Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/r72MZC6TP9HFp69hVblH2z8aLDw.roa
File:                     r72MZC6TP9HFp69hVblH2z8aLDw.roa (raw, json)
Hash identifier:          60a58tQ14AuL0odo9HIWNyGRLIp51J3Om0fY3oCEnBg=
Subject key identifier:   AF:BD:8C:64:2E:93:3F:D1:C5:A7:AF:61:55:B9:47:DB:3F:1A:2C:3C
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0197F42B04E9DDFAB10A05B85A3D77FA4C84
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/r72MZC6TP9HFp69hVblH2z8aLDw.roa
Signing time:             Thu 10 Jul 2025 11:49:09 +0000
ROA not before:           Thu 10 Jul 2025 11:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39900
IP address blocks:        95.164.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:2b:04:e9:dd:fa:b1:0a:05:b8:5a:3d:77:fa:4c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jul 10 11:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afbd8c642e933fd1c5a7af6155b947db3f1a2c3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:0b:0f:27:65:02:7b:d9:99:2b:57:19:e1:aa:
                    59:76:bb:38:e4:28:14:f5:03:94:46:6b:63:a3:fc:
                    45:c4:78:b0:57:ed:19:27:fd:49:c0:d9:da:f5:78:
                    0a:cc:74:00:93:cd:bd:17:21:56:77:89:1a:ae:3d:
                    94:cb:c8:2a:82:5a:f3:8d:21:49:67:d6:e8:34:c9:
                    9a:93:09:94:de:0f:3e:74:1f:fb:68:d4:83:fa:0c:
                    9d:f6:d7:04:67:a1:39:61:d3:3b:e5:6a:82:62:0c:
                    48:5e:0d:fd:b8:50:8b:1d:00:29:e7:9f:44:ec:b8:
                    38:aa:5e:96:24:cd:19:22:d1:cf:9b:52:ce:96:01:
                    c8:47:91:c6:c4:ee:a6:eb:1b:75:82:af:18:12:d3:
                    62:fc:bc:dc:01:f8:ca:ff:d4:e9:e5:22:79:cd:90:
                    89:ad:e3:1a:1b:46:53:5c:71:44:5b:5f:fe:18:ce:
                    b5:69:79:62:ff:ba:f5:92:f3:ea:bc:3f:13:1d:bb:
                    46:95:d2:bd:8f:b3:12:dd:6e:a0:4b:02:49:62:43:
                    d4:75:20:7c:59:8f:93:d9:dc:f2:0e:87:e9:35:e7:
                    0d:ac:92:be:4e:65:52:b9:be:ee:4c:6e:a2:39:2f:
                    22:20:fc:d0:7e:d2:51:c4:6b:d9:f9:b3:71:b1:0d:
                    01:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:BD:8C:64:2E:93:3F:D1:C5:A7:AF:61:55:B9:47:DB:3F:1A:2C:3C
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/r72MZC6TP9HFp69hVblH2z8aLDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:a0:5f:aa:ce:3d:80:e9:f1:c6:3b:8d:e4:e8:98:b8:1b:86:
         db:d4:c6:d6:4d:ae:ff:41:48:02:a5:ae:db:08:5c:c2:13:92:
         0f:8b:05:13:b5:e4:5d:1a:93:f5:3d:a3:04:20:66:21:68:4f:
         0f:c6:3e:3b:a1:98:3c:df:51:00:14:75:c2:42:f4:bb:f0:b7:
         0b:bc:e6:21:04:eb:49:aa:9f:8b:cc:72:af:2f:fd:e9:16:37:
         a6:6f:bf:95:44:e5:6f:1b:9a:16:3c:17:4c:1a:a9:90:c0:d6:
         43:17:31:b0:fd:22:60:35:58:35:54:56:fa:36:5a:07:89:ea:
         85:75:17:8b:90:0c:a4:4c:4a:70:96:cd:9b:da:3c:cf:88:5e:
         c6:68:95:e8:f8:8c:b6:78:0f:1c:ea:5b:cb:b2:c7:77:48:b0:
         71:5f:82:8f:c6:5c:f3:1c:d9:41:bc:cd:c2:e0:86:55:71:29:
         c2:d7:bf:6e:47:17:09:94:c5:69:7d:31:e8:8c:0f:52:df:5b:
         c6:71:07:fc:c8:6e:56:6f:ea:bb:23:ca:1f:80:b7:40:58:11:
         66:b0:79:b1:bb:b1:e5:bb:03:e5:9f:9e:8c:27:ee:a2:d0:55:
         a8:dd:9b:5a:a2:77:51:ec:b8:76:81:df:63:5e:65:07:e2:de:
         e2:8f:a6:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf0KwTp3fqxCgW4Wj13+kyEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzEwMTE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmJkOGM2NDJlOTMzZmQxYzVhN2FmNjE1NWI5NDdkYjNmMWEyYzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QsPJ2UCe9mZK1cZ4apZdrs45CgU
9QOURmtjo/xFxHiwV+0ZJ/1JwNna9XgKzHQAk829FyFWd4karj2Uy8gqglrzjSFJ
Z9boNMmakwmU3g8+dB/7aNSD+gyd9tcEZ6E5YdM75WqCYgxIXg39uFCLHQAp559E
7Lg4ql6WJM0ZItHPm1LOlgHIR5HGxO6m6xt1gq8YEtNi/LzcAfjK/9Tp5SJ5zZCJ
reMaG0ZTXHFEW1/+GM61aXli/7r1kvPqvD8THbtGldK9j7MS3W6gSwJJYkPUdSB8
WY+T2dzyDofpNecNrJK+TmVSub7uTG6iOS8iIPzQftJRxGvZ+bNxsQ0BiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+9jGQukz/RxaevYVW5R9s/Giw8MB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvcjcyTVpDNlRQOUhGcDY5aFZibEgyejhhTER3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6RbMA0G
CSqGSIb3DQEBCwUAA4IBAQAdoF+qzj2A6fHGO43k6Ji4G4bb1MbWTa7/QUgCpa7b
CFzCE5IPiwUTteRdGpP1PaMEIGYhaE8Pxj47oZg831EAFHXCQvS78LcLvOYhBOtJ
qp+LzHKvL/3pFjemb7+VROVvG5oWPBdMGqmQwNZDFzGw/SJgNVg1VFb6NloHieqF
dReLkAykTEpwls2b2jzPiF7GaJXo+Iy2eA8c6lvLssd3SLBxX4KPxlzzHNlBvM3C
4IZVcSnC179uRxcJlMVpfTHojA9S31vGcQf8yG5Wb+q7I8ofgLdAWBFmsHmxu7Hl
uwPln56MJ+6i0FWo3ZtaondR7Lh2gd9jXmUH4t7ij6Z5
-----END CERTIFICATE-----