Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/av__NdNP1QUH7sc8kWyYXLfIYOI.roa
File:                     av__NdNP1QUH7sc8kWyYXLfIYOI.roa (raw, json)
Hash identifier:          2jJs6kCfkBBHYqS1sPlGnXp2/2u7ePPtdx/loFAD6Nw=
Subject key identifier:   6A:FF:FF:35:D3:4F:D5:05:07:EE:C7:3C:91:6C:98:5C:B7:C8:60:E2
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       0199907F8F423D6D2C67F0926430C2613CD8
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/av__NdNP1QUH7sc8kWyYXLfIYOI.roa
Signing time:             Sun 28 Sep 2025 13:25:02 +0000
ROA not before:           Sun 28 Sep 2025 13:25:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        193.43.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Oct 2025 20:35:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:90:7f:8f:42:3d:6d:2c:67:f0:92:64:30:c2:61:3c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Sep 28 13:25:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6affff35d34fd50507eec73c916c985cb7c860e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:68:12:d3:a6:84:e2:55:4f:b1:94:c2:61:9e:
                    c6:ca:58:9d:4d:51:b1:2c:52:73:7a:a2:bf:84:93:
                    5f:2b:99:b7:30:33:4d:73:70:dc:f2:5f:f7:45:8f:
                    48:8d:f8:d8:e0:3c:9a:d8:02:76:7b:cc:75:6b:da:
                    85:cd:61:43:77:ef:f7:4c:08:a1:df:81:07:74:13:
                    8f:31:17:97:03:95:2f:04:43:56:80:a7:fc:fe:b1:
                    99:46:3f:5b:a6:19:41:42:12:7f:e5:cc:93:c6:c0:
                    f4:54:32:e7:8e:2b:fd:72:25:b0:47:be:1e:cf:2a:
                    8b:75:de:26:a9:f7:70:0c:de:64:5d:ab:30:5b:dd:
                    ad:47:23:57:8c:3d:fb:77:11:72:9b:5f:c1:2c:a0:
                    35:9f:bf:b5:88:37:e0:ca:33:c1:45:66:56:85:df:
                    e0:86:7d:e8:59:70:9d:ba:5b:04:52:d5:a0:40:6d:
                    d3:79:ab:55:12:0a:63:24:c2:cc:06:a8:bf:5b:0a:
                    9a:a7:49:eb:c8:1c:38:83:37:be:a0:d7:39:f8:34:
                    db:89:11:e3:f7:57:eb:a7:5f:28:aa:27:20:1e:54:
                    82:b6:80:57:e2:ea:f0:31:3b:c3:24:2a:6c:b4:e0:
                    fd:7d:3c:31:28:d8:c3:08:b9:36:88:29:41:ea:a7:
                    6c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:FF:FF:35:D3:4F:D5:05:07:EE:C7:3C:91:6C:98:5C:B7:C8:60:E2
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/av__NdNP1QUH7sc8kWyYXLfIYOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:05:3d:8e:92:ce:fd:2e:7b:ab:9a:73:8d:9d:16:8f:62:44:
         d7:fe:1e:51:76:76:3d:85:03:81:52:7c:f8:18:b4:9f:41:59:
         eb:b1:ac:9e:80:99:48:a1:97:a1:85:74:40:3a:b1:35:e3:74:
         f0:a2:69:3c:56:25:76:38:14:20:51:79:a3:01:57:cd:f2:f8:
         67:e3:fb:4b:6c:ba:69:37:95:57:85:0e:05:03:1a:84:a9:11:
         2e:69:d1:06:4b:20:7d:49:2d:c1:40:8f:bc:10:5d:f8:5c:23:
         ca:17:42:a1:aa:56:ab:4d:21:76:7e:6f:50:ed:71:06:61:b4:
         ff:cb:e1:d3:2a:9e:e5:bf:f2:fd:37:17:80:11:a9:2c:85:60:
         ab:37:39:1a:63:f8:91:49:e0:3c:f0:0e:6b:38:34:ef:ab:e8:
         60:12:62:26:a3:24:b0:fc:9a:db:5b:22:f6:ec:94:5c:42:a8:
         37:94:7a:6c:da:7f:79:ac:7e:5c:a5:f4:56:84:19:df:21:0a:
         c6:01:31:1c:cf:ff:4e:cc:52:13:58:02:9d:89:e2:86:d2:7e:
         be:55:5a:b4:aa:89:40:ba:1e:96:f3:15:8f:b0:76:d9:33:bd:
         cf:73:ed:9c:ad:43:93:bf:de:17:d6:82:01:0e:0f:80:8d:f3:
         8a:9d:5b:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmQf49CPW0sZ/CSZDDCYTzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjUwOTI4MTMyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWZmZmYzNWQzNGZkNTA1MDdlZWM3M2M5MTZjOTg1Y2I3Yzg2MGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2gS06aE4lVPsZTCYZ7GylidTVGx
LFJzeqK/hJNfK5m3MDNNc3Dc8l/3RY9IjfjY4Dya2AJ2e8x1a9qFzWFDd+/3TAih
34EHdBOPMReXA5UvBENWgKf8/rGZRj9bphlBQhJ/5cyTxsD0VDLnjiv9ciWwR74e
zyqLdd4mqfdwDN5kXaswW92tRyNXjD37dxFym1/BLKA1n7+1iDfgyjPBRWZWhd/g
hn3oWXCdulsEUtWgQG3TeatVEgpjJMLMBqi/Wwqap0nryBw4gze+oNc5+DTbiRHj
91frp18oqicgHlSCtoBX4urwMTvDJCpstOD9fTwxKNjDCLk2iClB6qdsowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGr//zXTT9UFB+7HPJFsmFy3yGDiMB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEvYXZfX05kTlAxUVVIN3NjOGtXeVlYTGZJWU9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSuOMA0G
CSqGSIb3DQEBCwUAA4IBAQB/BT2Oks79LnurmnONnRaPYkTX/h5RdnY9hQOBUnz4
GLSfQVnrsayegJlIoZehhXRAOrE143Twomk8ViV2OBQgUXmjAVfN8vhn4/tLbLpp
N5VXhQ4FAxqEqREuadEGSyB9SS3BQI+8EF34XCPKF0KhqlarTSF2fm9Q7XEGYbT/
y+HTKp7lv/L9NxeAEakshWCrNzkaY/iRSeA88A5rODTvq+hgEmImoySw/JrbWyL2
7JRcQqg3lHps2n95rH5cpfRWhBnfIQrGATEcz/9OzFITWAKdieKG0n6+VVq0qolA
uh6W8xWPsHbZM73Pc+2crUOTv94X1oIBDg+AjfOKnVvl
-----END CERTIFICATE-----