Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/dBWqqX7TUpjmbRpfXp44YLDQQKo.roa
File:                     dBWqqX7TUpjmbRpfXp44YLDQQKo.roa (raw, json)
Hash identifier:          AVnu+TRmBANWXBo+f7zIG17k48ory+VgROMrgBy0M0A=
Subject key identifier:   74:15:AA:A9:7E:D3:52:98:E6:6D:1A:5F:5E:9E:38:60:B0:D0:40:AA
Certificate issuer:       /CN=72bbd2fa18319639e25ffbf4bdbfa008660158ae
Certificate serial:       019937CCD79C0D571BE986665D39F999C342
Authority key identifier: 72:BB:D2:FA:18:31:96:39:E2:5F:FB:F4:BD:BF:A0:08:66:01:58:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/dBWqqX7TUpjmbRpfXp44YLDQQKo.roa
Signing time:             Thu 11 Sep 2025 08:03:15 +0000
ROA not before:           Thu 11 Sep 2025 08:03:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16550
IP address blocks:        185.17.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 Oct 2025 20:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:37:cc:d7:9c:0d:57:1b:e9:86:66:5d:39:f9:99:c3:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72bbd2fa18319639e25ffbf4bdbfa008660158ae
        Validity
            Not Before: Sep 11 08:03:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7415aaa97ed35298e66d1a5f5e9e3860b0d040aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e7:a1:d7:e9:51:2e:90:46:f3:be:e9:5a:d9:
                    32:6d:a9:dd:af:17:03:c1:5c:da:b2:7e:62:de:16:
                    6e:ce:bf:42:c7:61:71:94:e3:10:e6:44:df:58:a7:
                    4f:fc:9b:b8:00:e6:0b:6b:11:25:50:7b:02:80:c6:
                    16:92:10:78:91:66:9f:75:49:f8:27:1b:50:44:a6:
                    31:c9:0f:0f:ed:e0:76:1b:fc:53:e2:50:a1:3e:e7:
                    cd:8b:12:92:73:cb:35:f1:db:f9:8f:a3:9b:cc:85:
                    ea:db:91:b6:c1:8b:dd:df:21:a9:58:cd:5f:36:a6:
                    70:11:26:c5:61:85:8d:ba:70:fc:16:80:a5:cd:ca:
                    46:41:6c:60:04:ca:12:d7:24:38:4d:54:c4:34:c5:
                    c6:90:57:ae:5a:ae:c1:2e:8d:61:c3:30:52:90:65:
                    75:f3:ba:2d:d8:be:2a:df:83:de:33:81:94:1a:bd:
                    ed:39:23:4c:ea:21:59:b5:e8:32:38:f5:72:78:ac:
                    23:e5:83:8a:82:c1:3a:a0:87:37:ff:1d:dc:d3:3a:
                    c6:33:3f:65:e2:be:9d:9b:57:c8:95:a2:ff:be:d1:
                    bc:fe:a8:9b:a7:a0:97:48:b9:c8:37:3e:3b:98:a4:
                    e5:a0:b8:75:2d:8b:b7:f1:d0:a8:19:b3:59:a1:a3:
                    d7:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:15:AA:A9:7E:D3:52:98:E6:6D:1A:5F:5E:9E:38:60:B0:D0:40:AA
            X509v3 Authority Key Identifier:
