Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/hlJjKHJFeD3j4Nr8Kn0Ft2J4O1E.roa
File:                     hlJjKHJFeD3j4Nr8Kn0Ft2J4O1E.roa (raw, json)
Hash identifier:          Fv/393RUKDmiuBI9kyyedtNaYIDs37je0cMv9FMaRSg=
Subject key identifier:   86:52:63:28:72:45:78:3D:E3:E0:DA:FC:2A:7D:05:B7:62:78:3B:51
Certificate issuer:       /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial:       0198170340B1E89C4E283A92D1EF1D7E660D
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/hlJjKHJFeD3j4Nr8Kn0Ft2J4O1E.roa
Signing time:             Thu 17 Jul 2025 06:12:25 +0000
ROA not before:           Thu 17 Jul 2025 06:12:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39216
IP address blocks:        185.21.136.0/24 maxlen: 24
                          185.21.137.0/24 maxlen: 24
                          185.21.138.0/24 maxlen: 24
                          185.21.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:03:40:b1:e8:9c:4e:28:3a:92:d1:ef:1d:7e:66:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
        Validity
            Not Before: Jul 17 06:12:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=865263287245783de3e0dafc2a7d05b762783b51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bf:88:43:96:11:5d:a0:6a:35:53:2c:fb:00:
                    e5:b3:8f:0e:36:1c:08:ec:19:e4:70:69:74:2f:31:
                    d3:88:a1:6b:93:f2:5c:39:b0:b7:4f:a9:42:86:57:
                    fe:42:df:8b:a1:17:6f:5e:04:2c:5b:2e:94:0d:9f:
                    04:aa:cb:c5:8f:61:80:80:a2:b8:99:26:3f:3b:c6:
                    92:bf:25:32:a2:e8:50:54:01:bf:49:96:37:7f:1f:
                    16:26:cb:4a:c8:aa:73:46:e9:7c:38:b5:a6:9e:08:
                    bd:93:f3:f5:44:1f:11:38:bd:6c:7c:b3:9d:86:fe:
                    3f:07:73:8d:0e:63:0f:b4:ed:c4:e2:92:0c:50:60:
                    44:ce:70:d6:a0:ef:c1:5e:c6:0b:0d:cd:5b:59:06:
                    b4:48:23:6b:19:be:1c:d9:71:f8:e6:e5:80:b0:ba:
                    2e:11:7a:d7:1f:ee:f9:05:7c:e4:15:20:63:44:f3:
                    97:3f:f1:80:ae:7a:05:e5:ff:1e:6a:25:74:67:b6:
                    1a:02:ed:3e:a7:da:b8:b0:2c:b7:7f:5d:fc:c9:a6:
                    0e:04:55:d4:5f:51:43:19:a7:35:1f:28:7d:31:a9:
                    59:76:40:59:e5:c1:e1:05:f5:bf:ad:ce:f8:5d:b1:
                    2f:eb:a1:4e:1f:70:bd:f1:a4:7b:5a:85:8a:0c:a2:
                    61:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:52:63:28:72:45:78:3D:E3:E0:DA:FC:2A:7D:05:B7:62:78:3B:51
            X509v3 Authority Key Identifier:
                keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/hlJjKHJFeD3j4Nr8Kn0Ft2J4O1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:6a:88:64:76:47:6d:42:76:e8:4a:93:f9:3c:f4:58:45:ff:
         6d:4e:9c:d7:43:a4:e4:bb:04:ec:1d:66:ee:99:8b:a4:96:8d:
         48:c0:e3:8c:c3:03:ee:a7:8d:d4:30:fd:67:05:6c:ff:7a:ff:
         b2:87:4c:91:7c:7e:39:5a:f4:4e:15:14:82:ac:aa:09:69:d6:
         a5:05:7b:4b:73:65:0a:52:f7:17:1d:e6:f8:79:5f:8f:1e:76:
         76:a5:f1:d4:a2:65:6c:b1:84:16:a1:b9:b7:9f:e4:a0:61:22:
         5b:dc:66:8a:a2:19:4e:a6:36:f4:1c:d8:40:36:0e:38:3e:d4:
         2f:00:47:c7:97:75:c0:ae:41:6a:d3:fc:1a:d7:a2:23:24:94:
         3d:18:b4:6a:b6:5a:8a:44:2a:4e:29:81:7c:f4:fa:47:f4:5c:
         a4:37:9e:2f:47:b7:b1:68:38:1d:ca:cf:02:b5:2b:43:9a:ce:
         9b:a5:a9:58:4c:5f:94:18:c0:06:90:a8:87:cf:48:b8:c2:22:
         55:b4:fa:5f:8b:c7:2b:a6:b6:1c:1e:2d:9c:d3:4d:23:38:bb:
         7d:0a:a8:17:82:b5:f8:33:c4:89:8d:fc:5b:54:09:c3:fd:88:
         88:ce:f4:71:a4:17:14:d6:76:f4:86:0a:db:ca:df:c6:41:db:
         7a:29:7f:74
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZgXA0Cx6JxOKDqS0e8dfmYNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGEwMmQyMGM2YjdkZTM1NzEyNWYzOGIxNzM1Y2ExYjkx
Zjg3YjMwHhcNMjUwNzE3MDYxMjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjUyNjMyODcyNDU3ODNkZTNlMGRhZmMyYTdkMDViNzYyNzgzYjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvb+IQ5YRXaBqNVMs+wDls48ONhwI
7BnkcGl0LzHTiKFrk/JcObC3T6lChlf+Qt+LoRdvXgQsWy6UDZ8EqsvFj2GAgKK4
mSY/O8aSvyUyouhQVAG/SZY3fx8WJstKyKpzRul8OLWmngi9k/P1RB8ROL1sfLOd
hv4/B3ONDmMPtO3E4pIMUGBEznDWoO/BXsYLDc1bWQa0SCNrGb4c2XH45uWAsLou
EXrXH+75BXzkFSBjRPOXP/GArnoF5f8eaiV0Z7YaAu0+p9q4sCy3f138yaYOBFXU
X1FDGac1Hyh9MalZdkBZ5cHhBfW/rc74XbEv66FOH3C98aR7WoWKDKJh/QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIZSYyhyRXg94+Da/Cp9BbdieDtRMB8GA1UdIwQY
MBaAFPmKAtIMa33jVxJfOLFzXKG5H4ezMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Zb0MwZ3hyZmVOWEVsODRzWE5jb2JrZmg3TS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMz
LWFjZTNkNjc1ZDNjZC8xL2hsSmpLSEpGZUQzajROcjhLbjBGdDJKNE8xRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMzLWFjZTNkNjc1ZDNj
ZC8xLzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK5FYgw
DQYJKoZIhvcNAQELBQADggEBAKtqiGR2R21CduhKk/k89FhF/21OnNdDpOS7BOwd
Zu6Zi6SWjUjA44zDA+6njdQw/WcFbP96/7KHTJF8fjla9E4VFIKsqglp1qUFe0tz
ZQpS9xcd5vh5X48ednal8dSiZWyxhBahubef5KBhIlvcZoqiGU6mNvQc2EA2Djg+
1C8AR8eXdcCuQWrT/BrXoiMklD0YtGq2WopEKk4pgXz0+kf0XKQ3ni9Ht7FoOB3K
zwK1K0OazpulqVhMX5QYwAaQqIfPSLjCIlW0+l+LxyumthweLZzTTSM4u30KqBeC
tfgzxImN/FtUCcP9iIjO9HGkFxTWdvSGCtvK38ZB23opf3Q=
-----END CERTIFICATE-----