Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/304a4f-2cc0-451a-b15f-cf99d5e257e9/1/H60TtWd0YinCrHFItkOy4Q09gMg.roa
File:                     H60TtWd0YinCrHFItkOy4Q09gMg.roa (raw, json)
Hash identifier:          DyKdKi+xe67HQcM0pe0CES2i6G0OdRxtjONYY5E8R+Q=
Subject key identifier:   1F:AD:13:B5:67:74:62:29:C2:AC:71:48:B6:43:B2:E1:0D:3D:80:C8
Certificate issuer:       /CN=d5aa9c11657d8a2a54ce672814b6bdb979618830
Certificate serial:       019827B1459D1ECC932A7AE8A45389E68B5F
Authority key identifier: D5:AA:9C:11:65:7D:8A:2A:54:CE:67:28:14:B6:BD:B9:79:61:88:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1aqcEWV9iipUzmcoFLa9uXlhiDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/304a4f-2cc0-451a-b15f-cf99d5e257e9/1/H60TtWd0YinCrHFItkOy4Q09gMg.roa
Signing time:             Sun 20 Jul 2025 11:56:25 +0000
ROA not before:           Sun 20 Jul 2025 11:56:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215293
IP address blocks:        91.237.251.0/24 maxlen: 24
                          217.19.1.0/24 maxlen: 24
                          2a14:22c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/304a4f-2cc0-451a-b15f-cf99d5e257e9/1/1aqcEWV9iipUzmcoFLa9uXlhiDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/304a4f-2cc0-451a-b15f-cf99d5e257e9/1/1aqcEWV9iipUzmcoFLa9uXlhiDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1aqcEWV9iipUzmcoFLa9uXlhiDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:27:b1:45:9d:1e:cc:93:2a:7a:e8:a4:53:89:e6:8b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5aa9c11657d8a2a54ce672814b6bdb979618830
        Validity
            Not Before: Jul 20 11:56:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fad13b567746229c2ac7148b643b2e10d3d80c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:36:ba:19:8e:b8:77:5e:b9:f1:2c:79:99:5e:
                    f8:73:a9:cd:0c:b8:25:9d:4d:23:ca:cf:ae:e1:db:
                    d9:9d:f3:6a:68:08:ef:33:fc:9c:39:e3:b0:eb:63:
                    52:0c:15:0f:8a:ec:fe:31:28:42:a5:11:d2:54:e7:
                    b3:b9:91:8a:c0:17:3a:1c:16:81:43:15:13:37:9d:
                    bf:83:28:19:89:47:f1:f8:c2:3f:d7:ba:16:b7:ff:
                    dd:c0:db:a8:35:b9:5d:20:f0:4f:92:da:65:30:b9:
                    2b:d0:2b:d9:ef:2b:5a:03:9d:33:0f:54:61:73:6e:
                    e3:cb:ae:cb:6d:a7:2f:b4:ae:01:85:9b:4b:60:f2:
                    df:43:f6:74:18:5f:aa:cc:3c:1c:4e:cb:2a:2e:75:
                    1d:ce:3f:6a:26:b8:e0:26:57:3f:15:df:d2:66:39:
                    47:41:a3:6b:72:41:c0:8f:ea:40:da:a9:d9:83:b4:
                    c2:de:98:fa:15:cb:90:f9:5b:c5:dc:02:59:9a:f7:
                    74:1f:61:94:91:02:f3:a6:b9:90:e9:8e:01:e8:00:
                    77:6c:e9:90:5e:13:1e:3b:e8:8c:8d:28:7a:6a:f9:
                    7e:5a:3e:59:bc:cf:dc:d1:c9:80:9b:dc:b7:f3:6a:
                    80:ce:c6:47:46:e2:2b:37:78:80:9d:62:56:41:1b:
                    7c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AD:13:B5:67:74:62:29:C2:AC:71:48:B6:43:B2:E1:0D:3D:80:C8
            X509v3 Authority Key Identifier:
