Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/hpCn5YgkoISZssldfSKJUQ9hcB8.roa
File:                     hpCn5YgkoISZssldfSKJUQ9hcB8.roa (raw, json)
Hash identifier:          NFKy4ILdLZOJr7PftDbVM13Y5JodycHeSbp9qlBOIxw=
Subject key identifier:   86:90:A7:E5:88:24:A0:84:99:B2:C9:5D:7D:22:89:51:0F:61:70:1F
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019937D9A945D1C984071F491116D87CE268
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/hpCn5YgkoISZssldfSKJUQ9hcB8.roa
Signing time:             Thu 11 Sep 2025 08:17:15 +0000
ROA not before:           Thu 11 Sep 2025 08:17:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205899
IP address blocks:        185.113.10.0/24 maxlen: 24
                          195.254.165.0/24 maxlen: 24
                          2a05:9080:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 13:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:37:d9:a9:45:d1:c9:84:07:1f:49:11:16:d8:7c:e2:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Sep 11 08:17:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8690a7e58824a08499b2c95d7d2289510f61701f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d4:95:e9:e6:7c:22:da:9c:97:ed:58:79:69:
                    8e:3f:2d:1d:02:22:7d:51:82:c6:9b:4c:ab:8b:99:
                    cd:bb:6f:e0:9c:b6:1a:1f:9a:d2:82:ff:0e:0c:d8:
                    dc:d8:9d:92:90:fd:fc:08:47:4e:7c:d1:3b:85:bf:
                    ec:00:41:cc:61:7b:c8:9f:b6:af:0b:fb:ab:b6:91:
                    c2:19:9c:ec:b2:57:2d:c8:b0:e1:4f:16:27:89:bf:
                    95:0d:6b:c7:47:11:1b:62:f0:65:26:55:b8:f8:d6:
                    97:6a:a5:06:3f:fc:5b:b9:b8:64:ff:40:cb:27:6a:
                    67:85:12:91:db:93:da:f5:1a:07:29:94:9b:f1:35:
                    91:ac:9a:d9:05:5a:63:86:98:fd:37:fe:21:77:d2:
                    24:43:8c:b5:3f:21:4a:4a:80:48:3f:7c:c5:c4:12:
                    b4:27:5a:8e:73:2c:8c:ef:11:d9:87:12:a3:c8:20:
                    42:9b:d5:ac:8c:db:f9:90:64:4a:d2:00:96:b3:96:
                    42:a4:cd:f8:18:14:a1:26:98:f2:ce:7e:a2:37:f3:
                    48:f2:68:00:8b:88:51:e2:ed:60:c8:31:7e:90:6d:
                    a0:5f:48:ce:62:7c:33:b5:63:d7:13:e5:08:ce:20:
                    88:2d:6e:10:e0:01:c6:da:de:c1:5f:71:23:7f:c2:
                    83:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:90:A7:E5:88:24:A0:84:99:B2:C9:5D:7D:22:89:51:0F:61:70:1F
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/hpCn5YgkoISZssldfSKJUQ9hcB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.10.0/24
                  195.254.165.0/24
                IPv6:
                  2a05:9080:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:68:75:5c:64:9c:8c:35:c9:0a:5a:fa:29:c1:15:ee:2b:21:
         05:99:58:bb:2b:f7:94:93:8b:b1:3b:62:9f:ff:98:00:da:c7:
         6e:3a:02:47:f2:33:b2:fc:ea:e9:ff:54:db:62:32:8c:ac:50:
         81:54:3e:d4:a4:e1:67:bc:01:46:35:81:36:21:46:c5:59:2c:
         8c:69:fb:62:a4:fb:18:63:d8:ec:17:25:de:61:09:f0:6e:4e:
         5f:1a:0d:24:7c:7e:6b:b3:43:62:44:f7:71:36:c0:bd:39:0e:
         cb:39:11:75:0a:c0:76:dc:3b:91:ef:ed:b9:52:6f:c9:00:bd:
         bb:bc:92:37:c0:8c:6c:89:2e:79:2d:20:45:46:c8:bf:d1:11:
         11:c6:fd:d4:9c:8d:29:16:39:35:8a:16:70:38:94:69:19:8b:
         92:ad:6e:d9:e1:5b:29:28:81:c8:d2:ae:28:94:9a:7d:49:4c:
         6d:56:4d:da:8e:a3:6e:ab:59:58:ca:50:3a:7d:a0:0c:24:44:
         d9:95:4e:66:7b:a2:67:f2:52:32:b4:a7:49:7e:63:6f:f7:78:
         73:e2:53:f6:bf:97:4e:25:9d:5f:29:c0:49:86:f8:97:36:f4:
         b6:ef:51:68:ff:d0:a1:82:f2:c5:56:f7:e6:d3:86:16:2c:7e:
         bf:d2:c1:24
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZk32alF0cmEBx9JERbYfOJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwOTExMDgxNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjkwYTdlNTg4MjRhMDg0OTliMmM5NWQ3ZDIyODk1MTBmNjE3MDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdSV6eZ8Itqcl+1YeWmOPy0dAiJ9
UYLGm0yri5nNu2/gnLYaH5rSgv8ODNjc2J2SkP38CEdOfNE7hb/sAEHMYXvIn7av
C/urtpHCGZzsslctyLDhTxYnib+VDWvHRxEbYvBlJlW4+NaXaqUGP/xbubhk/0DL
J2pnhRKR25Pa9RoHKZSb8TWRrJrZBVpjhpj9N/4hd9IkQ4y1PyFKSoBIP3zFxBK0
J1qOcyyM7xHZhxKjyCBCm9WsjNv5kGRK0gCWs5ZCpM34GBShJpjyzn6iN/NI8mgA
i4hR4u1gyDF+kG2gX0jOYnwztWPXE+UIziCILW4Q4AHG2t7BX3Ejf8KDVwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIaQp+WIJKCEmbLJXX0iiVEPYXAfMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvaHBDbjVZZ2tvSVNac3NsZGZTS0pVUTloY0I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAuXEKAwQA
w/6lMA8EAgACMAkDBwAqBZCAAAUwDQYJKoZIhvcNAQELBQADggEBAAFodVxknIw1
yQpa+inBFe4rIQWZWLsr95STi7E7Yp//mADax246AkfyM7L86un/VNtiMoysUIFU
PtSk4We8AUY1gTYhRsVZLIxp+2Kk+xhj2OwXJd5hCfBuTl8aDSR8fmuzQ2JE93E2
wL05Dss5EXUKwHbcO5Hv7blSb8kAvbu8kjfAjGyJLnktIEVGyL/RERHG/dScjSkW
OTWKFnA4lGkZi5KtbtnhWykogcjSriiUmn1JTG1WTdqOo26rWVjKUDp9oAwkRNmV
TmZ7omfyUjK0p0l+Y2/3eHPiU/a/l04lnV8pwEmG+Jc29LbvUWj/0KGC8sVW9+bT
hhYsfr/SwSQ=
-----END CERTIFICATE-----