Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/26e557-4183-4b26-a958-a789f1c82f76/1/W8c8ZhPJdklLkKfc00KTGx4GVO0.roa
File:                     W8c8ZhPJdklLkKfc00KTGx4GVO0.roa (raw, json)
Hash identifier:          d8YsiXAm3CU+a5ljdkxt8IcTp/JV67tcg7I0aXo5+zQ=
Subject key identifier:   5B:C7:3C:66:13:C9:76:49:4B:90:A7:DC:D3:42:93:1B:1E:06:54:ED
Certificate issuer:       /CN=a44e128b3997bf7e9f4af35e704fb802a417d6c9
Certificate serial:       0198267EB7B36D80A9FA891CDA87C9F97679
Authority key identifier: A4:4E:12:8B:39:97:BF:7E:9F:4A:F3:5E:70:4F:B8:02:A4:17:D6:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pE4SizmXv36fSvNecE-4AqQX1sk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/26e557-4183-4b26-a958-a789f1c82f76/1/W8c8ZhPJdklLkKfc00KTGx4GVO0.roa
Signing time:             Sun 20 Jul 2025 06:21:35 +0000
ROA not before:           Sun 20 Jul 2025 06:21:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211279
IP address blocks:        212.6.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/26e557-4183-4b26-a958-a789f1c82f76/1/pE4SizmXv36fSvNecE-4AqQX1sk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/26e557-4183-4b26-a958-a789f1c82f76/1/pE4SizmXv36fSvNecE-4AqQX1sk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pE4SizmXv36fSvNecE-4AqQX1sk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 15:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:26:7e:b7:b3:6d:80:a9:fa:89:1c:da:87:c9:f9:76:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a44e128b3997bf7e9f4af35e704fb802a417d6c9
        Validity
            Not Before: Jul 20 06:21:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bc73c6613c976494b90a7dcd342931b1e0654ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:18:a8:1b:1b:dd:8f:6e:be:e8:53:72:df:1a:
                    1d:bd:6c:b8:ee:8e:d5:0e:ec:42:1d:89:0d:21:61:
                    85:83:3c:ba:e6:b2:82:55:f2:f9:d3:15:85:01:44:
                    f0:80:69:9c:9d:66:2b:30:c3:5f:8e:e6:91:11:af:
                    a9:e3:d4:da:3b:5c:6d:5c:c7:e9:05:c6:dd:58:61:
                    4f:ee:26:f6:c7:ac:8e:fa:f8:d4:49:05:cd:9e:af:
                    1a:25:d4:ba:82:59:ea:49:73:4b:82:e3:51:8d:e4:
                    ad:ed:13:06:02:6e:c7:a9:7e:23:a5:80:b3:e7:ea:
                    3f:d2:79:43:fe:6b:3f:ce:ae:1e:a1:7a:b5:d3:fb:
                    86:f6:8c:06:5d:68:b8:6d:92:bf:87:4a:ee:bb:b8:
                    23:4f:d8:4e:dd:34:66:81:f2:82:90:85:70:8b:03:
                    03:dc:ce:9d:51:51:13:ed:56:91:b4:e9:9c:0b:ba:
                    75:8d:61:60:e7:c1:f3:a8:bf:19:c1:fc:f8:49:cf:
                    d2:ba:59:5d:75:d5:77:5b:8d:f4:d0:a5:a1:3c:50:
                    4a:0f:71:fb:1d:51:9c:2a:57:0e:b1:ec:44:18:5d:
                    c6:ea:45:ea:be:a4:71:e1:eb:23:29:e9:51:15:6e:
                    57:e1:f8:c7:67:09:4a:93:21:be:ec:d8:e2:45:16:
                    8e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:C7:3C:66:13:C9:76:49:4B:90:A7:DC:D3:42:93:1B:1E:06:54:ED
            X509v3 Authority Key Identifier:
