Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/sMeA9xl8ZUuMKTOiIPGJ4CDhuVU.roa
File:                     sMeA9xl8ZUuMKTOiIPGJ4CDhuVU.roa (raw, json)
Hash identifier:          die5Hli6P/WXh1sfkmGYgfVjSONOwz0N0yrCW9dYC6M=
Subject key identifier:   B0:C7:80:F7:19:7C:65:4B:8C:29:33:A2:20:F1:89:E0:20:E1:B9:55
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       0198F4D84EB54796448B8AA67BBCC2825416
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/sMeA9xl8ZUuMKTOiIPGJ4CDhuVU.roa
Signing time:             Fri 29 Aug 2025 08:01:13 +0000
ROA not before:           Fri 29 Aug 2025 08:01:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     996
IP address blocks:        81.22.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f4:d8:4e:b5:47:96:44:8b:8a:a6:7b:bc:c2:82:54:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Aug 29 08:01:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0c780f7197c654b8c2933a220f189e020e1b955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2b:ff:a3:27:17:b9:c2:ba:e3:f6:72:7d:a1:
                    7b:fa:25:7c:5d:77:6a:22:fa:cf:9d:03:2c:1a:12:
                    36:75:b7:c3:9e:4c:7f:06:43:7a:17:36:bd:fe:24:
                    8c:5e:e7:0a:db:39:70:88:38:49:b7:fc:a6:e6:3c:
                    5e:10:be:12:4e:b4:34:e7:5d:2c:cd:9b:e0:72:da:
                    37:e1:cc:94:42:52:95:3c:71:46:28:bb:eb:31:e4:
                    ee:83:c9:f4:45:01:4d:ce:4e:08:3c:0d:c8:c4:1c:
                    60:29:9c:4a:26:6d:19:fa:96:d2:ea:81:6d:11:d6:
                    da:5b:40:3d:42:11:d0:0b:e6:9e:49:ad:d8:c3:96:
                    28:6c:19:dc:27:2f:3c:8c:76:04:10:0c:df:88:e9:
                    d5:7b:6c:6a:9f:ca:39:77:e6:cd:bd:10:a8:fe:73:
                    2e:d4:a2:b2:73:42:b4:a7:24:cb:f3:cb:56:f4:15:
                    16:c6:fd:26:a4:e2:47:62:1a:79:b6:32:00:76:60:
                    7d:49:4f:5b:61:56:81:86:99:1c:a4:2b:8b:63:ab:
                    db:b1:00:9c:b1:b2:34:52:93:5f:d6:1c:7b:cd:92:
                    54:7a:2a:f5:f5:28:d8:f6:2d:03:51:7f:b0:ef:d4:
                    b6:21:ca:e0:00:c9:a5:31:2a:f2:b3:bd:4e:aa:8f:
                    1d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C7:80:F7:19:7C:65:4B:8C:29:33:A2:20:F1:89:E0:20:E1:B9:55
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/sMeA9xl8ZUuMKTOiIPGJ4CDhuVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:b4:fe:29:2b:b9:99:75:97:61:d1:7c:be:d6:17:b5:8b:a1:
         46:ce:43:d2:04:27:80:db:2a:8c:76:e1:9d:3f:eb:71:a2:35:
         2b:f1:0c:1c:d8:bc:44:7f:dd:50:1d:64:0e:2d:df:ca:6f:e5:
         2c:29:ba:67:56:aa:79:54:78:8e:33:9c:39:30:66:be:1e:f1:
         e9:cb:f3:96:71:a0:1c:0e:01:f4:94:57:9a:8a:04:3f:89:0a:
         6f:82:6f:c5:63:fe:d1:20:0c:06:42:3d:e1:69:47:03:49:0a:
         d0:47:5f:4f:c7:2f:15:4a:97:83:0c:ff:d1:77:d0:84:a8:ce:
         bb:94:56:40:42:9b:c0:ad:34:fc:24:48:01:e2:a9:f0:93:3b:
         0f:ce:cb:99:7b:98:2a:17:12:c5:04:9f:37:78:21:94:1a:04:
         9e:43:c2:ef:a1:86:eb:66:e1:a5:2b:89:ac:a0:2e:c9:9f:84:
         43:14:09:fa:bc:04:2e:83:7c:61:ed:6d:57:86:2b:cc:67:d3:
         99:55:85:46:08:c5:eb:72:0a:d1:59:d7:63:47:84:68:61:fb:
         23:07:40:59:3d:c2:35:86:18:17:cd:12:1a:e8:57:2a:0e:ec:
         3b:43:31:fe:b9:1f:7f:5c:95:ff:32:d2:d6:80:f1:79:81:b9:
         12:23:f0:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj02E61R5ZEi4qme7zCglQWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwODI5MDgwMTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGM3ODBmNzE5N2M2NTRiOGMyOTMzYTIyMGYxODllMDIwZTFiOTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSv/oycXucK64/ZyfaF7+iV8XXdq
IvrPnQMsGhI2dbfDnkx/BkN6Fza9/iSMXucK2zlwiDhJt/ym5jxeEL4STrQ0510s
zZvgcto34cyUQlKVPHFGKLvrMeTug8n0RQFNzk4IPA3IxBxgKZxKJm0Z+pbS6oFt
EdbaW0A9QhHQC+aeSa3Yw5YobBncJy88jHYEEAzfiOnVe2xqn8o5d+bNvRCo/nMu
1KKyc0K0pyTL88tW9BUWxv0mpOJHYhp5tjIAdmB9SU9bYVaBhpkcpCuLY6vbsQCc
sbI0UpNf1hx7zZJUeir19SjY9i0DUX+w79S2IcrgAMmlMSrys71Oqo8dYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDHgPcZfGVLjCkzoiDxieAg4blVMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvc01lQTl4bDhaVXVNS1RPaUlQR0o0Q0RodVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaDMA0G
CSqGSIb3DQEBCwUAA4IBAQBhtP4pK7mZdZdh0Xy+1he1i6FGzkPSBCeA2yqMduGd
P+txojUr8Qwc2LxEf91QHWQOLd/Kb+UsKbpnVqp5VHiOM5w5MGa+HvHpy/OWcaAc
DgH0lFeaigQ/iQpvgm/FY/7RIAwGQj3haUcDSQrQR19Pxy8VSpeDDP/Rd9CEqM67
lFZAQpvArTT8JEgB4qnwkzsPzsuZe5gqFxLFBJ83eCGUGgSeQ8LvoYbrZuGlK4ms
oC7Jn4RDFAn6vAQug3xh7W1XhivMZ9OZVYVGCMXrcgrRWddjR4RoYfsjB0BZPcI1
hhgXzRIa6FcqDuw7QzH+uR9/XJX/MtLWgPF5gbkSI/B1
-----END CERTIFICATE-----