16:7d:00:de:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Sep 18 10:45:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b6671555b1d31f1b2fcfa36fce867670ededc43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4a:4c:bc:ec:76:4d:97:56:e0:b7:1e:8d:07:
                    cc:a3:26:6a:41:14:23:f1:82:6e:05:53:3a:ce:c0:
                    3d:f5:d3:f4:e3:34:10:20:c5:d7:5a:ce:99:db:04:
                    5d:83:f8:f8:37:88:98:35:9f:ca:8e:d6:dd:8e:49:
                    a2:16:3a:d1:71:5c:b7:5a:91:ae:1b:2c:f3:32:1f:
                    05:76:f0:6a:da:0e:80:1b:3b:b3:ae:00:f7:be:52:
                    fc:e1:e1:1f:cc:e3:ea:07:f0:d6:b6:3a:dc:d5:fd:
                    b2:46:72:0d:85:65:3d:1b:88:cd:80:0a:bd:a3:a8:
                    5f:b0:4a:34:6c:8c:90:ac:cf:5a:ab:79:9b:3e:2e:
                    58:c8:e9:fc:f3:27:3d:72:da:1a:55:93:0d:a5:ad:
                    f6:41:a1:e5:b9:c6:18:d8:92:e5:c3:8b:b5:fa:d4:
                    de:ee:9c:0d:0b:5b:35:d0:ae:f5:19:28:69:8a:ad:
                    68:c6:34:a4:fa:e0:5f:3b:b9:5f:ee:58:b1:af:03:
                    d5:fd:25:5a:f1:fc:22:e8:19:b1:20:70:e4:11:88:
                    0a:5d:ce:e2:4d:5a:0e:4f:2f:1b:7a:37:5e:09:d4:
                    ff:d4:32:08:42:9e:d1:48:13:6c:86:dc:64:11:75:
                    1a:75:83:35:52:c3:19:2b:10:a9:26:98:33:60:ee:
                    42:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:66:71:55:5B:1D:31:F1:B2:FC:FA:36:FC:E8:67:67:0E:DE:DC:43
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/W2ZxVVsdMfGy_Po2_OhnZw7e3EM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.219.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:0e:df:51:b5:d0:03:a8:0e:5d:d0:8e:0d:e4:4b:22:e5:ce:
         52:fd:ce:e5:1a:0e:0a:32:ad:f5:b3:93:66:7e:94:a1:85:70:
         ad:71:e0:c9:89:88:b8:e0:93:88:d5:4a:92:35:dc:ab:44:06:
         f9:ea:b4:ce:dc:cf:00:d6:65:31:f6:45:22:71:1f:74:26:08:
         e3:9d:4c:95:0c:b3:39:0e:55:29:0b:f4:7b:c2:96:af:cd:ba:
         75:2b:4e:a8:f6:03:62:06:79:33:d8:57:07:e4:dc:bb:88:7f:
         96:bc:06:39:33:ff:f2:17:27:14:1c:00:a0:b9:e3:55:db:e9:
         ca:6d:22:25:b1:6d:2d:4f:c4:ec:59:30:84:86:23:a1:3f:66:
         d6:33:6b:00:98:01:0f:7e:82:4b:9e:bb:6d:b5:00:4c:b9:39:
         1e:ed:e7:d2:98:87:f8:fc:58:27:c0:82:4d:47:fd:b2:fb:75:
         70:59:e3:3b:bd:54:67:5a:1d:f1:91:f9:d8:6a:e7:ba:aa:3f:
         65:9f:bf:0c:66:dd:9b:90:20:36:be:6f:aa:e9:35:3f:c1:49:
         64:b5:f5:2d:cf:40:e7:8c:f8:2c:c2:2c:4e:ba:f8:86:db:22:
         b4:92:1e:b6:7f:09:8f:9f:83:2f:cc:b5:7b:51:78:f9:9e:12:
         6e:8f:a5:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlcbc0/GIKvl1ALQBZ9AN5MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUwOTE4MTA0NTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjY2NzE1NTViMWQzMWYxYjJmY2ZhMzZmY2U4Njc2NzBlZGVkYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EpMvOx2TZdW4LcejQfMoyZqQRQj
8YJuBVM6zsA99dP04zQQIMXXWs6Z2wRdg/j4N4iYNZ/KjtbdjkmiFjrRcVy3WpGu
GyzzMh8FdvBq2g6AGzuzrgD3vlL84eEfzOPqB/DWtjrc1f2yRnINhWU9G4jNgAq9
o6hfsEo0bIyQrM9aq3mbPi5YyOn88yc9ctoaVZMNpa32QaHlucYY2JLlw4u1+tTe
7pwNC1s10K71GShpiq1oxjSk+uBfO7lf7lixrwPV/SVa8fwi6BmxIHDkEYgKXc7i
TVoOTy8bejdeCdT/1DIIQp7RSBNshtxkEXUadYM1UsMZKxCpJpgzYO5CawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtmcVVbHTHxsvz6NvzoZ2cO3txDMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvVzJaeFZWc2RNZkd5X1BvMl9PaG5adzdlM0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwdtjMA0G
CSqGSIb3DQEBCwUAA4IBAQALDt9RtdADqA5d0I4N5Esi5c5S/c7lGg4KMq31s5Nm
fpShhXCtceDJiYi44JOI1UqSNdyrRAb56rTO3M8A1mUx9kUicR90JgjjnUyVDLM5
DlUpC/R7wpavzbp1K06o9gNiBnkz2FcH5Ny7iH+WvAY5M//yFycUHACgueNV2+nK
bSIlsW0tT8TsWTCEhiOhP2bWM2sAmAEPfoJLnrtttQBMuTke7efSmIf4/FgnwIJN
R/2y+3VwWeM7vVRnWh3xkfnYaue6qj9ln78MZt2bkCA2vm+q6TU/wUlktfUtz0Dn
jPgswixOuviG2yK0kh62fwmPn4MvzLV7UXj5nhJuj6XI
-----END CERTIFICATE-----