Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8y9Bpj6qT5xLUBd9DKTVotPR-pA.roa
File:                     8y9Bpj6qT5xLUBd9DKTVotPR-pA.roa (raw, json)
Hash identifier:          EUTwuGD1bsqdEQPpv5+sn8EkaojF9cvWcHRIH/xTiW0=
Subject key identifier:   F3:2F:41:A6:3E:AA:4F:9C:4B:50:17:7D:0C:A4:D5:A2:D3:D1:FA:90
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019807BD4C09793F514C90634DFAEAA9CBE1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8y9Bpj6qT5xLUBd9DKTVotPR-pA.roa
Signing time:             Mon 14 Jul 2025 07:01:42 +0000
ROA not before:           Mon 14 Jul 2025 07:01:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213702
IP address blocks:        185.238.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:07:bd:4c:09:79:3f:51:4c:90:63:4d:fa:ea:a9:cb:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 14 07:01:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f32f41a63eaa4f9c4b50177d0ca4d5a2d3d1fa90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:dd:ac:44:91:b0:4f:fc:18:6d:24:d4:c2:98:
                    45:1e:f9:57:21:ed:4d:65:7d:c1:1e:5d:2b:0f:d4:
                    b4:c8:30:0f:ae:c0:d8:ba:4a:1c:cc:ff:c8:ff:1c:
                    30:db:2c:4d:0d:b7:c3:c1:0f:54:f6:f4:5d:77:0c:
                    0e:cc:45:80:56:1d:be:fa:80:6c:99:84:27:46:77:
                    39:3b:2f:da:4a:a4:9d:db:2e:6e:db:7e:4e:1f:ee:
                    26:79:f2:44:97:0e:be:42:9a:36:3c:2d:ec:c6:f1:
                    4d:66:27:4c:c8:7f:62:e7:1c:43:2a:67:a3:af:13:
                    0e:ec:c2:62:25:b1:4d:a6:6e:76:01:3c:61:00:0e:
                    e5:0f:ec:45:2e:21:93:4c:ac:fa:b1:7d:3f:d4:bd:
                    a6:1d:58:95:b4:37:a6:b6:06:f7:1f:47:23:9f:97:
                    87:9e:cb:b1:33:9b:5d:e5:2b:95:95:bd:ba:3c:d2:
                    18:c5:f6:6c:3f:57:10:5b:05:42:30:f6:a1:85:81:
                    9e:89:8e:34:17:17:5a:ac:b8:f5:b8:63:a1:ee:67:
                    2c:f1:b9:a7:60:ae:ff:3f:0b:27:ca:46:fc:dc:19:
                    06:84:37:92:bf:fa:82:31:ad:07:55:eb:34:13:59:
                    3a:70:df:01:9f:8c:eb:cd:ee:d9:0b:db:98:66:d6:
                    59:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:2F:41:A6:3E:AA:4F:9C:4B:50:17:7D:0C:A4:D5:A2:D3:D1:FA:90
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8y9Bpj6qT5xLUBd9DKTVotPR-pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:7c:4e:bd:58:d1:5e:83:ad:77:37:9d:37:c4:db:f1:bb:44:
         f7:9e:ba:ef:6f:4b:2a:2b:d5:0f:45:3a:f1:a7:86:02:ad:8a:
         10:9c:d4:28:d8:59:8c:64:c5:ca:fa:a7:fc:a4:eb:d5:b6:e2:
         30:7d:c4:eb:c6:9a:19:8c:4d:f4:27:bf:6f:7b:76:68:be:7c:
         f5:41:61:7f:61:4a:1d:dc:70:ad:2e:de:a3:d0:7e:00:86:af:
         fa:c3:12:cb:21:e8:91:ea:fe:ee:f5:a7:1c:0c:82:d9:d7:c0:
         2e:e7:78:57:8f:2f:74:ec:64:de:10:f7:6a:a4:b0:bf:43:16:
         05:f3:c8:a0:11:7a:ab:5e:b8:ac:82:19:f6:8f:84:bf:4e:ec:
         c5:4d:14:d2:46:51:4d:74:71:75:5e:21:8f:3a:8c:6a:6f:23:
         cb:92:dd:2b:c1:f4:59:85:30:ae:09:fb:21:76:b5:cc:f5:c2:
         0d:49:53:e9:2f:90:b8:ba:4e:5e:0e:dd:9f:4d:63:a2:49:9c:
         d2:c2:24:a5:70:af:f6:a1:47:f7:51:a2:0e:35:19:7e:cd:af:
         51:ba:34:ce:10:6e:e9:81:3e:3e:01:93:1a:76:bf:58:a7:3d:
         d7:f8:31:23:5b:21:aa:af:ac:e4:24:0c:e4:ed:6b:ec:7d:4c:
         b1:2e:51:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgHvUwJeT9RTJBjTfrqqcvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNzE0MDcwMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzJmNDFhNjNlYWE0ZjljNGI1MDE3N2QwY2E0ZDVhMmQzZDFmYTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd2sRJGwT/wYbSTUwphFHvlXIe1N
ZX3BHl0rD9S0yDAPrsDYukoczP/I/xww2yxNDbfDwQ9U9vRddwwOzEWAVh2++oBs
mYQnRnc5Oy/aSqSd2y5u235OH+4mefJElw6+Qpo2PC3sxvFNZidMyH9i5xxDKmej
rxMO7MJiJbFNpm52ATxhAA7lD+xFLiGTTKz6sX0/1L2mHViVtDemtgb3H0cjn5eH
nsuxM5td5SuVlb26PNIYxfZsP1cQWwVCMPahhYGeiY40FxdarLj1uGOh7mcs8bmn
YK7/Pwsnykb83BkGhDeSv/qCMa0HVes0E1k6cN8Bn4zrze7ZC9uYZtZZEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMvQaY+qk+cS1AXfQyk1aLT0fqQMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOHk5QnBqNnFUNXhMVUJkOURLVFZvdFBSLXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue6/MA0G
CSqGSIb3DQEBCwUAA4IBAQDKfE69WNFeg613N503xNvxu0T3nrrvb0sqK9UPRTrx
p4YCrYoQnNQo2FmMZMXK+qf8pOvVtuIwfcTrxpoZjE30J79ve3Zovnz1QWF/YUod
3HCtLt6j0H4Ahq/6wxLLIeiR6v7u9accDILZ18Au53hXjy907GTeEPdqpLC/QxYF
88igEXqrXrisghn2j4S/TuzFTRTSRlFNdHF1XiGPOoxqbyPLkt0rwfRZhTCuCfsh
drXM9cINSVPpL5C4uk5eDt2fTWOiSZzSwiSlcK/2oUf3UaIONRl+za9RujTOEG7p
gT4+AZMadr9Ypz3X+DEjWyGqr6zkJAzk7WvsfUyxLlFL
-----END CERTIFICATE-----