                keyid:72:BB:D2:FA:18:31:96:39:E2:5F:FB:F4:BD:BF:A0:08:66:01:58:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crvS-hgxljniX_v0vb-gCGYBWK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/dBWqqX7TUpjmbRpfXp44YLDQQKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/dc4420-4062-4778-9358-0af2e541646c/1/crvS-hgxljniX_v0vb-gCGYBWK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ae:b1:c7:2f:54:fe:77:39:39:e4:ee:0e:ee:b6:26:36:a7:
         8f:9b:bc:f0:c3:6f:67:ec:d2:5f:fa:c8:9b:6d:8c:82:3d:f8:
         4d:95:4f:27:0a:d0:4d:33:a4:c4:36:74:8c:41:7e:ca:cc:6b:
         6e:cb:5f:bb:1b:25:f1:5c:9e:48:ee:1e:6c:d5:8e:69:5e:77:
         a2:09:6c:83:46:a0:22:26:fc:62:24:b4:c0:b9:61:87:f5:06:
         43:4f:3d:9a:4a:4d:73:33:b9:b1:4b:41:db:69:87:c9:9c:0f:
         36:bc:16:4f:be:62:14:67:e6:a5:f2:f6:df:59:83:64:b2:9c:
         fe:9a:78:b2:e6:7b:0e:ad:17:d1:24:57:06:ea:57:bd:72:4d:
         72:ae:1f:55:9b:df:c8:ba:99:26:b5:b1:5a:e0:07:32:27:5b:
         fe:e5:83:bb:aa:7b:b0:81:51:73:8d:f3:c3:f2:6f:bd:b5:f5:
         3d:30:0e:96:98:b6:f5:a4:d4:1e:03:33:45:af:a9:f3:80:2e:
         08:d9:45:2b:1d:13:04:16:dc:00:89:bd:11:98:9f:34:83:1f:
         fa:a8:98:09:fb:c5:2c:20:72:20:69:12:a5:a6:aa:fb:ec:7b:
         e3:ce:ed:25:fb:a9:9d:e6:d4:a7:ed:2c:d0:cb:50:d8:64:d2:
         0c:46:3b:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk3zNecDVcb6YZmXTn5mcNCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYmJkMmZhMTgzMTk2MzllMjVmZmJmNGJkYmZhMDA4NjYw
MTU4YWUwHhcNMjUwOTExMDgwMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDE1YWFhOTdlZDM1Mjk4ZTY2ZDFhNWY1ZTllMzg2MGIwZDA0MGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeeh1+lRLpBG877pWtkybandrxcD
wVzasn5i3hZuzr9Cx2FxlOMQ5kTfWKdP/Ju4AOYLaxElUHsCgMYWkhB4kWafdUn4
JxtQRKYxyQ8P7eB2G/xT4lChPufNixKSc8s18dv5j6ObzIXq25G2wYvd3yGpWM1f
NqZwESbFYYWNunD8FoClzcpGQWxgBMoS1yQ4TVTENMXGkFeuWq7BLo1hwzBSkGV1
87ot2L4q34PeM4GUGr3tOSNM6iFZtegyOPVyeKwj5YOKgsE6oIc3/x3c0zrGMz9l
4r6dm1fIlaL/vtG8/qibp6CXSLnINz47mKTloLh1LYu38dCoGbNZoaPXPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQVqql+01KY5m0aX16eOGCw0ECqMB8GA1UdIwQY
MBaAFHK70voYMZY54l/79L2/oAhmAViuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3J2Uy1oZ3hsam5pWF92MHZiLWdDR1lCV0s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kYzQ0MjAtNDA2Mi00Nzc4LTkzNTgt
MGFmMmU1NDE2NDZjLzEvZEJXcXFYN1RVcGptYlJwZlhwNDRZTERRUUtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kYzQ0MjAtNDA2Mi00Nzc4LTkzNTgtMGFmMmU1NDE2NDZj
LzEvY3J2Uy1oZ3hsam5pWF92MHZiLWdDR1lCV0s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRH4MA0G
CSqGSIb3DQEBCwUAA4IBAQBCrrHHL1T+dzk55O4O7rYmNqePm7zww29n7NJf+sib
bYyCPfhNlU8nCtBNM6TENnSMQX7KzGtuy1+7GyXxXJ5I7h5s1Y5pXneiCWyDRqAi
JvxiJLTAuWGH9QZDTz2aSk1zM7mxS0HbaYfJnA82vBZPvmIUZ+al8vbfWYNkspz+
mniy5nsOrRfRJFcG6le9ck1yrh9Vm9/IupkmtbFa4AcyJ1v+5YO7qnuwgVFzjfPD
8m+9tfU9MA6WmLb1pNQeAzNFr6nzgC4I2UUrHRMEFtwAib0RmJ80gx/6qJgJ+8Us
IHIgaRKlpqr77Hvjzu0l+6md5tSn7SzQy1DYZNIMRjsm
-----END CERTIFICATE-----