Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/x_kmwuaD2Uv2HFLODCKAcngkZmI.roa
File:                     x_kmwuaD2Uv2HFLODCKAcngkZmI.roa (raw, json)
Hash identifier:          YzInZ8+3078RATQFSI7n9ucYtfrzyFiROEAN+YuWwao=
Subject key identifier:   C7:F9:26:C2:E6:83:D9:4B:F6:1C:52:CE:0C:22:80:72:78:24:66:62
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0198147A40265D50569732E85D38EE669B63
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/x_kmwuaD2Uv2HFLODCKAcngkZmI.roa
Signing time:             Wed 16 Jul 2025 18:23:32 +0000
ROA not before:           Wed 16 Jul 2025 18:23:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206491
IP address blocks:        188.209.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:14:7a:40:26:5d:50:56:97:32:e8:5d:38:ee:66:9b:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jul 16 18:23:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7f926c2e683d94bf61c52ce0c22807278246662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:83:ed:bd:e5:64:2c:c4:9f:72:65:56:7d:d8:
                    9b:3a:06:98:9a:5e:16:19:ae:10:a0:29:bb:e0:63:
                    88:46:bb:41:98:82:9a:ae:86:39:04:e4:08:de:c9:
                    42:7f:82:01:94:06:68:de:02:b1:6d:24:8d:e0:d9:
                    04:c3:1d:1a:cb:15:81:e6:bc:ec:31:d3:ef:be:cb:
                    d2:e4:0a:7b:a3:9e:ee:43:9c:15:d7:fc:f4:a5:7b:
                    ae:ae:23:3f:f2:ad:d1:53:99:63:fc:4c:cd:c6:ed:
                    7f:93:71:af:b7:15:f8:e1:2a:30:ff:be:05:af:f9:
                    57:30:26:cb:65:bf:35:01:ac:05:88:2c:9f:37:c1:
                    6d:e6:d4:5d:b0:db:b1:a1:6e:e2:8f:e3:04:5b:a7:
                    7c:22:47:04:76:cb:31:50:de:33:b0:c6:f6:ba:af:
                    78:e1:67:3c:b2:39:42:e2:18:79:11:4e:be:be:58:
                    c4:9c:27:23:d9:8e:dd:f8:e1:b2:65:93:53:75:ee:
                    3c:49:d8:6a:a6:bc:e4:95:d8:b1:a9:e1:67:9a:e6:
                    83:59:1d:ae:f7:27:f3:c3:b1:09:8d:c0:38:ea:f0:
                    74:96:c8:8f:96:57:e4:89:6a:a0:c8:71:db:54:8a:
                    58:24:3e:d5:21:07:a7:7e:90:f6:01:9e:c0:a5:5a:
                    72:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F9:26:C2:E6:83:D9:4B:F6:1C:52:CE:0C:22:80:72:78:24:66:62
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/x_kmwuaD2Uv2HFLODCKAcngkZmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:49:c5:0b:a8:bc:1e:9f:a9:ca:d8:c9:a4:b1:f5:87:ea:4f:
         bd:b6:5b:ec:a8:bc:78:4c:69:1c:9b:6a:06:d5:97:82:66:70:
         80:25:3e:a2:cb:7e:07:30:3e:d2:f9:ff:36:04:8b:46:1b:1e:
         0f:8e:91:b3:5d:5d:21:65:f5:62:b3:8d:44:53:c9:4c:1a:0d:
         f4:00:12:8e:eb:28:17:9b:a7:ea:54:51:07:0e:a6:54:b8:88:
         e4:cf:94:a7:a7:27:03:b1:97:cf:02:84:e4:cc:83:ec:8e:2b:
         cc:be:59:ad:e2:a2:5b:8d:22:03:99:6a:41:68:5a:ef:fd:dc:
         59:c5:16:5f:f6:0f:a5:c0:4d:9a:12:84:b4:87:fc:f6:86:87:
         ab:f9:e0:bf:48:05:66:80:a5:56:f3:5c:a0:f4:18:df:80:a5:
         f3:9c:8e:13:27:b9:89:80:13:fe:98:a8:bc:fa:5f:77:f5:ef:
         7e:7b:0f:04:56:98:e3:9d:47:fe:70:9c:de:d1:56:f9:9a:62:
         8a:9b:9a:1e:6b:a2:30:3a:81:a3:b4:c0:85:08:f3:3f:1a:de:
         b5:7f:3c:d4:9b:6c:c5:e4:d5:a3:b6:78:ca:af:2b:74:67:d5:
         7f:c7:ba:75:5b:2b:67:bf:5f:91:cb:9a:eb:3c:ec:65:03:3f:
         93:6b:49:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgUekAmXVBWlzLoXTjuZptjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNzE2MTgyMzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Y5MjZjMmU2ODNkOTRiZjYxYzUyY2UwYzIyODA3Mjc4MjQ2NjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YPtveVkLMSfcmVWfdibOgaYml4W
Ga4QoCm74GOIRrtBmIKaroY5BOQI3slCf4IBlAZo3gKxbSSN4NkEwx0ayxWB5rzs
MdPvvsvS5Ap7o57uQ5wV1/z0pXuuriM/8q3RU5lj/EzNxu1/k3GvtxX44Sow/74F
r/lXMCbLZb81AawFiCyfN8Ft5tRdsNuxoW7ij+MEW6d8IkcEdssxUN4zsMb2uq94
4Wc8sjlC4hh5EU6+vljEnCcj2Y7d+OGyZZNTde48SdhqprzkldixqeFnmuaDWR2u
9yfzw7EJjcA46vB0lsiPllfkiWqgyHHbVIpYJD7VIQenfpD2AZ7ApVpyQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf5JsLmg9lL9hxSzgwigHJ4JGZiMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEveF9rbXd1YUQyVXYySEZMT0RDS0FjbmdrWm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGBMA0G
CSqGSIb3DQEBCwUAA4IBAQCvScULqLwen6nK2MmksfWH6k+9tlvsqLx4TGkcm2oG
1ZeCZnCAJT6iy34HMD7S+f82BItGGx4PjpGzXV0hZfVis41EU8lMGg30ABKO6ygX
m6fqVFEHDqZUuIjkz5SnpycDsZfPAoTkzIPsjivMvlmt4qJbjSIDmWpBaFrv/dxZ
xRZf9g+lwE2aEoS0h/z2hoer+eC/SAVmgKVW81yg9BjfgKXznI4TJ7mJgBP+mKi8
+l939e9+ew8EVpjjnUf+cJze0Vb5mmKKm5oea6IwOoGjtMCFCPM/Gt61fzzUm2zF
5NWjtnjKryt0Z9V/x7p1Wytnv1+Ry5rrPOxlAz+Ta0kR
-----END CERTIFICATE-----