Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/uX0rJuUemiIbWgTxoEitLGA3eRQ.roa
File:                     uX0rJuUemiIbWgTxoEitLGA3eRQ.roa (raw, json)
Hash identifier:          TA4bYLr6g2j53xWczSxMGXxzamOhyu3bg8/a+A2pZd0=
Subject key identifier:   B9:7D:2B:26:E5:1E:9A:22:1B:5A:04:F1:A0:48:AD:2C:60:37:79:14
Certificate issuer:       /CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
Certificate serial:       019A31BD079F8E05EDB94E196618FD044B16
Authority key identifier: 8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/uX0rJuUemiIbWgTxoEitLGA3eRQ.roa
Signing time:             Wed 29 Oct 2025 20:51:03 +0000
ROA not before:           Wed 29 Oct 2025 20:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        46.16.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 23:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:31:bd:07:9f:8e:05:ed:b9:4e:19:66:18:fd:04:4b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
        Validity
            Not Before: Oct 29 20:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b97d2b26e51e9a221b5a04f1a048ad2c60377914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9d:f4:e3:9f:33:d2:18:6b:7b:30:a8:c4:ca:
                    37:22:fb:5f:eb:4d:55:38:4d:ae:9f:1b:93:86:75:
                    5b:a9:3b:bb:92:14:89:e0:b0:a6:0f:c8:a1:69:6f:
                    3e:20:70:97:3f:5c:96:24:ea:b1:39:d3:f7:50:24:
                    a6:83:12:ad:57:d0:97:dc:7a:dc:ea:a5:c1:17:f8:
                    97:61:98:7f:a4:34:9e:1d:eb:13:5c:5f:88:27:74:
                    27:c6:91:8b:87:4f:1d:e5:39:0d:91:c3:ff:b9:b5:
                    db:07:44:52:5c:26:df:2e:51:aa:c2:19:a6:b8:9a:
                    2d:b2:b1:94:cf:4f:f8:d5:31:51:3c:3b:69:4c:68:
                    ae:54:3f:5e:03:d4:61:24:bf:a1:23:47:ad:40:3e:
                    bc:73:04:73:bb:9b:90:61:b0:e1:fd:95:04:76:76:
                    65:f6:4f:51:1d:b3:a2:45:85:30:89:06:9d:b9:79:
                    00:8f:21:69:b3:94:14:0c:20:ef:0b:71:85:75:fa:
                    c9:85:79:6c:88:95:7e:f5:b4:40:d3:8c:de:99:4e:
                    76:66:d0:d8:dc:0a:71:41:d4:54:36:d2:9d:ad:62:
                    e2:f9:fa:21:bd:81:8b:84:06:19:4e:f7:c1:a6:9e:
                    f6:e6:5c:9b:47:26:34:ac:8c:f9:ee:5d:80:e6:76:
                    bc:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:7D:2B:26:E5:1E:9A:22:1B:5A:04:F1:A0:48:AD:2C:60:37:79:14
            X509v3 Authority Key Identifier:
                keyid:8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/uX0rJuUemiIbWgTxoEitLGA3eRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:4d:7e:4a:3c:de:ba:98:36:9c:e1:2f:3c:c2:cf:78:f4:a9:
         f2:5f:90:2b:ab:ad:2b:c4:ef:60:9f:e6:23:27:28:b9:7b:03:
         0c:c1:0e:62:fe:a0:d2:cb:0d:36:ff:33:3a:f0:43:b4:3c:1f:
         a3:70:d0:60:14:d4:b7:ec:3b:c1:20:99:02:a5:05:4c:e6:e5:
         ef:0a:ab:18:a6:41:49:81:2a:d0:08:85:38:70:56:5a:56:26:
         97:b6:05:66:40:2d:e8:53:3d:ba:7a:ae:e4:ec:9f:36:1e:cf:
         e9:4e:0d:9e:02:99:70:99:cc:9e:f1:03:5c:ae:7d:71:2a:47:
         17:d5:9e:3c:3d:46:6c:96:a2:14:50:13:40:b2:b4:ef:99:8a:
         85:99:5e:66:df:89:29:86:ff:38:71:b0:c2:cb:a4:e4:0f:fc:
         e9:3b:d6:a0:59:c3:20:54:eb:8a:2b:9e:04:9c:7a:8d:49:8f:
         3e:9b:84:fa:c0:ea:e6:38:4e:b2:77:46:54:d0:5f:5d:5b:06:
         dd:99:ed:e3:5e:a3:2e:b3:5a:5b:20:c5:4c:55:4b:1d:d0:62:
         dc:27:97:41:db:03:cc:25:32:14:86:d2:62:0c:09:ac:93:f0:
         c4:24:9e:52:42:ae:7a:dc:0b:d6:a6:2b:78:d7:a3:47:f1:e4:
         ee:17:d8:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoxvQefjgXtuU4ZZhj9BEsWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjk4ZDYzOTcwYWIwM2NkZmJmNTE0ZmEwZThlZDIxMzEw
OTg1ZjEwHhcNMjUxMDI5MjA1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTdkMmIyNmU1MWU5YTIyMWI1YTA0ZjFhMDQ4YWQyYzYwMzc3OTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZ30458z0hhrezCoxMo3Ivtf601V
OE2unxuThnVbqTu7khSJ4LCmD8ihaW8+IHCXP1yWJOqxOdP3UCSmgxKtV9CX3Hrc
6qXBF/iXYZh/pDSeHesTXF+IJ3QnxpGLh08d5TkNkcP/ubXbB0RSXCbfLlGqwhmm
uJotsrGUz0/41TFRPDtpTGiuVD9eA9RhJL+hI0etQD68cwRzu5uQYbDh/ZUEdnZl
9k9RHbOiRYUwiQaduXkAjyFps5QUDCDvC3GFdfrJhXlsiJV+9bRA04zemU52ZtDY
3ApxQdRUNtKdrWLi+fohvYGLhAYZTvfBpp725lybRyY0rIz57l2A5na8QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLl9KyblHpoiG1oE8aBIrSxgN3kUMB8GA1UdIwQY
MBaAFI0pjWOXCrA8379RT6Do7SExCYXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDIt
NDk0NzEzYTk5NjNhLzEvdVgwckp1VWVtaUliV2dUeG9FaXRMR0EzZVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDItNDk0NzEzYTk5NjNh
LzEvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhCjMA0G
CSqGSIb3DQEBCwUAA4IBAQAXTX5KPN66mDac4S88ws949KnyX5Arq60rxO9gn+Yj
Jyi5ewMMwQ5i/qDSyw02/zM68EO0PB+jcNBgFNS37DvBIJkCpQVM5uXvCqsYpkFJ
gSrQCIU4cFZaViaXtgVmQC3oUz26eq7k7J82Hs/pTg2eAplwmcye8QNcrn1xKkcX
1Z48PUZslqIUUBNAsrTvmYqFmV5m34kphv84cbDCy6TkD/zpO9agWcMgVOuKK54E
nHqNSY8+m4T6wOrmOE6yd0ZU0F9dWwbdme3jXqMus1pbIMVMVUsd0GLcJ5dB2wPM
JTIUhtJiDAmsk/DEJJ5SQq563AvWpit416NH8eTuF9h7
-----END CERTIFICATE-----