Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/3b4cde-1aa6-4e88-9a3c-1ca9c262ce73/1/1-O-D5pri3mmR8booyMgtZ5-BGW4.roa
File:                     1-O-D5pri3mmR8booyMgtZ5-BGW4.roa (raw, json)
Hash identifier:          jb6YU5fT/HqK2xKc/LbLrArBSelpTLeT7YITNpvV0to=
Subject key identifier:   F8:EF:83:E6:9A:E2:DE:69:91:F1:BA:28:C8:C8:2D:67:9F:81:19:6E
Certificate issuer:       /CN=2594a8b3d75c5b220ed99cf2e72004f6ec11aa97
Certificate serial:       019A3B2A5BDBE7C391611A84D5CBB8D22833
Authority key identifier: 25:94:A8:B3:D7:5C:5B:22:0E:D9:9C:F2:E7:20:04:F6:EC:11:AA:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JZSos9dcWyIO2Zzy5yAE9uwRqpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/3b4cde-1aa6-4e88-9a3c-1ca9c262ce73/1/1-O-D5pri3mmR8booyMgtZ5-BGW4.roa
Signing time:             Fri 31 Oct 2025 16:47:03 +0000
ROA not before:           Fri 31 Oct 2025 16:47:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214399
IP address blocks:        194.39.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/3b4cde-1aa6-4e88-9a3c-1ca9c262ce73/1/JZSos9dcWyIO2Zzy5yAE9uwRqpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/3b4cde-1aa6-4e88-9a3c-1ca9c262ce73/1/JZSos9dcWyIO2Zzy5yAE9uwRqpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JZSos9dcWyIO2Zzy5yAE9uwRqpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3b:2a:5b:db:e7:c3:91:61:1a:84:d5:cb:b8:d2:28:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2594a8b3d75c5b220ed99cf2e72004f6ec11aa97
        Validity
            Not Before: Oct 31 16:47:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8ef83e69ae2de6991f1ba28c8c82d679f81196e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:bf:b4:88:20:a0:f0:fa:de:a8:f5:73:f3:26:
                    55:49:86:ca:c3:ca:1f:1e:eb:dd:16:62:19:4e:b9:
                    a3:7b:69:e4:fe:8b:bb:0a:6f:36:d5:b9:2e:d4:0c:
                    92:fc:5b:18:30:8d:dc:1a:3b:b8:a3:04:a2:55:ed:
                    e0:29:cf:cb:6f:a8:2a:eb:ca:07:33:f6:7b:c3:8b:
                    79:03:fb:9e:09:53:63:49:bd:8f:5e:46:94:eb:c1:
                    39:19:ce:30:42:97:81:17:ad:40:89:a4:18:db:95:
                    ab:78:d8:78:96:1d:55:54:3f:85:c7:be:9c:a0:c5:
                    b8:26:b2:7e:b2:ef:ee:5c:e8:5b:55:2d:42:14:50:
                    03:c9:fa:ec:49:70:30:f7:92:98:22:63:ba:37:5a:
                    5e:24:52:ac:98:35:9a:51:48:f0:39:e2:ac:af:5d:
                    88:f9:ac:7c:5f:87:9a:ad:44:ec:40:9b:0e:8e:31:
                    d7:5b:62:ef:70:c9:cf:c3:08:02:8f:46:4b:44:97:
                    61:ee:1e:69:f6:8e:c5:cc:22:3e:18:30:74:4e:5a:
                    fb:2d:85:e6:59:1d:0e:78:79:4d:b3:9b:e1:97:41:
                    b9:cf:cf:04:d0:f5:9e:25:71:c2:6c:77:85:7c:a9:
                    3a:4b:78:dd:13:2c:cb:8a:5a:a7:5d:d7:89:b5:a7:
                    b6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:EF:83:E6:9A:E2:DE:69:91:F1:BA:28:C8:C8:2D:67:9F:81:19:6E
            X509v3 Authority Key Identifier:
