Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/1-WtacnQ-QgBtlzVcd_eW89R-180.roa
File:                     1-WtacnQ-QgBtlzVcd_eW89R-180.roa (raw, json)
Hash identifier:          q15FvOxSP9KD/BkeY7gVC5Y4uPcFbOYudoQV9dMUFag=
Subject key identifier:   F9:6B:5A:72:74:3E:42:00:6D:97:35:5C:77:F7:96:F3:D4:7E:D7:CD
Certificate issuer:       /CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Certificate serial:       0197F0A2776C03B25E27E2C5E7EDFE9FC2A2
Authority key identifier: 3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/1-WtacnQ-QgBtlzVcd_eW89R-180.roa
Signing time:             Wed 09 Jul 2025 19:21:08 +0000
ROA not before:           Wed 09 Jul 2025 19:21:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        185.224.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f0:a2:77:6c:03:b2:5e:27:e2:c5:e7:ed:fe:9f:c2:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
        Validity
            Not Before: Jul  9 19:21:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f96b5a72743e42006d97355c77f796f3d47ed7cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:61:17:24:e1:6b:90:0d:4e:3b:cb:3b:9f:32:
                    fe:cf:5e:c6:45:d7:98:ea:8d:6d:d5:29:a5:b2:1f:
                    b7:6d:df:81:58:96:b1:c1:36:fb:00:e9:bb:06:ec:
                    7a:ff:93:2a:b5:dc:5c:30:46:05:dc:3d:04:ab:86:
                    3f:ba:f8:b0:bc:a9:89:bf:74:d4:91:be:0e:02:23:
                    30:52:ef:13:f4:af:18:94:2e:70:09:c3:3d:ab:82:
                    05:14:b0:11:88:29:5f:9e:bf:19:f2:14:a6:ac:39:
                    d9:c8:0f:74:1f:05:fb:88:37:af:34:41:0a:fd:8f:
                    a0:64:b2:40:6c:43:34:52:ed:5d:a0:40:f0:72:c7:
                    c7:c9:a2:11:41:ce:1b:51:3a:b3:fd:9f:59:fa:32:
                    21:6e:e6:8e:0a:ea:73:a9:5e:40:b1:3d:c0:cc:42:
                    ab:98:97:54:aa:98:17:b3:bf:de:eb:1f:9c:14:84:
                    4c:84:7b:95:81:5a:43:96:12:db:87:61:e9:95:fa:
                    47:b1:b8:51:16:23:f6:00:26:27:05:99:15:69:0b:
                    c5:fb:74:5f:df:0d:45:6f:6b:d7:56:1f:9d:f3:11:
                    7d:9b:e1:86:9e:03:e5:be:c7:c0:9f:fc:a8:50:47:
                    2f:52:dc:1e:9a:67:2d:59:cd:d7:fb:0b:6e:7a:03:
                    6f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:6B:5A:72:74:3E:42:00:6D:97:35:5C:77:F7:96:F3:D4:7E:D7:CD
            X509v3 Authority Key Identifier:
                keyid:3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/1-WtacnQ-QgBtlzVcd_eW89R-180.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:81:24:5d:e6:a9:9c:b4:36:75:60:d2:1a:d2:36:41:95:df:
         5c:b8:4d:f5:b4:11:1c:fe:fa:ff:58:29:4e:fe:21:1b:d3:fd:
         67:11:98:95:63:2e:cf:1f:0f:db:06:70:f5:63:d6:03:0b:8e:
         7f:d3:41:24:a5:8f:c7:33:97:f6:99:9b:98:32:b3:9f:23:cc:
         8b:c2:1d:64:9e:49:cc:cb:3c:18:19:41:8a:67:d2:fa:90:bc:
         a4:35:1f:ab:ea:bc:d2:f6:b8:3b:b3:fb:dd:60:15:24:b4:d9:
         22:f2:03:7e:96:36:02:09:63:f0:13:30:33:7b:50:6d:ed:65:
         01:42:9c:ee:b9:12:b9:c5:44:74:1c:f7:f5:53:61:9a:61:02:
         bf:cf:59:42:a7:3f:96:cd:94:20:89:b7:ab:78:cc:54:40:4e:
         fc:1e:75:77:c4:22:67:51:a4:ca:85:6e:2a:c1:e3:e1:5a:12:
         ef:ef:61:da:73:aa:03:0a:40:73:b9:14:44:9f:ae:ab:db:72:
         13:21:d8:88:27:d6:0f:b2:46:43:54:f0:9a:c2:00:b2:de:94:
         ac:f6:e5:cd:5f:0f:aa:2a:5b:fd:a7:cb:2b:43:03:63:ef:86:
         13:75:da:2b:59:28:1b:2d:e9:2c:75:65:25:7c:6a:b2:0d:5f:
         d5:fd:0e:4a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfwondsA7JeJ+LF5+3+n8KiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2Y1NTRiODAyODFkZWEyYTMwMDMxOGFhYWQ2ZDJkOTdm
MWNlNDQwHhcNMjUwNzA5MTkyMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTZiNWE3Mjc0M2U0MjAwNmQ5NzM1NWM3N2Y3OTZmM2Q0N2VkN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmEXJOFrkA1OO8s7nzL+z17GRdeY
6o1t1Smlsh+3bd+BWJaxwTb7AOm7Bux6/5MqtdxcMEYF3D0Eq4Y/uviwvKmJv3TU
kb4OAiMwUu8T9K8YlC5wCcM9q4IFFLARiClfnr8Z8hSmrDnZyA90HwX7iDevNEEK
/Y+gZLJAbEM0Uu1doEDwcsfHyaIRQc4bUTqz/Z9Z+jIhbuaOCupzqV5AsT3AzEKr
mJdUqpgXs7/e6x+cFIRMhHuVgVpDlhLbh2HplfpHsbhRFiP2ACYnBZkVaQvF+3Rf
3w1Fb2vXVh+d8xF9m+GGngPlvsfAn/yoUEcvUtwemmctWc3X+wtuegNvlwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlrWnJ0PkIAbZc1XHf3lvPUftfNMB8GA1UdIwQY
MBaAFD8/VUuAKB3qKjADGKqtbS2X8c5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQt
ZjUzM2I4ZGY4MGE5LzEvMS1XdGFjblEtUWdCdGx6VmNkX2VXODlSLTE4MC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmMvNzhkNTI4LTdjZGYtNDRjMC1hY2RkLWY1MzNiOGRmODBh
OS8xL1B6OVZTNEFvSGVvcU1BTVlxcTF0TFpmeHprUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALngADAN
BgkqhkiG9w0BAQsFAAOCAQEAOoEkXeapnLQ2dWDSGtI2QZXfXLhN9bQRHP76/1gp
Tv4hG9P9ZxGYlWMuzx8P2wZw9WPWAwuOf9NBJKWPxzOX9pmbmDKznyPMi8IdZJ5J
zMs8GBlBimfS+pC8pDUfq+q80va4O7P73WAVJLTZIvIDfpY2Aglj8BMwM3tQbe1l
AUKc7rkSucVEdBz39VNhmmECv89ZQqc/ls2UIIm3q3jMVEBO/B51d8QiZ1GkyoVu
KsHj4VoS7+9h2nOqAwpAc7kURJ+uq9tyEyHYiCfWD7JGQ1TwmsIAst6UrPblzV8P
qipb/afLK0MDY++GE3XaK1koGy3pLHVlJXxqsg1f1f0OSg==
-----END CERTIFICATE-----