                keyid:D5:AA:9C:11:65:7D:8A:2A:54:CE:67:28:14:B6:BD:B9:79:61:88:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1aqcEWV9iipUzmcoFLa9uXlhiDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/304a4f-2cc0-451a-b15f-cf99d5e257e9/1/H60TtWd0YinCrHFItkOy4Q09gMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/304a4f-2cc0-451a-b15f-cf99d5e257e9/1/1aqcEWV9iipUzmcoFLa9uXlhiDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.251.0/24
                  217.19.1.0/24
                IPv6:
                  2a14:22c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:a1:a7:ad:ad:01:2b:10:09:0f:31:40:e8:45:db:b6:fc:07:
         71:0c:15:7a:90:13:99:2f:c5:30:0b:ce:88:d1:c4:cb:9a:98:
         e5:25:79:e2:ff:fc:55:7e:cc:a1:e6:89:76:ad:9f:70:78:2c:
         6b:81:41:46:af:0d:cd:51:ad:1a:6c:5f:b9:a8:da:be:ec:4a:
         8f:ca:69:ba:17:c7:0a:2c:3a:a2:d5:ab:70:22:08:e9:6c:18:
         b1:73:c2:fc:51:6f:e7:2b:cc:5a:ee:61:9e:9c:65:e3:0f:34:
         89:e1:c2:12:9f:c7:43:73:2a:a3:1c:f0:12:90:d0:18:81:3a:
         d4:fe:09:47:cf:8f:85:81:51:03:f5:ad:2b:ea:3c:bf:d5:88:
         45:46:fb:ff:e1:87:68:34:e3:3d:e5:0f:c9:ea:23:4c:f2:cb:
         c0:df:dd:3b:0e:20:10:4c:7f:6b:1f:1e:fc:83:97:51:5f:62:
         7c:37:42:b6:3e:3d:76:a5:4e:d3:d7:cb:b3:c2:92:2a:06:96:
         c0:61:cb:14:e9:d8:0a:2f:d8:fb:64:80:9b:1a:da:53:3f:28:
         6b:63:b8:52:12:69:cd:69:9a:92:19:39:8a:cc:ba:70:3d:3e:
         7d:69:b5:5d:a3:ac:13:bf:17:c7:54:a4:f1:79:b8:95:6e:49:
         0d:68:41:94
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZgnsUWdHsyTKnropFOJ5otfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YWE5YzExNjU3ZDhhMmE1NGNlNjcyODE0YjZiZGI5Nzk2
MTg4MzAwHhcNMjUwNzIwMTE1NjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmFkMTNiNTY3NzQ2MjI5YzJhYzcxNDhiNjQzYjJlMTBkM2Q4MGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTa6GY64d1658Sx5mV74c6nNDLgl
nU0jys+u4dvZnfNqaAjvM/ycOeOw62NSDBUPiuz+MShCpRHSVOezuZGKwBc6HBaB
QxUTN52/gygZiUfx+MI/17oWt//dwNuoNbldIPBPktplMLkr0CvZ7ytaA50zD1Rh
c27jy67LbacvtK4BhZtLYPLfQ/Z0GF+qzDwcTssqLnUdzj9qJrjgJlc/Fd/SZjlH
QaNrckHAj+pA2qnZg7TC3pj6FcuQ+VvF3AJZmvd0H2GUkQLzprmQ6Y4B6AB3bOmQ
XhMeO+iMjSh6avl+Wj5ZvM/c0cmAm9y382qAzsZHRuIrN3iAnWJWQRt8RwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFB+tE7VndGIpwqxxSLZDsuENPYDIMB8GA1UdIwQY
MBaAFNWqnBFlfYoqVM5nKBS2vbl5YYgwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWFxY0VXVjlpaXBVem1jb0ZMYTl1WGxoaURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8zMDRhNGYtMmNjMC00NTFhLWIxNWYt
Y2Y5OWQ1ZTI1N2U5LzEvSDYwVHRXZDBZaW5DckhGSXRrT3k0UTA5Z01nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8zMDRhNGYtMmNjMC00NTFhLWIxNWYtY2Y5OWQ1ZTI1N2U5
LzEvMWFxY0VXVjlpaXBVem1jb0ZMYTl1WGxoaURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+37AwQA
2RMBMA0EAgACMAcDBQMqFCLAMA0GCSqGSIb3DQEBCwUAA4IBAQCDoaetrQErEAkP
MUDoRdu2/AdxDBV6kBOZL8UwC86I0cTLmpjlJXni//xVfsyh5ol2rZ9weCxrgUFG
rw3NUa0abF+5qNq+7EqPymm6F8cKLDqi1atwIgjpbBixc8L8UW/nK8xa7mGenGXj
DzSJ4cISn8dDcyqjHPASkNAYgTrU/glHz4+FgVED9a0r6jy/1YhFRvv/4YdoNOM9
5Q/J6iNM8svA3907DiAQTH9rHx78g5dRX2J8N0K2Pj12pU7T18uzwpIqBpbAYcsU
6dgKL9j7ZICbGtpTPyhrY7hSEmnNaZqSGTmKzLpwPT59abVdo6wTvxfHVKTxebiV
bkkNaEGU
-----END CERTIFICATE-----
Generated at Sun Jul 27 09:42:56 2025 by rpki-client