Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/HIkRjfiBhPQsBq4nmHslEaUbXqU.roa
File:                     HIkRjfiBhPQsBq4nmHslEaUbXqU.roa (raw, json)
Hash identifier:          +cuBUldhMURKr2hQ6hWWWuuFWPU1bf85bijBHZak/qc=
Subject key identifier:   1C:89:11:8D:F8:81:84:F4:2C:06:AE:27:98:7B:25:11:A5:1B:5E:A5
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       01981D21B8543E9D78A88E836B330EBD83EB
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/HIkRjfiBhPQsBq4nmHslEaUbXqU.roa
Signing time:             Fri 18 Jul 2025 10:43:25 +0000
ROA not before:           Fri 18 Jul 2025 10:43:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20115
IP address blocks:        185.10.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1d:21:b8:54:3e:9d:78:a8:8e:83:6b:33:0e:bd:83:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Jul 18 10:43:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c89118df88184f42c06ae27987b2511a51b5ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:43:b9:f1:58:03:cc:ae:36:3c:dd:65:df:c3:
                    87:cd:9e:7a:67:8f:c4:7b:f3:c6:e2:76:1f:f4:14:
                    cd:d7:16:e3:8d:c5:70:4d:f2:de:2d:bb:da:2e:17:
                    c6:d3:74:e1:ec:79:b0:99:65:83:c8:79:79:31:ff:
                    7b:b6:d5:9c:dd:69:89:ca:0e:2f:8e:63:01:96:09:
                    47:5e:19:02:e3:36:0d:1a:45:29:ef:8a:ca:4f:a4:
                    30:27:d2:4d:c3:18:75:79:34:d6:53:44:01:eb:26:
                    89:19:08:10:8c:bf:0b:ab:30:fb:92:c6:2c:15:27:
                    04:89:05:1d:8d:4e:5e:73:78:76:20:47:4f:88:88:
                    7f:da:1a:8b:f1:6f:d6:cb:bd:25:fa:0f:d0:e6:c7:
                    bb:da:38:42:95:52:68:04:58:b1:89:cf:f3:e7:1a:
                    ab:e0:72:8a:ec:75:c0:0f:ee:3a:24:fe:87:f7:0f:
                    22:a6:58:06:1d:c4:c6:85:84:38:cb:b0:aa:f9:f7:
                    be:64:be:16:6a:64:e6:25:82:8b:62:3c:e7:30:ab:
                    37:fb:c8:8b:10:47:43:67:9b:8a:a2:c6:de:2a:a9:
                    69:be:5b:cd:dd:e7:0d:9f:cd:cc:ce:15:6f:da:5c:
                    3f:4b:c9:82:5d:fc:17:1e:3b:e5:c2:e5:0e:6e:8d:
                    d1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:89:11:8D:F8:81:84:F4:2C:06:AE:27:98:7B:25:11:A5:1B:5E:A5
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/HIkRjfiBhPQsBq4nmHslEaUbXqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:54:fc:49:a5:29:12:52:26:b3:04:4d:82:68:1d:72:1c:ee:
         11:35:95:b0:72:00:54:a2:3d:64:2d:35:fa:d5:42:bd:65:6a:
         fc:eb:db:86:24:0b:d9:a1:ed:cf:a3:c0:aa:06:85:f3:3f:b1:
         5a:1f:dc:32:64:e8:f5:e9:c7:53:d3:50:15:b9:e7:fc:c0:fd:
         f7:ee:10:de:30:c6:ab:7b:ad:9c:0c:c3:65:3e:3b:32:1f:cc:
         c0:2a:e8:ac:b0:b6:e2:c8:7f:ba:c9:9f:b4:72:07:a7:91:34:
         75:50:30:29:19:9f:85:26:c7:c3:5c:2c:59:64:af:f7:3d:99:
         95:31:63:02:d8:b6:00:83:ea:9a:e5:50:bc:68:33:08:1f:70:
         48:72:5f:01:4a:41:59:4a:c3:e9:31:ae:6a:1e:58:31:0e:b2:
         4f:98:17:61:8c:69:7f:4a:a3:27:cd:05:93:37:58:ee:f5:f5:
         ac:e0:09:21:06:f6:f6:44:30:0b:b2:ff:ae:2c:70:05:83:f1:
         42:e1:fd:07:3e:de:66:81:d1:f7:e3:1c:4e:49:c8:b5:ee:2c:
         4b:ee:93:15:96:bf:be:89:d7:21:fe:4d:f5:51:ec:5e:a4:37:
         8a:c8:16:86:85:9d:05:7b:fe:9a:74:d0:d9:51:fa:e8:55:df:
         8c:cb:95:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgdIbhUPp14qI6DazMOvYPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjUwNzE4MTA0MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg5MTE4ZGY4ODE4NGY0MmMwNmFlMjc5ODdiMjUxMWE1MWI1ZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukO58VgDzK42PN1l38OHzZ56Z4/E
e/PG4nYf9BTN1xbjjcVwTfLeLbvaLhfG03Th7HmwmWWDyHl5Mf97ttWc3WmJyg4v
jmMBlglHXhkC4zYNGkUp74rKT6QwJ9JNwxh1eTTWU0QB6yaJGQgQjL8LqzD7ksYs
FScEiQUdjU5ec3h2IEdPiIh/2hqL8W/Wy70l+g/Q5se72jhClVJoBFixic/z5xqr
4HKK7HXAD+46JP6H9w8iplgGHcTGhYQ4y7Cq+fe+ZL4WamTmJYKLYjznMKs3+8iL
EEdDZ5uKosbeKqlpvlvN3ecNn83MzhVv2lw/S8mCXfwXHjvlwuUObo3RgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByJEY34gYT0LAauJ5h7JRGlG16lMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvSElrUmpmaUJoUFFzQnE0bm1Ic2xFYVViWHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQp6MA0G
CSqGSIb3DQEBCwUAA4IBAQBSVPxJpSkSUiazBE2CaB1yHO4RNZWwcgBUoj1kLTX6
1UK9ZWr869uGJAvZoe3Po8CqBoXzP7FaH9wyZOj16cdT01AVuef8wP337hDeMMar
e62cDMNlPjsyH8zAKuissLbiyH+6yZ+0cgenkTR1UDApGZ+FJsfDXCxZZK/3PZmV
MWMC2LYAg+qa5VC8aDMIH3BIcl8BSkFZSsPpMa5qHlgxDrJPmBdhjGl/SqMnzQWT
N1ju9fWs4AkhBvb2RDALsv+uLHAFg/FC4f0HPt5mgdH34xxOSci17ixL7pMVlr++
idch/k31UexepDeKyBaGhZ0Fe/6adNDZUfroVd+My5Wa
-----END CERTIFICATE-----