Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/kL3ukkbiEXtDTlXoPCiJMaOgKOg.roa
File:                     kL3ukkbiEXtDTlXoPCiJMaOgKOg.roa (raw, json)
Hash identifier:          zL8FQ/7Jhy4hBVp8fqdTUcatvNN5KX/PLDd4DQPades=
Subject key identifier:   90:BD:EE:92:46:E2:11:7B:43:4E:55:E8:3C:28:89:31:A3:A0:28:E8
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B6277F48A428904656AB226938AF63
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/kL3ukkbiEXtDTlXoPCiJMaOgKOg.roa
Signing time:             Mon 14 Jul 2025 16:13:09 +0000
ROA not before:           Mon 14 Jul 2025 16:13:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209962
IP address blocks:        194.36.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 21:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b6:27:7f:48:a4:28:90:46:56:ab:22:69:38:af:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:13:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90bdee9246e2117b434e55e83c288931a3a028e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:36:61:5c:8a:9c:98:e2:3a:0b:ac:52:b4:dd:
                    d6:98:e1:f0:a1:1a:21:6e:d6:6d:40:9c:19:f1:96:
                    30:3b:1b:47:86:e7:49:57:ad:5d:7d:07:fa:a8:4d:
                    55:c4:86:b6:77:9a:9e:c9:22:4e:7e:76:0f:37:5f:
                    3b:4b:9d:72:0c:c6:af:d9:1f:f6:72:f2:f9:ce:93:
                    5c:88:4a:92:38:28:bd:1c:97:9f:fb:ae:06:f5:44:
                    ab:70:20:70:a2:f5:83:ba:98:0a:10:a8:ff:e8:9b:
                    61:be:46:9a:95:61:ab:96:cc:a9:bc:1e:10:58:63:
                    24:53:ac:e2:26:4f:a3:56:04:dc:8f:d2:d9:21:5b:
                    89:17:41:20:88:c8:87:c2:f0:0d:f3:3b:50:a4:c9:
                    2d:b4:01:33:f3:9f:57:7a:4b:06:6b:ba:de:bc:6f:
                    eb:f1:f9:83:77:c2:32:9c:0f:8b:e3:4c:c8:f7:2f:
                    91:2b:67:c6:df:42:0d:d3:5a:a3:5a:05:2f:f0:6f:
                    67:9e:93:ec:a6:59:24:b3:b4:0b:b6:4b:01:72:b7:
                    1a:87:23:e4:88:bc:ad:fd:c0:6f:e2:77:6d:bb:34:
                    73:7e:4b:41:b0:9f:e3:a7:e6:e4:2d:55:8e:d8:54:
                    ef:58:28:5a:ca:3c:c2:15:0c:ee:31:11:5b:ea:59:
                    ed:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:BD:EE:92:46:E2:11:7B:43:4E:55:E8:3C:28:89:31:A3:A0:28:E8
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/kL3ukkbiEXtDTlXoPCiJMaOgKOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:11:9e:e6:f2:d4:1b:1b:98:4b:78:ce:d1:5a:72:42:ea:3f:
         4e:7b:59:af:d5:c6:f8:bb:61:c2:d7:0c:29:17:73:34:48:f8:
         e0:aa:07:20:a8:80:a6:fd:3f:60:aa:bb:cf:3c:11:1f:9a:ca:
         4a:7a:74:b1:39:a9:ff:d5:8a:f9:bf:cf:13:af:59:4a:2e:28:
         72:60:ae:8f:60:59:f9:52:57:82:fb:75:a1:f0:bc:a4:cb:7a:
         9a:fc:e4:84:eb:8b:c0:c1:cf:0b:c4:3e:12:2f:1e:de:81:81:
         3c:36:47:fe:57:d4:28:5e:f0:5f:f9:29:e6:0a:04:1f:56:fa:
         70:f3:8b:d2:a5:1a:d7:58:5e:b4:2c:3b:0e:aa:f4:cf:b4:b5:
         30:0c:56:b7:a9:72:fd:26:b2:60:37:aa:b1:5e:33:bb:07:e5:
         e9:64:a9:2b:10:b6:2c:c9:7d:e6:8a:21:ee:ef:7b:23:63:73:
         d3:18:69:06:31:be:c3:59:25:2b:69:04:ba:17:5d:aa:57:11:
         3f:81:00:10:98:cc:0e:39:fe:9d:39:14:2c:94:63:a1:2f:b2:
         94:de:ab:b7:6d:57:97:15:50:70:a0:20:2c:7a:97:d8:2f:ff:
         f7:c9:d7:b0:59:f7:00:ff:93:98:31:ca:e4:4d:2f:41:9a:c0:
         84:97:4b:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJtid/SKQokEZWqyJpOK9jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGJkZWU5MjQ2ZTIxMTdiNDM0ZTU1ZTgzYzI4ODkzMWEzYTAyOGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDZhXIqcmOI6C6xStN3WmOHwoRoh
btZtQJwZ8ZYwOxtHhudJV61dfQf6qE1VxIa2d5qeySJOfnYPN187S51yDMav2R/2
cvL5zpNciEqSOCi9HJef+64G9USrcCBwovWDupgKEKj/6JthvkaalWGrlsypvB4Q
WGMkU6ziJk+jVgTcj9LZIVuJF0EgiMiHwvAN8ztQpMkttAEz859XeksGa7revG/r
8fmDd8IynA+L40zI9y+RK2fG30IN01qjWgUv8G9nnpPsplkks7QLtksBcrcahyPk
iLyt/cBv4ndtuzRzfktBsJ/jp+bkLVWO2FTvWChayjzCFQzuMRFb6lntuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC97pJG4hF7Q05V6DwoiTGjoCjoMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEva0wzdWtrYmlFWHREVGxYb1BDaUpNYU9nS09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiSwMA0G
CSqGSIb3DQEBCwUAA4IBAQBZEZ7m8tQbG5hLeM7RWnJC6j9Oe1mv1cb4u2HC1wwp
F3M0SPjgqgcgqICm/T9gqrvPPBEfmspKenSxOan/1Yr5v88Tr1lKLihyYK6PYFn5
UleC+3Wh8Lyky3qa/OSE64vAwc8LxD4SLx7egYE8Nkf+V9QoXvBf+SnmCgQfVvpw
84vSpRrXWF60LDsOqvTPtLUwDFa3qXL9JrJgN6qxXjO7B+XpZKkrELYsyX3miiHu
73sjY3PTGGkGMb7DWSUraQS6F12qVxE/gQAQmMwOOf6dORQslGOhL7KU3qu3bVeX
FVBwoCAsepfYL//3ydewWfcA/5OYMcrkTS9BmsCEl0tt
-----END CERTIFICATE-----