Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/Q4iWZ496HCNmYZBIWBOYyxR29Uc.roa
File:                     Q4iWZ496HCNmYZBIWBOYyxR29Uc.roa (raw, json)
Hash identifier:          7wrmL3IIhgsOUmrN36LQ1NncM+5WHq2SxfG9P1s/Hs8=
Subject key identifier:   43:88:96:67:8F:7A:1C:23:66:61:90:48:58:13:98:CB:14:76:F5:47
Certificate issuer:       /CN=dea4a507ad15865a0b2eec09ebb4e75457f4018b
Certificate serial:       01980702011E08B6404D4AC61D05460C4B66
Authority key identifier: DE:A4:A5:07:AD:15:86:5A:0B:2E:EC:09:EB:B4:E7:54:57:F4:01:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3qSlB60VhloLLuwJ67TnVFf0AYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/Q4iWZ496HCNmYZBIWBOYyxR29Uc.roa
Signing time:             Mon 14 Jul 2025 03:37:08 +0000
ROA not before:           Mon 14 Jul 2025 03:37:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38325
IP address blocks:        79.170.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/3qSlB60VhloLLuwJ67TnVFf0AYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/3qSlB60VhloLLuwJ67TnVFf0AYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3qSlB60VhloLLuwJ67TnVFf0AYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:07:02:01:1e:08:b6:40:4d:4a:c6:1d:05:46:0c:4b:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dea4a507ad15865a0b2eec09ebb4e75457f4018b
        Validity
            Not Before: Jul 14 03:37:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=438896678f7a1c2366619048581398cb1476f547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5e:55:2c:72:22:4c:5a:cf:51:f7:23:1f:5d:
                    c5:d5:a6:8c:41:fc:73:00:91:26:77:67:11:1a:7f:
                    1b:11:75:cf:61:2a:5f:4d:f0:e9:d9:6d:17:93:d2:
                    c9:3d:23:8e:46:2d:ca:29:c3:58:8f:67:1a:59:82:
                    3f:cb:9d:59:be:2d:ec:e8:9e:c9:49:0a:04:ef:f5:
                    7f:9c:a4:d6:d4:1f:24:0d:fd:b4:68:8b:e9:61:68:
                    5a:0b:49:24:fc:56:05:e1:77:6f:ae:53:e7:c6:b4:
                    f5:67:26:82:1b:44:c5:80:4c:d0:ca:42:34:ee:90:
                    ad:3d:b4:e5:2a:e6:37:51:85:88:b9:85:d3:47:bb:
                    a4:80:08:89:4b:83:aa:c3:b9:61:14:6e:8d:46:62:
                    de:f5:99:bc:8b:93:06:e2:51:b8:ed:28:05:70:15:
                    a8:72:fb:b6:ca:0b:da:a6:bf:6b:6b:cd:10:c5:0b:
                    9a:a6:8a:89:07:d3:fc:9c:a9:8c:83:50:1c:fe:80:
                    f0:d6:c9:fe:86:4e:53:87:b2:63:6a:85:16:2e:dd:
                    22:96:9b:d0:c6:ac:f0:94:f3:94:55:a0:c2:cf:dc:
                    49:52:62:94:26:55:e9:43:73:9d:4c:4c:14:af:04:
                    72:a0:6f:38:ad:f8:4d:fb:d0:fa:80:0d:d9:8a:ac:
                    e6:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:88:96:67:8F:7A:1C:23:66:61:90:48:58:13:98:CB:14:76:F5:47
            X509v3 Authority Key Identifier:
