Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/heXWON4WXKdZ3I7wdaSEZY_bw7Q.roa
File:                     heXWON4WXKdZ3I7wdaSEZY_bw7Q.roa (raw, json)
Hash identifier:          yZLyCUrBOTyNSyMfJ52NUUvzxGZEz4hsndySKpic4Ww=
Subject key identifier:   85:E5:D6:38:DE:16:5C:A7:59:DC:8E:F0:75:A4:84:65:8F:DB:C3:B4
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B45582FF21B130A12E89D916311A27
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/heXWON4WXKdZ3I7wdaSEZY_bw7Q.roa
Signing time:             Mon 14 Jul 2025 16:11:09 +0000
ROA not before:           Mon 14 Jul 2025 16:11:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203749
IP address blocks:        194.53.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b4:55:82:ff:21:b1:30:a1:2e:89:d9:16:31:1a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:11:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85e5d638de165ca759dc8ef075a484658fdbc3b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6b:e2:b1:1c:15:12:04:9d:7c:78:73:f6:94:
                    95:a0:5f:0c:7c:ed:d5:7c:06:d3:00:26:30:e6:d6:
                    2f:b8:fa:99:83:53:1c:fe:b9:0a:30:80:b2:2a:8b:
                    d6:06:e0:11:31:0b:e9:51:62:90:72:e5:c1:b2:b2:
                    b2:e0:01:15:bc:20:1a:77:3e:42:2f:f1:c0:b8:e9:
                    4d:6c:1c:d0:3a:a7:ad:df:67:20:3f:6d:4e:c4:2b:
                    db:14:89:8c:1e:ad:54:39:28:56:92:bc:71:da:db:
                    9b:51:2f:8a:bc:69:bf:b5:ad:30:4c:54:23:aa:0e:
                    f0:c8:50:18:37:8c:d6:dc:46:27:5c:14:20:f3:33:
                    1c:46:5d:72:b8:1d:6b:16:df:28:70:c9:28:17:a4:
                    40:6b:f0:db:26:a0:fd:bb:96:04:02:6c:d0:74:1d:
                    de:1d:ca:da:c7:01:09:ee:ae:49:21:d9:37:76:4a:
                    c6:aa:ef:e5:8e:47:7f:ee:e4:ef:36:3b:bb:c0:57:
                    e0:f9:5f:45:db:a4:0d:d2:f1:37:30:c0:ac:8e:e1:
                    ee:9d:57:e3:d8:27:46:b3:b0:87:a2:10:e8:82:9d:
                    d0:11:a9:5a:c1:b1:0c:bc:ae:07:d6:a6:a1:42:d1:
                    88:6b:ba:82:cf:2f:c6:bb:07:99:4e:6c:0d:ca:b2:
                    a9:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E5:D6:38:DE:16:5C:A7:59:DC:8E:F0:75:A4:84:65:8F:DB:C3:B4
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/heXWON4WXKdZ3I7wdaSEZY_bw7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:65:23:c0:2c:dc:f1:49:e0:7c:2c:b1:bc:73:55:0e:48:0f:
         fb:d5:57:35:3f:1e:cb:58:12:56:8f:3a:54:d1:75:0a:02:eb:
         c6:b8:fe:63:9b:94:b1:9e:80:dc:39:d8:a6:44:98:8c:6e:88:
         00:89:6a:84:7a:09:be:29:e7:29:9e:2c:33:f6:ec:75:ab:c8:
         32:c1:bb:c4:23:ce:6c:31:13:21:8f:bf:6d:7b:fa:08:29:af:
         57:7c:c3:8d:f5:a9:49:39:55:9c:af:c0:73:e5:b8:cc:42:bb:
         aa:02:76:71:82:fb:d6:31:c5:90:b9:70:46:df:c8:21:e7:ef:
         d8:50:1d:87:01:29:a8:78:9e:3c:74:0e:5d:fd:c3:e9:b5:fa:
         ae:2d:f3:02:73:ce:3b:8c:1a:94:bc:d5:9b:0f:42:eb:c2:4a:
         53:ce:62:05:c4:10:f8:9c:f8:0e:57:88:43:bb:10:ca:97:c4:
         3f:2c:c9:f4:30:86:0e:6a:a0:9d:69:84:40:ed:07:9e:d4:1a:
         8b:22:6b:48:9d:eb:98:58:78:68:16:d8:93:5f:43:af:14:b6:
         ee:f5:54:77:40:88:e7:8e:b7:a6:20:da:e4:fc:87:dc:a1:a8:
         4b:c2:e9:fc:7c:eb:c3:b3:cc:53:4f:72:d8:87:99:b8:e7:67:
         6c:a1:da:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJtFWC/yGxMKEuidkWMRonMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWU1ZDYzOGRlMTY1Y2E3NTlkYzhlZjA3NWE0ODQ2NThmZGJjM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWvisRwVEgSdfHhz9pSVoF8MfO3V
fAbTACYw5tYvuPqZg1Mc/rkKMICyKovWBuARMQvpUWKQcuXBsrKy4AEVvCAadz5C
L/HAuOlNbBzQOqet32cgP21OxCvbFImMHq1UOShWkrxx2tubUS+KvGm/ta0wTFQj
qg7wyFAYN4zW3EYnXBQg8zMcRl1yuB1rFt8ocMkoF6RAa/DbJqD9u5YEAmzQdB3e
HcraxwEJ7q5JIdk3dkrGqu/ljkd/7uTvNju7wFfg+V9F26QN0vE3MMCsjuHunVfj
2CdGs7CHohDogp3QEalawbEMvK4H1qahQtGIa7qCzy/GuweZTmwNyrKpAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXl1jjeFlynWdyO8HWkhGWP28O0MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvaGVYV09ONFdYS2RaM0k3d2RhU0VaWV9idzdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjU0MA0G
CSqGSIb3DQEBCwUAA4IBAQB0ZSPALNzxSeB8LLG8c1UOSA/71Vc1Px7LWBJWjzpU
0XUKAuvGuP5jm5SxnoDcOdimRJiMbogAiWqEegm+Kecpniwz9ux1q8gywbvEI85s
MRMhj79te/oIKa9XfMON9alJOVWcr8Bz5bjMQruqAnZxgvvWMcWQuXBG38gh5+/Y
UB2HASmoeJ48dA5d/cPptfquLfMCc847jBqUvNWbD0LrwkpTzmIFxBD4nPgOV4hD
uxDKl8Q/LMn0MIYOaqCdaYRA7Qee1BqLImtIneuYWHhoFtiTX0OvFLbu9VR3QIjn
jremINrk/IfcoahLwun8fOvDs8xTT3LYh5m452dsodoH
-----END CERTIFICATE-----