                keyid:25:94:A8:B3:D7:5C:5B:22:0E:D9:9C:F2:E7:20:04:F6:EC:11:AA:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JZSos9dcWyIO2Zzy5yAE9uwRqpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3b4cde-1aa6-4e88-9a3c-1ca9c262ce73/1/1-O-D5pri3mmR8booyMgtZ5-BGW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3b4cde-1aa6-4e88-9a3c-1ca9c262ce73/1/JZSos9dcWyIO2Zzy5yAE9uwRqpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:5d:b5:54:f0:5a:4b:25:64:03:aa:0c:83:37:06:be:a5:f1:
         2b:4c:b6:cc:3c:41:39:26:cc:a4:40:3e:0d:c8:07:6a:6d:cb:
         37:ad:c1:13:f7:80:58:b8:cd:9e:df:ed:8f:f8:d6:da:65:b4:
         7a:bc:bb:97:45:6b:66:a1:08:57:3a:fb:52:5f:4e:09:08:a8:
         25:a5:67:b5:33:30:c0:be:c8:9e:14:78:14:c8:e7:9f:dc:72:
         62:2d:34:0d:01:53:47:84:58:14:b6:8d:d6:3d:f5:2e:d0:49:
         3b:6b:94:4e:d7:8a:3b:10:e2:dd:72:4c:93:a9:33:f5:c1:94:
         5b:b3:83:2a:33:96:87:00:10:40:38:9e:fd:69:f3:12:2e:0d:
         64:b4:de:cb:f5:b2:0b:c2:4a:6d:9d:e2:38:4d:e8:86:40:9a:
         d4:e1:0d:ad:ec:d9:03:28:40:52:68:bb:60:dd:e1:64:4e:6f:
         88:5a:42:6f:9d:1a:18:53:ca:67:f8:52:83:75:66:ac:62:16:
         59:46:9d:da:c0:81:5b:c4:a7:9f:a6:56:26:c8:50:86:3c:c4:
         c6:5a:e2:fc:7f:98:fd:fa:7a:fd:09:3c:5c:aa:27:7e:cb:2b:
         ca:68:bc:e0:55:b6:4b:f7:16:c7:37:70:5b:da:29:d5:cf:19:
         af:f3:2d:50
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZo7Klvb58ORYRqE1cu40igzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OTRhOGIzZDc1YzViMjIwZWQ5OWNmMmU3MjAwNGY2ZWMx
MWFhOTcwHhcNMjUxMDMxMTY0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGVmODNlNjlhZTJkZTY5OTFmMWJhMjhjOGM4MmQ2NzlmODExOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnr+0iCCg8PreqPVz8yZVSYbKw8of
HuvdFmIZTrmje2nk/ou7Cm821bku1AyS/FsYMI3cGju4owSiVe3gKc/Lb6gq68oH
M/Z7w4t5A/ueCVNjSb2PXkaU68E5Gc4wQpeBF61AiaQY25WreNh4lh1VVD+Fx76c
oMW4JrJ+su/uXOhbVS1CFFADyfrsSXAw95KYImO6N1peJFKsmDWaUUjwOeKsr12I
+ax8X4earUTsQJsOjjHXW2LvcMnPwwgCj0ZLRJdh7h5p9o7FzCI+GDB0Tlr7LYXm
WR0OeHlNs5vhl0G5z88E0PWeJXHCbHeFfKk6S3jdEyzLilqnXdeJtae2GQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjvg+aa4t5pkfG6KMjILWefgRluMB8GA1UdIwQY
MBaAFCWUqLPXXFsiDtmc8ucgBPbsEaqXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlpTb3M5ZGNXeUlPMlp6eTV5QUU5dXdScXBjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zYjRjZGUtMWFhNi00ZTg4LTlhM2Mt
MWNhOWMyNjJjZTczLzEvMS1PLUQ1cHJpM21tUjhib295TWd0WjUtQkdXNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzgvM2I0Y2RlLTFhYTYtNGU4OC05YTNjLTFjYTljMjYyY2U3
My8xL0paU29zOWRjV3lJTzJaenk1eUFFOXV3UnFwYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIn/jAN
BgkqhkiG9w0BAQsFAAOCAQEAcl21VPBaSyVkA6oMgzcGvqXxK0y2zDxBOSbMpEA+
DcgHam3LN63BE/eAWLjNnt/tj/jW2mW0ery7l0VrZqEIVzr7Ul9OCQioJaVntTMw
wL7InhR4FMjnn9xyYi00DQFTR4RYFLaN1j31LtBJO2uUTteKOxDi3XJMk6kz9cGU
W7ODKjOWhwAQQDie/WnzEi4NZLTey/WyC8JKbZ3iOE3ohkCa1OENrezZAyhAUmi7
YN3hZE5viFpCb50aGFPKZ/hSg3VmrGIWWUad2sCBW8Snn6ZWJshQhjzExlri/H+Y
/fp6/Qk8XKonfssrymi84FW2S/cWxzdwW9op1c8Zr/MtUA==
-----END CERTIFICATE-----