                keyid:DE:A4:A5:07:AD:15:86:5A:0B:2E:EC:09:EB:B4:E7:54:57:F4:01:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3qSlB60VhloLLuwJ67TnVFf0AYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/Q4iWZ496HCNmYZBIWBOYyxR29Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/3qSlB60VhloLLuwJ67TnVFf0AYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.170.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:c6:e1:43:36:2b:cb:9c:83:06:9e:83:54:17:16:36:41:db:
         fc:49:8b:89:75:6b:51:88:ee:e0:6a:b4:48:e2:b2:f0:3e:8e:
         67:8d:bd:84:b8:fe:63:58:04:45:5d:e2:2d:3a:15:5b:66:ae:
         4a:8f:4c:fc:59:bc:50:5d:2e:52:f4:f1:cd:47:42:af:b9:e5:
         07:c1:76:23:1f:56:6c:56:2d:31:88:dd:1d:d7:58:61:5b:ce:
         6d:4e:a1:1f:c2:bd:96:78:01:f6:13:65:f5:15:46:21:27:f3:
         d7:57:10:b1:c2:2c:1d:b9:de:78:7a:54:0b:57:2d:05:6e:b2:
         13:c7:09:f0:12:98:19:d9:14:c3:00:e3:b8:82:90:80:6a:83:
         02:f2:53:9e:33:b7:80:11:74:21:fe:66:53:d0:55:8b:32:f3:
         9c:1f:55:eb:a3:9b:0c:da:d8:a2:ef:a0:7f:66:e2:21:fa:e4:
         93:19:12:a5:76:79:5b:8f:08:48:38:4d:ac:27:74:86:5c:56:
         5e:20:bc:cc:a9:29:01:c1:bb:01:d3:37:8e:2c:be:4b:7f:3a:
         c0:8f:47:3e:92:46:85:2f:ac:a2:63:05:f3:81:e0:26:03:1a:
         9d:e3:ad:49:a2:cf:bf:36:93:e2:73:f6:ec:3c:ea:05:78:9f:
         f7:2c:a2:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgHAgEeCLZATUrGHQVGDEtmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYTRhNTA3YWQxNTg2NWEwYjJlZWMwOWViYjRlNzU0NTdm
NDAxOGIwHhcNMjUwNzE0MDMzNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mzg4OTY2NzhmN2ExYzIzNjY2MTkwNDg1ODEzOThjYjE0NzZmNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlV5VLHIiTFrPUfcjH13F1aaMQfxz
AJEmd2cRGn8bEXXPYSpfTfDp2W0Xk9LJPSOORi3KKcNYj2caWYI/y51Zvi3s6J7J
SQoE7/V/nKTW1B8kDf20aIvpYWhaC0kk/FYF4XdvrlPnxrT1ZyaCG0TFgEzQykI0
7pCtPbTlKuY3UYWIuYXTR7ukgAiJS4Oqw7lhFG6NRmLe9Zm8i5MG4lG47SgFcBWo
cvu2ygvapr9ra80QxQuapoqJB9P8nKmMg1Ac/oDw1sn+hk5Th7JjaoUWLt0ilpvQ
xqzwlPOUVaDCz9xJUmKUJlXpQ3OdTEwUrwRyoG84rfhN+9D6gA3Ziqzm2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOIlmePehwjZmGQSFgTmMsUdvVHMB8GA1UdIwQY
MBaAFN6kpQetFYZaCy7sCeu051RX9AGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3FTbEI2MFZobG9MTHV3SjY3VG5WRmYwQVlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iNDkxZTAtMTk0MS00MjczLTlhMjUt
OTIyZTIyNDQ1OWZiLzEvUTRpV1o0OTZIQ05tWVpCSVdCT1l5eFIyOVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iNDkxZTAtMTk0MS00MjczLTlhMjUtOTIyZTIyNDQ1OWZi
LzEvM3FTbEI2MFZobG9MTHV3SjY3VG5WRmYwQVlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6ojMA0G
CSqGSIb3DQEBCwUAA4IBAQAAxuFDNivLnIMGnoNUFxY2Qdv8SYuJdWtRiO7garRI
4rLwPo5njb2EuP5jWARFXeItOhVbZq5Kj0z8WbxQXS5S9PHNR0KvueUHwXYjH1Zs
Vi0xiN0d11hhW85tTqEfwr2WeAH2E2X1FUYhJ/PXVxCxwiwdud54elQLVy0FbrIT
xwnwEpgZ2RTDAOO4gpCAaoMC8lOeM7eAEXQh/mZT0FWLMvOcH1Xro5sM2tii76B/
ZuIh+uSTGRKldnlbjwhIOE2sJ3SGXFZeILzMqSkBwbsB0zeOLL5LfzrAj0c+kkaF
L6yiYwXzgeAmAxqd461Jos+/NpPic/bsPOoFeJ/3LKKg
-----END CERTIFICATE-----