Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/Y8i3rrn4fUUiKvEOTWMIpo8Wdg0.roa
File:                     Y8i3rrn4fUUiKvEOTWMIpo8Wdg0.roa (raw, json)
Hash identifier:          lhJRliSxc8nIrWSQMwOkXfftJXTelhvnTEYCqHEODt0=
Subject key identifier:   63:C8:B7:AE:B9:F8:7D:45:22:2A:F1:0E:4D:63:08:A6:8F:16:76:0D
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       0197FEAEAA5198DD715B070109E47CA39D2A
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/Y8i3rrn4fUUiKvEOTWMIpo8Wdg0.roa
Signing time:             Sat 12 Jul 2025 12:49:09 +0000
ROA not before:           Sat 12 Jul 2025 12:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44400
IP address blocks:        87.248.140.0/24 maxlen: 24
                          87.248.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:ae:aa:51:98:dd:71:5b:07:01:09:e4:7c:a3:9d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Jul 12 12:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63c8b7aeb9f87d45222af10e4d6308a68f16760d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:05:19:53:77:7f:9b:b8:cb:53:d0:85:51:75:
                    b7:33:e5:2e:6f:b9:a5:af:57:2d:0d:f0:91:48:96:
                    21:c5:89:6c:06:0b:b5:69:1e:bf:56:dc:e3:0f:7e:
                    28:5f:30:8f:2a:fe:fc:3d:8b:0a:89:35:87:c9:60:
                    cd:64:56:a0:e5:23:ef:42:94:2e:e8:d2:e2:42:73:
                    e0:38:aa:ed:cb:8b:16:12:68:08:90:30:16:6d:78:
                    38:3f:05:ee:31:16:65:9f:46:ac:6a:3f:0c:f6:c1:
                    4e:58:0d:3d:81:06:10:32:d2:b9:19:3c:aa:7c:16:
                    9e:8a:e2:84:4d:37:1d:e9:31:6a:f4:0b:e4:7d:74:
                    20:23:fd:cd:09:bf:fe:b8:2f:7a:24:98:41:d5:2a:
                    cc:44:eb:87:e4:85:5d:3c:7f:79:95:10:dd:7d:d1:
                    82:e7:7f:f3:b8:ea:02:40:18:f1:dc:8e:e6:37:dd:
                    2e:6a:13:e1:9b:c7:4f:24:57:80:a9:8e:a6:6d:69:
                    83:ec:c8:cc:16:2c:67:d1:f6:6c:86:09:ba:fb:4b:
                    7e:51:63:3b:0c:c0:13:60:88:e4:68:9d:ee:d2:36:
                    d4:82:1f:ea:4b:64:6e:bb:e2:a0:fa:b6:54:58:d0:
                    10:12:3e:3e:93:c3:2f:8c:38:e1:5b:16:0f:70:86:
                    2c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C8:B7:AE:B9:F8:7D:45:22:2A:F1:0E:4D:63:08:A6:8F:16:76:0D
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/Y8i3rrn4fUUiKvEOTWMIpo8Wdg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:ea:ed:e1:fd:b0:fd:e2:04:c9:3c:08:d5:0b:4f:b2:af:4e:
         0f:e0:a4:9d:84:2f:f1:13:b4:18:a0:58:50:b8:be:25:72:89:
         81:64:16:1f:26:af:2c:f7:61:5e:81:f0:61:2b:c2:88:51:11:
         a9:ec:65:84:3c:ab:bc:82:ea:57:80:54:8a:89:18:1a:79:2e:
         ce:b6:fd:13:fd:4e:bb:f4:18:7b:ad:e6:75:80:1d:12:b7:bf:
         d1:06:56:34:0f:a5:e3:0b:72:0d:6a:20:9e:60:5b:99:34:75:
         59:7b:f4:85:fd:3b:86:66:f1:a2:d0:e9:bd:02:43:c5:8c:0f:
         9c:f9:0d:03:20:7c:16:c7:1c:4f:c7:88:dd:54:46:79:ab:39:
         3a:8a:c0:73:d1:42:7d:a4:93:f9:56:9a:4e:5a:b9:1c:67:e9:
         72:75:c4:c6:21:2b:24:44:2d:c4:7c:14:72:ac:44:3f:2c:37:
         0c:82:bc:e6:e7:dd:4e:57:d3:09:02:13:1e:43:3b:b3:b3:24:
         a0:a7:a3:06:c7:cd:58:57:11:10:67:e6:9d:49:a9:5e:c3:62:
         1c:2b:8c:21:86:2a:59:d4:62:1d:56:a9:d3:33:67:3b:72:f4:
         33:db:4a:b7:85:3b:4a:58:33:8f:52:7b:73:c8:e4:fc:b5:3d:
         1a:0b:49:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf+rqpRmN1xWwcBCeR8o50qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjUwNzEyMTI0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2M4YjdhZWI5Zjg3ZDQ1MjIyYWYxMGU0ZDYzMDhhNjhmMTY3NjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswUZU3d/m7jLU9CFUXW3M+Uub7ml
r1ctDfCRSJYhxYlsBgu1aR6/VtzjD34oXzCPKv78PYsKiTWHyWDNZFag5SPvQpQu
6NLiQnPgOKrty4sWEmgIkDAWbXg4PwXuMRZln0asaj8M9sFOWA09gQYQMtK5GTyq
fBaeiuKETTcd6TFq9AvkfXQgI/3NCb/+uC96JJhB1SrMROuH5IVdPH95lRDdfdGC
53/zuOoCQBjx3I7mN90uahPhm8dPJFeAqY6mbWmD7MjMFixn0fZshgm6+0t+UWM7
DMATYIjkaJ3u0jbUgh/qS2Ruu+Kg+rZUWNAQEj4+k8MvjDjhWxYPcIYsUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPIt665+H1FIirxDk1jCKaPFnYNMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvWThpM3JybjRmVVVpS3ZFT1RXTUlwbzhXZGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV/iMMA0G
CSqGSIb3DQEBCwUAA4IBAQAw6u3h/bD94gTJPAjVC0+yr04P4KSdhC/xE7QYoFhQ
uL4lcomBZBYfJq8s92FegfBhK8KIURGp7GWEPKu8gupXgFSKiRgaeS7Otv0T/U67
9Bh7reZ1gB0St7/RBlY0D6XjC3INaiCeYFuZNHVZe/SF/TuGZvGi0Om9AkPFjA+c
+Q0DIHwWxxxPx4jdVEZ5qzk6isBz0UJ9pJP5VppOWrkcZ+lydcTGISskRC3EfBRy
rEQ/LDcMgrzm591OV9MJAhMeQzuzsySgp6MGx81YVxEQZ+adSalew2IcK4whhipZ
1GIdVqnTM2c7cvQz20q3hTtKWDOPUntzyOT8tT0aC0mk
-----END CERTIFICATE-----