Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/HYm3JS5hkKtt1MJOVZVxLEKy-Nw.roa
File:                     HYm3JS5hkKtt1MJOVZVxLEKy-Nw.roa (raw, json)
Hash identifier:          EDXt7qv7G6UL7E3Cb9MkJRzLST8ItMWjBgR9ms+9P4g=
Subject key identifier:   1D:89:B7:25:2E:61:90:AB:6D:D4:C2:4E:55:95:71:2C:42:B2:F8:DC
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0197EA1909EEF7C5C6CF691ED7764B9C1C3B
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/HYm3JS5hkKtt1MJOVZVxLEKy-Nw.roa
Signing time:             Tue 08 Jul 2025 12:53:18 +0000
ROA not before:           Tue 08 Jul 2025 12:53:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60808
IP address blocks:        188.253.96.0/19 maxlen: 24
                          2a05:ec80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ea:19:09:ee:f7:c5:c6:cf:69:1e:d7:76:4b:9c:1c:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jul  8 12:53:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d89b7252e6190ab6dd4c24e5595712c42b2f8dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:20:b5:f3:f6:8d:57:d6:e9:ed:76:27:60:15:
                    be:de:1a:10:78:05:6a:36:28:02:19:5d:21:66:db:
                    28:42:80:18:84:32:96:50:67:02:5e:f3:06:9a:23:
                    82:eb:0d:5c:fa:98:f7:61:19:a3:c5:07:c3:07:12:
                    2c:b3:ad:58:07:bf:cc:70:d2:87:05:8c:73:4c:72:
                    c6:18:7f:2d:25:24:a2:a8:54:7b:e1:ed:22:8d:a6:
                    92:e7:8d:13:80:e8:af:e3:a2:ba:08:25:4e:c0:06:
                    a2:5f:b5:56:2a:ac:22:01:73:97:c8:2e:15:84:69:
                    9d:85:44:82:f0:fb:51:ff:54:fb:d8:70:94:ef:00:
                    86:e0:6b:73:29:4e:cd:49:be:ff:5f:87:68:6e:44:
                    91:96:94:29:ef:0f:62:30:fa:e3:fa:25:09:0b:8a:
                    00:34:88:43:9f:b7:c5:38:ca:77:c5:e3:1f:f9:80:
                    2d:b0:7e:c9:a4:46:bc:5c:09:b6:e8:32:b6:ba:b9:
                    0f:83:4d:c1:2a:1f:a0:e5:04:09:eb:6f:bb:e2:06:
                    53:83:34:c1:ce:c7:26:8c:6c:60:8b:f2:d8:42:52:
                    c8:4c:f8:50:82:1a:ab:f7:2e:e5:4f:12:d7:e3:38:
                    f6:35:67:16:4d:33:37:b9:01:17:0c:da:75:6b:a0:
                    87:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:89:B7:25:2E:61:90:AB:6D:D4:C2:4E:55:95:71:2C:42:B2:F8:DC
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/HYm3JS5hkKtt1MJOVZVxLEKy-Nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.253.96.0/19
                IPv6:
                  2a05:ec80::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:d3:0c:35:1e:04:16:92:5c:f1:a6:2c:25:f9:4f:69:b3:0d:
         1b:5d:85:6c:b1:30:84:df:cb:78:34:84:0b:a7:88:b9:c1:9b:
         3c:87:4a:5e:c0:15:26:78:14:12:f9:bb:34:6b:8c:21:b1:72:
         90:23:47:cd:4b:1d:a0:97:a1:de:09:7f:8c:4e:87:35:87:fb:
         39:89:9c:46:c6:ec:b5:2f:db:5d:79:a8:d7:1a:af:69:ef:07:
         b7:79:68:66:b7:ea:64:bb:2d:de:0f:19:1d:e9:76:b2:2d:64:
         d9:b9:9d:36:22:80:27:db:a4:06:b9:0d:b1:6a:6f:1b:67:12:
         01:fa:10:63:65:03:2d:88:c2:b8:ef:0b:a3:93:dd:1a:ba:90:
         ab:ba:23:28:12:6f:81:24:71:22:46:e8:2e:de:02:27:ab:21:
         70:ff:0d:bf:dd:a9:63:6d:60:38:8f:6a:c3:d7:4a:2f:ba:ef:
         58:58:78:89:61:b6:86:49:8e:a5:14:5a:ab:ee:7b:c1:88:24:
         83:b1:78:ea:eb:21:b4:5e:95:48:c8:33:d0:6b:f5:c1:d0:b0:
         fc:c8:57:a7:52:f3:d5:ea:8c:6b:1d:8f:6f:02:10:53:fc:35:
         2a:7a:76:dd:4b:7d:5c:33:a7:d4:eb:ae:29:66:d3:f6:e7:46:
         89:04:35:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfqGQnu98XGz2ke13ZLnBw7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwNzA4MTI1MzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDg5YjcyNTJlNjE5MGFiNmRkNGMyNGU1NTk1NzEyYzQyYjJmOGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyC18/aNV9bp7XYnYBW+3hoQeAVq
NigCGV0hZtsoQoAYhDKWUGcCXvMGmiOC6w1c+pj3YRmjxQfDBxIss61YB7/McNKH
BYxzTHLGGH8tJSSiqFR74e0ijaaS540TgOiv46K6CCVOwAaiX7VWKqwiAXOXyC4V
hGmdhUSC8PtR/1T72HCU7wCG4GtzKU7NSb7/X4dobkSRlpQp7w9iMPrj+iUJC4oA
NIhDn7fFOMp3xeMf+YAtsH7JpEa8XAm26DK2urkPg03BKh+g5QQJ62+74gZTgzTB
zscmjGxgi/LYQlLITPhQghqr9y7lTxLX4zj2NWcWTTM3uQEXDNp1a6CH+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB2JtyUuYZCrbdTCTlWVcSxCsvjcMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvSFltM0pTNWhrS3R0MU1KT1ZaVnhMRUt5LU53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFvP1gMA0E
AgACMAcDBQMqBeyAMA0GCSqGSIb3DQEBCwUAA4IBAQAU0ww1HgQWklzxpiwl+U9p
sw0bXYVssTCE38t4NIQLp4i5wZs8h0pewBUmeBQS+bs0a4whsXKQI0fNSx2gl6He
CX+MToc1h/s5iZxGxuy1L9tdeajXGq9p7we3eWhmt+pkuy3eDxkd6XayLWTZuZ02
IoAn26QGuQ2xam8bZxIB+hBjZQMtiMK47wujk90aupCruiMoEm+BJHEiRugu3gIn
qyFw/w2/3aljbWA4j2rD10ovuu9YWHiJYbaGSY6lFFqr7nvBiCSDsXjq6yG0XpVI
yDPQa/XB0LD8yFenUvPV6oxrHY9vAhBT/DUqenbdS31cM6fU664pZtP250aJBDWT
-----END CERTIFICATE-----