Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/x8RX4rKBNmZcMpsvt4Nm7APSjAM.roa
File:                     x8RX4rKBNmZcMpsvt4Nm7APSjAM.roa (raw, json)
Hash identifier:          zc30VoGi96Z1iHoOnbaFFXszAPpJE3UJpyJWRy15Byo=
Subject key identifier:   C7:C4:57:E2:B2:81:36:66:5C:32:9B:2F:B7:83:66:EC:03:D2:8C:03
Certificate issuer:       /CN=297364f502534e8771a0c6259794c26e26d4bca4
Certificate serial:       01942521CE7B5B9A4334BD97DFA828D36ABA
Authority key identifier: 29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/x8RX4rKBNmZcMpsvt4Nm7APSjAM.roa
Signing time:             Thu 02 Jan 2025 03:49:19 +0000
ROA not before:           Thu 02 Jan 2025 03:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208428
IP address blocks:        185.26.25.0/24 maxlen: 24
                          2a02:f404::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ce:7b:5b:9a:43:34:bd:97:df:a8:28:d3:6a:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297364f502534e8771a0c6259794c26e26d4bca4
        Validity
            Not Before: Jan  2 03:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7c457e2b28136665c329b2fb78366ec03d28c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d5:e8:49:5a:28:6f:8b:33:b0:86:e8:48:5f:
                    23:00:6b:98:ab:ec:c5:4e:86:52:67:7d:cc:15:83:
                    88:33:32:9d:20:54:63:71:74:ca:8f:56:73:1e:cc:
                    51:a6:39:5d:5e:62:ed:af:19:2d:46:f2:37:f0:8f:
                    0c:37:13:e6:54:90:6b:05:04:4f:38:42:8a:44:ed:
                    0b:68:22:e6:bf:af:f8:79:5e:11:37:3b:ab:08:80:
                    45:6b:cc:72:3f:be:40:f7:d0:86:6f:87:26:47:25:
                    5e:92:18:59:77:c3:58:e1:6f:a3:54:b1:f3:1e:ea:
                    ce:bf:ee:53:ce:10:62:1f:ad:38:5e:f9:44:f9:bb:
                    97:49:90:35:20:dd:1d:95:79:00:74:5f:65:fa:e5:
                    f9:1f:b5:c8:39:e5:f1:9e:c9:37:03:2f:68:b5:ef:
                    ca:f2:d3:59:40:3a:63:b9:42:a7:02:89:f2:a5:a8:
                    65:43:69:9e:8f:b5:c2:1f:a6:ca:dc:65:67:7d:f8:
                    8b:49:fc:c5:31:72:95:9c:3e:79:61:44:dc:55:de:
                    08:a6:1c:3f:82:69:78:1d:86:a3:a6:7d:f6:44:25:
                    f2:4b:4b:b2:86:ee:ad:21:7d:49:68:70:ad:60:77:
                    1c:ad:65:cf:f4:2c:6f:42:7b:76:42:5f:d7:de:c6:
                    3a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C4:57:E2:B2:81:36:66:5C:32:9B:2F:B7:83:66:EC:03:D2:8C:03
            X509v3 Authority Key Identifier:
                keyid:29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/x8RX4rKBNmZcMpsvt4Nm7APSjAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.25.0/24
                IPv6:
                  2a02:f404::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:73:49:7d:01:c6:e2:15:af:73:91:9e:7f:78:d4:6e:b5:0f:
         17:bc:a5:2e:ea:f6:42:b5:d2:7c:57:12:db:0f:8d:dc:8c:a9:
         14:35:58:6a:b7:ab:4f:b2:1e:ca:c9:e6:5b:ab:6d:2d:1c:97:
         40:55:85:9d:88:87:3b:11:70:5f:e3:25:a8:7c:e0:32:ff:41:
         ce:65:86:bd:ae:7c:b1:5f:88:39:e1:a7:69:b5:a1:a1:06:33:
         94:d1:24:c7:7d:15:97:c6:0c:51:fd:4f:19:86:6d:af:6a:d8:
         7a:60:d3:a5:07:24:70:a0:3d:96:b5:8c:52:54:25:bc:4c:c2:
         60:73:77:9f:aa:6a:47:ce:32:1a:71:3b:9d:09:6e:29:9b:6d:
         8f:de:6f:1c:1d:a9:72:65:73:bd:f4:13:10:50:88:64:47:64:
         5f:59:c0:f6:a9:cd:13:0f:47:ea:10:ff:8d:99:d4:fb:2a:7e:
         f3:db:05:2e:8f:6f:0c:d7:28:83:d0:33:94:36:22:56:f1:9b:
         fd:62:6e:e9:5f:18:e8:d6:99:ea:30:dc:91:1a:6f:05:f1:f4:
         30:6a:fc:71:84:5e:ad:6f:cd:24:be:01:bd:63:a8:6a:28:dd:
         85:a9:76:c1:19:ba:11:a1:8a:4e:21:45:b7:5e:a5:ec:c7:4d:
         1b:5c:d6:65
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIc57W5pDNL2X36go02q6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzM2NGY1MDI1MzRlODc3MWEwYzYyNTk3OTRjMjZlMjZk
NGJjYTQwHhcNMjUwMTAyMDM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2M0NTdlMmIyODEzNjY2NWMzMjliMmZiNzgzNjZlYzAzZDI4YzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tXoSVoob4szsIboSF8jAGuYq+zF
ToZSZ33MFYOIMzKdIFRjcXTKj1ZzHsxRpjldXmLtrxktRvI38I8MNxPmVJBrBQRP
OEKKRO0LaCLmv6/4eV4RNzurCIBFa8xyP75A99CGb4cmRyVekhhZd8NY4W+jVLHz
HurOv+5TzhBiH604XvlE+buXSZA1IN0dlXkAdF9l+uX5H7XIOeXxnsk3Ay9ote/K
8tNZQDpjuUKnAonypahlQ2mej7XCH6bK3GVnffiLSfzFMXKVnD55YUTcVd4Iphw/
gml4HYajpn32RCXyS0uyhu6tIX1JaHCtYHccrWXP9CxvQnt2Ql/X3sY6IQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMfEV+KygTZmXDKbL7eDZuwD0owDMB8GA1UdIwQY
MBaAFClzZPUCU06HcaDGJZeUwm4m1LykMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUt
MGEwZjNlNzhhNDkzLzEveDhSWDRyS0JObVpjTXBzdnQ0Tm03QVBTakFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUtMGEwZjNlNzhhNDkz
LzEvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRoZMA0E
AgACMAcDBQAqAvQEMA0GCSqGSIb3DQEBCwUAA4IBAQA5c0l9AcbiFa9zkZ5/eNRu
tQ8XvKUu6vZCtdJ8VxLbD43cjKkUNVhqt6tPsh7KyeZbq20tHJdAVYWdiIc7EXBf
4yWofOAy/0HOZYa9rnyxX4g54adptaGhBjOU0STHfRWXxgxR/U8Zhm2vath6YNOl
ByRwoD2WtYxSVCW8TMJgc3efqmpHzjIacTudCW4pm22P3m8cHalyZXO99BMQUIhk
R2RfWcD2qc0TD0fqEP+NmdT7Kn7z2wUuj28M1yiD0DOUNiJW8Zv9Ym7pXxjo1pnq
MNyRGm8F8fQwavxxhF6tb80kvgG9Y6hqKN2FqXbBGboRoYpOIUW3XqXsx00bXNZl
-----END CERTIFICATE-----