Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/Xh6fOuIqrHup_0uREFffoWmnBPM.roa
File:                     Xh6fOuIqrHup_0uREFffoWmnBPM.roa (raw, json)
Hash identifier:          VRFG28rlxAV4XGduEJBQ/BW/nmxOEOmyQM8JZVbblfI=
Subject key identifier:   5E:1E:9F:3A:E2:2A:AC:7B:A9:FF:4B:91:10:57:DF:A1:69:A7:04:F3
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       0198984C7A4AFB1D4DA2DCD3966384B636F2
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/Xh6fOuIqrHup_0uREFffoWmnBPM.roa
Signing time:             Mon 11 Aug 2025 08:43:25 +0000
ROA not before:           Mon 11 Aug 2025 08:43:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52017
IP address blocks:        194.44.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:4c:7a:4a:fb:1d:4d:a2:dc:d3:96:63:84:b6:36:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Aug 11 08:43:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e1e9f3ae22aac7ba9ff4b911057dfa169a704f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:81:87:24:2b:04:ee:ee:93:95:53:c2:cc:ac:
                    c8:45:bd:ca:de:16:5d:28:39:3c:cc:b0:da:26:1d:
                    8e:b7:c1:b0:d2:a8:d8:f2:0b:e2:2f:b6:a9:5b:23:
                    1b:b1:6d:8e:5e:16:07:69:1a:34:af:14:39:e3:83:
                    f8:31:bf:7b:57:e9:06:19:4c:59:d3:4c:9a:b0:25:
                    da:43:56:a5:67:82:7d:54:b1:95:0e:4c:67:63:65:
                    7a:9d:b4:12:00:15:e8:01:93:6f:5b:d7:4c:a3:40:
                    85:7e:3f:da:e7:ee:2f:3f:18:92:16:30:14:9e:c5:
                    03:cd:b6:0a:a0:02:db:c4:9d:29:d1:a9:b2:a5:e8:
                    61:e8:a9:aa:97:84:6c:b2:35:fd:eb:fa:d5:d5:44:
                    c5:86:d6:09:46:97:fe:ee:18:20:be:54:7c:ff:66:
                    91:df:2c:44:fa:00:7d:f5:4a:97:fb:df:3e:90:03:
                    93:28:6a:a6:56:78:95:6a:d6:a0:1c:e3:ca:b4:98:
                    93:01:c3:b0:1c:3d:a7:49:b4:8b:87:53:3e:7d:47:
                    2e:1b:8b:72:f1:64:12:12:99:e2:b2:ec:0d:94:a9:
                    52:b3:bc:d0:a3:7c:21:c6:a9:84:ca:ef:fe:e7:fd:
                    73:5d:08:34:8b:38:bc:a0:18:59:a5:52:e6:3e:53:
                    7e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:1E:9F:3A:E2:2A:AC:7B:A9:FF:4B:91:10:57:DF:A1:69:A7:04:F3
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/Xh6fOuIqrHup_0uREFffoWmnBPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:e5:37:d3:51:e5:a2:55:ad:d7:c5:3f:2c:a7:b8:8b:55:55:
         b1:0a:d5:f4:37:f0:2e:46:8b:1d:32:21:bb:ae:a5:9f:3f:3b:
         dd:a3:fa:4d:d8:c6:75:43:84:d6:8b:ff:85:bb:3a:75:6f:28:
         6e:3e:9e:8f:78:8d:a6:15:3a:18:9c:b4:04:41:9b:ef:3c:3f:
         6a:9a:1e:b4:0c:74:7a:54:1b:38:7b:63:97:69:c8:9a:6f:6c:
         08:fe:5d:3b:5c:36:92:0c:23:d0:3a:e1:53:84:1c:25:2b:2d:
         7f:3f:a8:46:6e:4b:42:e8:c1:92:b1:22:34:6e:2d:95:76:71:
         95:54:d5:5b:cd:e4:e0:4b:97:57:c6:b4:15:cd:b3:90:e6:7b:
         aa:f5:b8:ac:80:6e:11:eb:92:62:f1:51:71:ab:1c:e1:d5:1e:
         d9:8f:8d:34:61:60:a6:9d:fe:5b:ae:c5:9b:86:26:75:cc:b3:
         c1:3f:dc:e4:5d:cd:87:32:ac:64:39:57:f7:07:98:23:f7:c9:
         a6:09:29:81:d6:55:39:82:be:27:d9:c1:a7:f6:31:e5:cc:f5:
         ca:2e:93:4b:e5:cc:36:21:d5:d3:c9:92:3d:ca:be:13:00:bb:
         66:a4:af:ba:5a:4d:16:53:c7:37:9a:ab:a5:f4:93:43:db:a9:
         38:7f:21:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYTHpK+x1NotzTlmOEtjbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwODExMDg0MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTFlOWYzYWUyMmFhYzdiYTlmZjRiOTExMDU3ZGZhMTY5YTcwNGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IGHJCsE7u6TlVPCzKzIRb3K3hZd
KDk8zLDaJh2Ot8Gw0qjY8gviL7apWyMbsW2OXhYHaRo0rxQ544P4Mb97V+kGGUxZ
00yasCXaQ1alZ4J9VLGVDkxnY2V6nbQSABXoAZNvW9dMo0CFfj/a5+4vPxiSFjAU
nsUDzbYKoALbxJ0p0amypehh6Kmql4RssjX96/rV1UTFhtYJRpf+7hggvlR8/2aR
3yxE+gB99UqX+98+kAOTKGqmVniVatagHOPKtJiTAcOwHD2nSbSLh1M+fUcuG4ty
8WQSEpnisuwNlKlSs7zQo3whxqmEyu/+5/1zXQg0izi8oBhZpVLmPlN+7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4enzriKqx7qf9LkRBX36FppwTzMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvWGg2Zk91SXFySHVwXzB1UkVGZmZvV21uQlBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwizLMA0G
CSqGSIb3DQEBCwUAA4IBAQC95TfTUeWiVa3XxT8sp7iLVVWxCtX0N/AuRosdMiG7
rqWfPzvdo/pN2MZ1Q4TWi/+Fuzp1byhuPp6PeI2mFToYnLQEQZvvPD9qmh60DHR6
VBs4e2OXaciab2wI/l07XDaSDCPQOuFThBwlKy1/P6hGbktC6MGSsSI0bi2VdnGV
VNVbzeTgS5dXxrQVzbOQ5nuq9bisgG4R65Ji8VFxqxzh1R7Zj400YWCmnf5brsWb
hiZ1zLPBP9zkXc2HMqxkOVf3B5gj98mmCSmB1lU5gr4n2cGn9jHlzPXKLpNL5cw2
IdXTyZI9yr4TALtmpK+6Wk0WU8c3mqul9JND26k4fyE4
-----END CERTIFICATE-----