                keyid:A4:4E:12:8B:39:97:BF:7E:9F:4A:F3:5E:70:4F:B8:02:A4:17:D6:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pE4SizmXv36fSvNecE-4AqQX1sk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/26e557-4183-4b26-a958-a789f1c82f76/1/W8c8ZhPJdklLkKfc00KTGx4GVO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/26e557-4183-4b26-a958-a789f1c82f76/1/pE4SizmXv36fSvNecE-4AqQX1sk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:99:51:c3:19:18:d5:88:67:7e:a1:29:a1:00:6b:39:8d:b0:
         f4:bb:bb:25:0e:62:0e:5e:52:f9:17:b8:68:bc:a6:bc:eb:f4:
         e8:b0:f8:7e:09:4b:27:89:80:01:c6:54:b7:26:dc:b5:f0:e9:
         7e:be:91:fa:55:3f:1f:72:dd:d6:a4:b3:f0:eb:bd:bf:a2:11:
         5a:c0:fd:6a:8c:83:7f:2c:6f:e9:bb:37:69:1d:b5:75:bb:9d:
         b3:f2:4a:c4:1c:81:7d:66:61:30:90:6c:9a:27:9c:16:1f:6e:
         4d:a2:4c:7b:c8:3a:88:2d:01:be:2a:6a:05:ba:eb:10:8c:78:
         de:8a:6c:aa:f4:60:1e:43:68:de:12:51:6a:37:a8:1c:5a:0a:
         a8:59:29:88:e4:9c:c7:43:72:b1:fd:06:1f:84:41:78:d2:4f:
         9c:49:1b:98:89:93:7f:36:61:a5:fe:39:a7:5e:da:ce:4b:c8:
         a0:1a:fe:8a:50:1a:7a:63:6e:4b:e3:5f:74:f1:08:e6:50:51:
         e7:0e:0f:50:e6:41:a5:ac:9d:cb:18:83:b7:7b:a4:8f:43:1b:
         0f:84:84:61:ae:bf:f1:6b:a2:9b:9d:b2:10:91:26:59:15:f9:
         40:3d:91:5a:36:85:da:22:90:ac:1e:21:d9:89:64:a5:5d:6a:
         78:13:ca:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgmfrezbYCp+okc2ofJ+XZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NGUxMjhiMzk5N2JmN2U5ZjRhZjM1ZTcwNGZiODAyYTQx
N2Q2YzkwHhcNMjUwNzIwMDYyMTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmM3M2M2NjEzYzk3NjQ5NGI5MGE3ZGNkMzQyOTMxYjFlMDY1NGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxioGxvdj26+6FNy3xodvWy47o7V
DuxCHYkNIWGFgzy65rKCVfL50xWFAUTwgGmcnWYrMMNfjuaREa+p49TaO1xtXMfp
BcbdWGFP7ib2x6yO+vjUSQXNnq8aJdS6glnqSXNLguNRjeSt7RMGAm7HqX4jpYCz
5+o/0nlD/ms/zq4eoXq10/uG9owGXWi4bZK/h0ruu7gjT9hO3TRmgfKCkIVwiwMD
3M6dUVET7VaRtOmcC7p1jWFg58HzqL8Zwfz4Sc/SulldddV3W4300KWhPFBKD3H7
HVGcKlcOsexEGF3G6kXqvqRx4esjKelRFW5X4fjHZwlKkyG+7NjiRRaOAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvHPGYTyXZJS5Cn3NNCkxseBlTtMB8GA1UdIwQY
MBaAFKROEos5l79+n0rzXnBPuAKkF9bJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEU0U2l6bVh2MzZmU3ZOZWNFLTRBcVFYMXNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8yNmU1NTctNDE4My00YjI2LWE5NTgt
YTc4OWYxYzgyZjc2LzEvVzhjOFpoUEpka2xMa0tmYzAwS1RHeDRHVk8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8yNmU1NTctNDE4My00YjI2LWE5NTgtYTc4OWYxYzgyZjc2
LzEvcEU0U2l6bVh2MzZmU3ZOZWNFLTRBcVFYMXNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AYwMA0G
CSqGSIb3DQEBCwUAA4IBAQBAmVHDGRjViGd+oSmhAGs5jbD0u7slDmIOXlL5F7ho
vKa86/TosPh+CUsniYABxlS3Jty18Ol+vpH6VT8fct3WpLPw672/ohFawP1qjIN/
LG/puzdpHbV1u52z8krEHIF9ZmEwkGyaJ5wWH25Nokx7yDqILQG+KmoFuusQjHje
imyq9GAeQ2jeElFqN6gcWgqoWSmI5JzHQ3Kx/QYfhEF40k+cSRuYiZN/NmGl/jmn
XtrOS8igGv6KUBp6Y25L41908QjmUFHnDg9Q5kGlrJ3LGIO3e6SPQxsPhIRhrr/x
a6KbnbIQkSZZFflAPZFaNoXaIpCsHiHZiWSlXWp4E8rD
-----END CERTIFICATE-----