Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/F3QlTHWWE9WSlkZMiQKc9st1Ou0.roa
File:                     F3QlTHWWE9WSlkZMiQKc9st1Ou0.roa (raw, json)
Hash identifier:          jTF2cakx1EB5lTOXhh5DpRR8jEQ1THUMX2LOgGpYREA=
Subject key identifier:   17:74:25:4C:75:96:13:D5:92:96:46:4C:89:02:9C:F6:CB:75:3A:ED
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       01981D22A2052A4D97AD7FABBF949AD7AAE1
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/F3QlTHWWE9WSlkZMiQKc9st1Ou0.roa
Signing time:             Fri 18 Jul 2025 10:44:25 +0000
ROA not before:           Fri 18 Jul 2025 10:44:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        5.39.192.0/22 maxlen: 24
                          185.10.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1d:22:a2:05:2a:4d:97:ad:7f:ab:bf:94:9a:d7:aa:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Jul 18 10:44:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1774254c759613d59296464c89029cf6cb753aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b4:7e:3f:36:56:62:95:67:51:fc:a5:35:e6:
                    13:fb:a4:c1:5f:70:b4:6e:65:e7:46:9f:98:dd:91:
                    de:30:67:84:80:28:84:e0:d9:ae:a0:bd:26:45:04:
                    84:c9:af:e2:1c:77:94:e5:1b:a6:9c:9a:d8:e6:6e:
                    a3:f4:5d:21:9e:60:18:9f:61:98:cc:e9:b7:e4:b2:
                    9b:c5:c6:91:32:74:47:29:ba:58:c5:55:80:17:ca:
                    50:dc:e4:6f:41:b5:d7:ce:e6:36:ba:f6:b2:d8:2d:
                    05:72:71:df:18:bf:df:da:a2:9a:4c:ae:9f:e6:ca:
                    33:2a:e5:ba:73:34:63:71:7a:92:2d:7f:61:ef:4b:
                    07:a1:3f:cc:4d:c3:67:34:9d:6b:63:15:bd:af:46:
                    85:e2:29:01:1b:34:f9:9b:ea:20:98:ea:c0:de:ea:
                    39:41:e8:bb:6c:13:7c:a1:41:26:bc:8a:e2:11:60:
                    ea:fe:9d:c2:05:c1:45:f4:83:d8:79:18:3f:20:0f:
                    77:fc:21:1b:de:81:b3:2f:5d:9b:28:60:c8:ca:a2:
                    4f:79:da:58:1f:23:c0:b0:54:8e:f7:70:02:51:00:
                    40:0d:2a:2c:96:6c:b9:ad:34:65:ab:31:a2:25:e5:
                    97:26:0c:5d:66:92:ff:3a:30:66:f8:5c:f5:a8:d8:
                    43:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:74:25:4C:75:96:13:D5:92:96:46:4C:89:02:9C:F6:CB:75:3A:ED
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/F3QlTHWWE9WSlkZMiQKc9st1Ou0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.192.0/22
                  185.10.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:d8:9d:8a:8d:e5:cb:88:c4:5e:43:95:6b:e2:58:98:08:e6:
         89:c7:50:5a:86:f5:66:e8:44:48:a2:87:cb:01:c8:e4:2b:2a:
         5e:b8:94:00:27:99:65:61:6e:9d:aa:39:b7:a4:16:89:49:f0:
         6e:60:49:56:5b:04:74:e7:cf:8f:90:84:32:fe:72:6a:b6:c6:
         52:98:ae:72:4b:24:5a:58:e5:7f:b7:c5:d7:dc:0a:23:74:5d:
         10:bb:03:af:94:98:e2:35:37:41:5b:d7:05:db:a2:7f:cd:2f:
         a2:f1:2f:20:dc:0f:b9:1c:63:a8:99:04:32:46:0f:19:b8:dc:
         9b:0f:54:c7:a1:1f:8a:e5:fd:ee:41:0b:86:52:dc:1a:e4:2c:
         79:9c:7d:eb:d2:e2:22:0e:7f:cb:de:10:fc:bb:e2:c4:b5:3b:
         99:21:ed:8b:49:b7:5c:7e:99:90:ea:f3:3e:37:07:5c:35:01:
         8b:99:7c:4e:c9:26:65:2a:31:48:1d:dd:e1:a6:c6:3a:16:8d:
         82:8c:23:08:51:2d:da:8c:a4:90:85:b7:91:82:eb:84:e3:e5:
         b3:6e:89:10:f7:8b:51:94:a6:67:c5:1e:a7:ee:c9:b5:e9:c9:
         a3:48:ff:34:5d:6b:5f:be:7c:f8:a9:17:c5:44:eb:ab:41:33:
         7f:78:2c:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgdIqIFKk2XrX+rv5Sa16rhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjUwNzE4MTA0NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzc0MjU0Yzc1OTYxM2Q1OTI5NjQ2NGM4OTAyOWNmNmNiNzUzYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7R+PzZWYpVnUfylNeYT+6TBX3C0
bmXnRp+Y3ZHeMGeEgCiE4NmuoL0mRQSEya/iHHeU5RumnJrY5m6j9F0hnmAYn2GY
zOm35LKbxcaRMnRHKbpYxVWAF8pQ3ORvQbXXzuY2uvay2C0FcnHfGL/f2qKaTK6f
5sozKuW6czRjcXqSLX9h70sHoT/MTcNnNJ1rYxW9r0aF4ikBGzT5m+ogmOrA3uo5
Qei7bBN8oUEmvIriEWDq/p3CBcFF9IPYeRg/IA93/CEb3oGzL12bKGDIyqJPedpY
HyPAsFSO93ACUQBADSoslmy5rTRlqzGiJeWXJgxdZpL/OjBm+Fz1qNhDqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBd0JUx1lhPVkpZGTIkCnPbLdTrtMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvRjNRbFRIV1dFOVdTbGtaTWlRS2M5c3QxT3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBSfAAwQB
uQp6MA0GCSqGSIb3DQEBCwUAA4IBAQAu2J2KjeXLiMReQ5Vr4liYCOaJx1BahvVm
6ERIoofLAcjkKypeuJQAJ5llYW6dqjm3pBaJSfBuYElWWwR058+PkIQy/nJqtsZS
mK5ySyRaWOV/t8XX3AojdF0QuwOvlJjiNTdBW9cF26J/zS+i8S8g3A+5HGOomQQy
Rg8ZuNybD1THoR+K5f3uQQuGUtwa5Cx5nH3r0uIiDn/L3hD8u+LEtTuZIe2LSbdc
fpmQ6vM+NwdcNQGLmXxOySZlKjFIHd3hpsY6Fo2CjCMIUS3ajKSQhbeRguuE4+Wz
bokQ94tRlKZnxR6n7sm16cmjSP80XWtfvnz4qRfFROurQTN/eCwa
-----END CERTIFICATE-----