Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/xIyuj7QSl0dXQVIFj09aXss9VS8.roa
File:                     xIyuj7QSl0dXQVIFj09aXss9VS8.roa (raw, json)
Hash identifier:          6zuZkxeWvWRlDf9FhHxsmXNTc3Jb6ZXDCNpekuWJ+XQ=
Subject key identifier:   C4:8C:AE:8F:B4:12:97:47:57:41:52:05:8F:4F:5A:5E:CB:3D:55:2F
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B62E3EFCAADC95724F8BBCFA4D6896
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/xIyuj7QSl0dXQVIFj09aXss9VS8.roa
Signing time:             Mon 14 Jul 2025 16:13:10 +0000
ROA not before:           Mon 14 Jul 2025 16:13:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215997
IP address blocks:        185.244.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b6:2e:3e:fc:aa:dc:95:72:4f:8b:bc:fa:4d:68:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:13:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c48cae8fb4129747574152058f4f5a5ecb3d552f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:0c:84:05:a0:d6:39:37:7c:9f:41:e0:cb:90:
                    cc:15:87:41:8f:54:b4:da:47:aa:7d:13:75:c6:bd:
                    e2:a5:1e:89:2d:f4:ca:e1:ed:12:7c:40:37:8f:26:
                    4c:c9:92:69:7d:62:e0:d0:73:e0:f6:60:96:40:c8:
                    24:a8:e9:86:42:5b:3a:48:d5:20:57:0c:59:ca:e3:
                    0a:93:93:17:7d:97:45:ea:db:b5:e8:12:16:db:94:
                    d8:51:12:1a:b3:8e:e6:8e:d3:20:13:6d:cc:ee:4b:
                    0f:7f:78:81:aa:63:25:47:91:61:9b:45:4a:cb:42:
                    22:78:6f:9a:87:05:fe:79:ff:fa:a0:9f:f4:df:fd:
                    b6:9e:28:76:9c:59:a2:aa:7b:56:83:c3:7f:da:84:
                    9f:cd:15:bb:74:ab:8b:7d:8f:1f:a3:76:8f:41:c5:
                    2c:86:70:8c:86:2d:09:af:fa:49:f7:0e:7e:46:84:
                    1c:76:84:26:f0:a2:63:04:72:98:a6:00:21:ce:ac:
                    9e:69:1e:45:b9:fb:d2:8f:b1:2e:99:79:46:b7:10:
                    30:b7:54:fa:50:3f:5f:07:8a:79:b0:70:9c:84:35:
                    ff:74:3a:5d:30:b1:3e:1e:e3:74:1f:0b:33:c4:df:
                    40:c1:2e:c3:4b:7a:8a:d8:57:28:5d:98:47:4c:b9:
                    6d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8C:AE:8F:B4:12:97:47:57:41:52:05:8F:4F:5A:5E:CB:3D:55:2F
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/xIyuj7QSl0dXQVIFj09aXss9VS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:98:de:4a:1b:cf:98:6b:79:39:28:cc:bb:e4:9a:35:06:99:
         89:c8:81:77:1f:6a:a3:3c:5f:65:c1:94:36:ae:d7:c7:2e:87:
         3f:3b:f7:58:87:dd:69:91:82:41:6d:89:a6:6b:cf:93:ac:f2:
         19:e1:67:bf:62:93:6e:5e:a8:90:f9:7b:1f:60:5f:5d:1c:a8:
         01:32:f8:44:bd:dd:3c:04:b4:9d:5e:de:66:8b:4c:d5:7f:90:
         57:47:14:75:18:ce:7e:07:4c:8e:70:03:b3:96:69:21:b5:d0:
         ca:08:76:53:bb:b1:7d:80:c9:6c:e4:a5:0e:ac:00:22:30:22:
         32:de:ba:c8:68:d2:f7:9b:17:7b:bf:4a:d8:27:0e:76:ff:8a:
         3c:80:4a:89:43:9d:5b:49:f3:19:06:06:52:1a:4f:dd:96:84:
         85:e7:95:b7:42:e4:4d:4d:30:80:7e:bb:01:25:1b:78:f6:62:
         9d:2e:17:84:6f:d3:b0:90:23:65:2c:fa:64:a9:e2:7e:aa:1b:
         77:69:98:3f:43:db:4f:ef:a3:b3:23:06:91:50:2b:a2:4c:c1:
         e8:8f:ff:b0:89:0c:69:e4:0d:63:5a:77:d7:58:af:7f:f7:af:
         e7:be:99:00:c2:8c:bb:1c:60:b7:6f:92:5e:70:7b:39:bf:c4:
         ce:f6:55:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJti4+/KrclXJPi7z6TWiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDhjYWU4ZmI0MTI5NzQ3NTc0MTUyMDU4ZjRmNWE1ZWNiM2Q1NTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AyEBaDWOTd8n0Hgy5DMFYdBj1S0
2keqfRN1xr3ipR6JLfTK4e0SfEA3jyZMyZJpfWLg0HPg9mCWQMgkqOmGQls6SNUg
VwxZyuMKk5MXfZdF6tu16BIW25TYURIas47mjtMgE23M7ksPf3iBqmMlR5Fhm0VK
y0IieG+ahwX+ef/6oJ/03/22nih2nFmiqntWg8N/2oSfzRW7dKuLfY8fo3aPQcUs
hnCMhi0Jr/pJ9w5+RoQcdoQm8KJjBHKYpgAhzqyeaR5FufvSj7EumXlGtxAwt1T6
UD9fB4p5sHCchDX/dDpdMLE+HuN0HwszxN9AwS7DS3qK2FcoXZhHTLltwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSMro+0EpdHV0FSBY9PWl7LPVUvMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEveEl5dWo3UVNsMGRYUVZJRmowOWFYc3M5VlM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufSuMA0G
CSqGSIb3DQEBCwUAA4IBAQA7mN5KG8+Ya3k5KMy75Jo1BpmJyIF3H2qjPF9lwZQ2
rtfHLoc/O/dYh91pkYJBbYmma8+TrPIZ4We/YpNuXqiQ+XsfYF9dHKgBMvhEvd08
BLSdXt5mi0zVf5BXRxR1GM5+B0yOcAOzlmkhtdDKCHZTu7F9gMls5KUOrAAiMCIy
3rrIaNL3mxd7v0rYJw52/4o8gEqJQ51bSfMZBgZSGk/dloSF55W3QuRNTTCAfrsB
JRt49mKdLheEb9OwkCNlLPpkqeJ+qht3aZg/Q9tP76OzIwaRUCuiTMHoj/+wiQxp
5A1jWnfXWK9/96/nvpkAwoy7HGC3b5JecHs5v8TO9lXg
-----END CERTIFICATE-----