Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/d9G31NYowC-kO4lcV-S1Fiv6scI.roa
File:                     d9G31NYowC-kO4lcV-S1Fiv6scI.roa (raw, json)
Hash identifier:          u7dMpvvjNMzzV4mP0zb47HrkK90l0kiQAifew7TNCOU=
Subject key identifier:   77:D1:B7:D4:D6:28:C0:2F:A4:3B:89:5C:57:E4:B5:16:2B:FA:B1:C2
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0198252CBE4F5C7E7BD225B148204754EDB3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/d9G31NYowC-kO4lcV-S1Fiv6scI.roa
Signing time:             Sun 20 Jul 2025 00:12:25 +0000
ROA not before:           Sun 20 Jul 2025 00:12:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210814
IP address blocks:        185.222.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 21:50:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:25:2c:be:4f:5c:7e:7b:d2:25:b1:48:20:47:54:ed:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 20 00:12:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77d1b7d4d628c02fa43b895c57e4b5162bfab1c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:bc:3b:45:c2:79:36:93:7e:e2:a7:41:dd:d6:
                    12:98:09:a6:c9:a8:e8:ba:1e:1b:d1:78:f3:a5:10:
                    a9:0b:51:04:bc:17:59:8e:8c:cb:60:61:76:23:da:
                    a7:a9:93:7b:b8:3e:58:b8:8e:93:75:1b:51:b7:12:
                    50:e6:d7:8f:2a:6a:75:4a:46:f5:c7:d1:7f:15:17:
                    24:41:6a:38:51:ae:a1:a9:98:04:93:81:34:de:4e:
                    79:72:6f:aa:5c:4c:7a:6a:5d:53:c9:62:01:93:58:
                    d1:95:e2:80:ea:da:18:67:97:bb:2b:84:3b:13:14:
                    ec:55:ed:23:5e:55:5c:6d:d0:ca:1d:e2:3b:49:d5:
                    86:24:51:52:13:fa:b8:dc:31:02:cd:d4:8c:fd:fb:
                    3d:b7:cc:72:4f:a8:54:5c:7b:aa:17:39:4a:5e:88:
                    84:1c:4b:c7:0d:66:78:21:93:f5:8e:c4:9f:91:97:
                    0f:e5:75:e2:3d:6b:fd:e2:76:84:37:a1:7b:ad:a4:
                    52:26:21:f3:7f:3b:7a:74:29:67:13:1b:78:47:34:
                    6b:c0:f8:f9:ce:77:18:08:55:3c:d2:bc:94:7b:89:
                    e4:33:55:5b:c5:25:04:49:3e:ad:e5:ff:2d:37:40:
                    e9:ca:60:64:57:ce:17:61:40:d9:92:43:0c:a4:30:
                    c1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D1:B7:D4:D6:28:C0:2F:A4:3B:89:5C:57:E4:B5:16:2B:FA:B1:C2
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/d9G31NYowC-kO4lcV-S1Fiv6scI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:fa:18:af:2f:13:d2:4a:6b:1e:a0:ad:39:35:5e:a1:c6:9f:
         f8:63:b1:56:cc:74:37:56:be:27:a6:bc:26:4a:5e:b5:5f:a2:
         eb:41:2f:e1:82:4a:fc:13:cf:c3:ff:e6:75:38:2c:e4:a4:3d:
         5c:39:04:3b:55:08:c2:a5:a4:a4:fa:e0:b0:88:a5:74:3f:4b:
         98:21:77:fd:42:95:de:49:6f:34:58:93:7f:7a:5f:64:e7:5f:
         07:88:7f:31:49:97:78:4b:69:1a:9b:26:b1:b9:75:4d:70:2d:
         18:54:7a:2c:04:71:a0:44:87:42:9f:7c:8f:bc:db:4e:36:fc:
         80:69:93:5c:66:9b:8d:52:0f:ae:b9:01:74:9b:50:7d:67:39:
         ff:39:47:38:9c:f9:7a:f3:cd:8a:e5:60:c2:7b:6c:48:00:e7:
         87:11:31:90:f2:19:14:9e:42:51:34:e2:0d:6e:ae:e9:ef:32:
         ec:82:2d:5e:cf:17:4a:47:49:cc:69:83:f2:07:db:22:0c:25:
         fa:fd:37:36:2e:98:39:e3:45:74:47:3a:8c:2c:90:ee:6b:dc:
         e5:27:4a:4c:e8:af:b9:8e:bd:18:a7:c9:4a:37:8c:d5:d5:bc:
         14:a1:33:6a:fb:5c:68:29:91:dd:35:32:2e:da:f6:f8:58:af:
         ff:3f:14:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZglLL5PXH570iWxSCBHVO2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNzIwMDAxMjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2QxYjdkNGQ2MjhjMDJmYTQzYjg5NWM1N2U0YjUxNjJiZmFiMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7w7RcJ5NpN+4qdB3dYSmAmmyajo
uh4b0XjzpRCpC1EEvBdZjozLYGF2I9qnqZN7uD5YuI6TdRtRtxJQ5tePKmp1Skb1
x9F/FRckQWo4Ua6hqZgEk4E03k55cm+qXEx6al1TyWIBk1jRleKA6toYZ5e7K4Q7
ExTsVe0jXlVcbdDKHeI7SdWGJFFSE/q43DECzdSM/fs9t8xyT6hUXHuqFzlKXoiE
HEvHDWZ4IZP1jsSfkZcP5XXiPWv94naEN6F7raRSJiHzfzt6dClnExt4RzRrwPj5
zncYCFU80ryUe4nkM1VbxSUEST6t5f8tN0DpymBkV84XYUDZkkMMpDDBOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfRt9TWKMAvpDuJXFfktRYr+rHCMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZDlHMzFOWW93Qy1rTzRsY1YtUzFGaXY2c2NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud4cMA0G
CSqGSIb3DQEBCwUAA4IBAQDA+hivLxPSSmseoK05NV6hxp/4Y7FWzHQ3Vr4nprwm
Sl61X6LrQS/hgkr8E8/D/+Z1OCzkpD1cOQQ7VQjCpaSk+uCwiKV0P0uYIXf9QpXe
SW80WJN/el9k518HiH8xSZd4S2kamyaxuXVNcC0YVHosBHGgRIdCn3yPvNtONvyA
aZNcZpuNUg+uuQF0m1B9Zzn/OUc4nPl6882K5WDCe2xIAOeHETGQ8hkUnkJRNOIN
bq7p7zLsgi1ezxdKR0nMaYPyB9siDCX6/Tc2Lpg540V0RzqMLJDua9zlJ0pM6K+5
jr0Yp8lKN4zV1bwUoTNq+1xoKZHdNTIu2vb4WK//PxRs
-----END CERTIFICATE-----