Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/Y8kVBgTTg77JqceZAx8eeOkuigc.roa
File:                     Y8kVBgTTg77JqceZAx8eeOkuigc.roa (raw, json)
Hash identifier:          IFdbCND0Hr2WHlrHfsppyOn82/Cdt+j+/f3Y4nRrJM0=
Subject key identifier:   63:C9:15:06:04:D3:83:BE:C9:A9:C7:99:03:1F:1E:78:E9:2E:8A:07
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0197F42B04ADEFA2F703DD8B2FD8304F0742
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/Y8kVBgTTg77JqceZAx8eeOkuigc.roa
Signing time:             Thu 10 Jul 2025 11:49:09 +0000
ROA not before:           Thu 10 Jul 2025 11:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39249
IP address blocks:        95.164.71.0/24 maxlen: 24
                          195.149.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 11:55:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:2b:04:ad:ef:a2:f7:03:dd:8b:2f:d8:30:4f:07:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jul 10 11:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63c9150604d383bec9a9c799031f1e78e92e8a07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:94:96:fb:94:2b:99:5b:62:ba:55:4f:38:28:
                    1a:11:ce:94:32:e3:ba:94:e1:84:02:31:97:42:39:
                    2f:b5:f7:9f:b5:6f:28:fa:0d:5b:df:23:e9:47:ec:
                    53:4d:0c:48:f3:f6:4c:13:40:63:dc:5a:d0:6a:1f:
                    9d:a6:25:e2:78:aa:20:e9:3e:89:ae:f1:28:9c:36:
                    73:56:a3:81:fb:87:15:59:9a:c1:76:46:0b:f3:e9:
                    96:c1:f5:41:6c:5b:cd:cf:bf:86:fd:2c:ab:32:35:
                    24:1a:33:6b:f8:91:fb:f8:67:1c:08:de:47:29:6d:
                    4b:e6:cd:e6:2b:4d:3f:ce:3d:cf:a1:8b:61:96:24:
                    84:b3:cc:f5:f6:4c:09:da:91:79:f8:8e:e5:f0:f1:
                    2b:40:2e:91:c5:5b:d9:68:e0:a8:5b:dd:c1:d5:58:
                    b0:ba:9c:bd:3e:d5:11:33:30:8e:ee:73:ca:a7:c7:
                    03:9e:76:ea:e9:64:3b:58:65:4c:77:20:48:79:2a:
                    99:b1:27:33:7f:00:ba:e5:56:b3:ee:33:19:2b:07:
                    18:b3:5d:b7:d4:47:a4:57:3c:c6:ad:13:63:a4:2a:
                    86:06:87:ff:59:28:13:b8:ee:16:e9:8b:12:f5:98:
                    5e:01:ab:c3:40:2c:51:1b:be:ee:b6:17:ce:cd:43:
                    dc:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C9:15:06:04:D3:83:BE:C9:A9:C7:99:03:1F:1E:78:E9:2E:8A:07
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/Y8kVBgTTg77JqceZAx8eeOkuigc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.71.0/24
                  195.149.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:0c:de:78:2c:65:36:14:d8:96:d3:eb:35:38:3e:a4:30:79:
         ff:f1:42:57:53:fa:70:6a:f8:0b:79:90:6d:d0:e0:cf:52:20:
         c7:ef:ca:cd:1c:96:77:45:c9:5f:f4:bf:cb:0a:02:f5:a5:fb:
         dc:e6:1f:7c:08:df:8e:0c:87:68:83:7b:ec:c5:1f:bf:49:40:
         fe:b9:c9:5d:96:2d:d5:37:48:9e:33:89:23:bc:61:97:df:48:
         fa:3d:13:af:99:fc:34:d4:cc:c2:80:6b:af:b3:e3:de:df:c3:
         18:59:56:f4:40:5a:20:22:a8:77:9a:1e:fa:55:86:60:2a:0b:
         4a:cb:9e:a6:19:cc:8a:56:6f:c2:0b:37:7e:95:27:d8:e1:27:
         8b:80:b6:6f:25:30:e6:82:b2:56:70:ef:da:9a:a3:5f:49:c3:
         0f:26:6a:b1:1e:e7:81:aa:c3:1d:7a:84:31:0e:ef:a4:82:b0:
         74:e2:a2:e6:74:51:c8:f9:a8:d1:14:b9:0f:e6:35:03:fb:0e:
         68:b8:f2:ed:61:b7:ec:95:8f:f9:d0:26:c3:79:bf:1b:05:d1:
         fc:b8:b3:0b:77:9e:59:84:c1:1a:00:59:6c:80:91:dd:72:38:
         c7:a2:d9:24:35:67:34:2a:27:d7:75:d9:f5:67:4b:3a:17:3c:
         37:8a:ec:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZf0KwSt76L3A92LL9gwTwdCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzEwMTE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2M5MTUwNjA0ZDM4M2JlYzlhOWM3OTkwMzFmMWU3OGU5MmU4YTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZSW+5QrmVtiulVPOCgaEc6UMuO6
lOGEAjGXQjkvtfeftW8o+g1b3yPpR+xTTQxI8/ZME0Bj3FrQah+dpiXieKog6T6J
rvEonDZzVqOB+4cVWZrBdkYL8+mWwfVBbFvNz7+G/SyrMjUkGjNr+JH7+GccCN5H
KW1L5s3mK00/zj3PoYthliSEs8z19kwJ2pF5+I7l8PErQC6RxVvZaOCoW93B1Viw
upy9PtURMzCO7nPKp8cDnnbq6WQ7WGVMdyBIeSqZsSczfwC65Vaz7jMZKwcYs123
1EekVzzGrRNjpCqGBof/WSgTuO4W6YsS9ZheAavDQCxRG77uthfOzUPc3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGPJFQYE04O+yanHmQMfHnjpLooHMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvWThrVkJnVFRnNzdKcWNlWkF4OGVlT2t1aWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX6RHAwQA
w5VgMA0GCSqGSIb3DQEBCwUAA4IBAQCADN54LGU2FNiW0+s1OD6kMHn/8UJXU/pw
avgLeZBt0ODPUiDH78rNHJZ3Rclf9L/LCgL1pfvc5h98CN+ODIdog3vsxR+/SUD+
ucldli3VN0ieM4kjvGGX30j6PROvmfw01MzCgGuvs+Pe38MYWVb0QFogIqh3mh76
VYZgKgtKy56mGcyKVm/CCzd+lSfY4SeLgLZvJTDmgrJWcO/amqNfScMPJmqxHueB
qsMdeoQxDu+kgrB04qLmdFHI+ajRFLkP5jUD+w5ouPLtYbfslY/50CbDeb8bBdH8
uLMLd55ZhMEaAFlsgJHdcjjHotkkNWc0KifXddn1Z0s6Fzw3iuye
-----END CERTIFICATE-----