Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/jiDJSvi9EqJddMvuoh8wcY-xXLI.roa
File:                     jiDJSvi9EqJddMvuoh8wcY-xXLI.roa (raw, json)
Hash identifier:          Az6PcHeJNE/JDkLE74QtKZcLIoSRO07Ltp+s6SDMm7g=
Subject key identifier:   8E:20:C9:4A:F8:BD:12:A2:5D:74:CB:EE:A2:1F:30:71:8F:B1:5C:B2
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       0198984C78567E0DBB0953A1B99750BA5750
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/jiDJSvi9EqJddMvuoh8wcY-xXLI.roa
Signing time:             Mon 11 Aug 2025 08:43:25 +0000
ROA not before:           Mon 11 Aug 2025 08:43:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50487
IP address blocks:        194.44.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 02:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:4c:78:56:7e:0d:bb:09:53:a1:b9:97:50:ba:57:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Aug 11 08:43:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e20c94af8bd12a25d74cbeea21f30718fb15cb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:67:ba:f1:0a:32:90:d4:93:04:a5:d8:d6:fd:
                    e9:2d:2c:cc:28:f6:f7:0d:53:9a:57:90:99:2b:01:
                    b7:ac:e9:b9:a2:42:6d:ce:99:34:de:95:e2:35:ff:
                    bf:bf:98:ca:d3:c1:e3:7f:3e:48:f6:65:16:53:79:
                    63:bf:86:4d:3d:04:b2:37:f0:de:c4:ef:d2:12:df:
                    0f:74:15:c1:2b:b0:ad:67:7a:de:3c:1e:6b:b2:a0:
                    84:e5:35:69:aa:22:ee:f2:e6:f9:b7:4b:ea:b6:9b:
                    1c:2c:6a:ac:65:fc:bf:d8:f2:5b:b3:d1:78:2d:2e:
                    84:68:eb:30:cb:ae:4c:bf:8b:bd:39:53:a1:31:de:
                    4d:de:9e:f3:63:05:14:bc:4a:14:5b:23:e8:78:c9:
                    d9:a2:f9:54:09:b8:7a:f7:4c:7c:a9:a3:db:ba:5c:
                    63:f5:50:ca:43:af:1d:73:ad:45:57:3d:75:17:9e:
                    8d:a9:a4:0b:8a:74:be:5c:55:a8:c0:db:b9:bf:77:
                    73:86:bf:e1:71:7d:43:54:2b:a6:02:6c:5a:e3:0e:
                    00:de:75:9e:6d:00:95:de:8a:66:d3:1a:f2:57:c1:
                    8f:89:ed:fa:03:3d:09:ed:32:98:a5:f8:cf:ae:11:
                    1f:0c:ce:26:9f:1b:93:cf:5b:78:bd:25:40:64:1c:
                    ab:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:20:C9:4A:F8:BD:12:A2:5D:74:CB:EE:A2:1F:30:71:8F:B1:5C:B2
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/jiDJSvi9EqJddMvuoh8wcY-xXLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:95:4e:8c:7a:8a:ff:21:2c:ac:2c:e0:3b:05:4f:3e:f3:24:
         96:43:f2:f9:4d:2d:47:cf:3a:99:18:80:37:e8:cb:db:ad:a2:
         79:2e:cc:9c:c2:e4:bb:5b:36:31:ed:57:a0:94:c2:b1:f7:28:
         60:26:24:95:74:cb:fd:cc:7a:bc:f5:22:29:5a:f5:09:b5:9e:
         6b:f8:da:bc:2f:da:f5:22:e1:e6:9c:0f:06:ba:8a:36:2e:6f:
         65:8c:81:f0:b7:ff:0a:1e:6c:17:ba:c6:08:ef:d7:e8:7a:04:
         87:f6:a7:6d:bb:28:07:8b:ee:19:9b:4c:e9:78:06:8b:b0:d6:
         33:8d:47:c5:2d:e2:da:e8:7f:53:ad:c5:07:ce:9c:19:9a:e7:
         5a:81:5e:55:81:dc:a7:70:63:5d:89:a5:4a:eb:3d:bc:f1:5f:
         14:59:83:cb:6a:e2:a6:f9:31:52:2a:1c:f4:5f:2e:f3:56:d5:
         77:98:6b:5a:76:4e:e8:5f:5d:31:42:34:ab:78:66:46:e1:05:
         ff:dc:3a:46:e3:34:21:d0:b0:7f:46:9f:3d:47:ba:be:ba:a9:
         b1:36:19:db:8d:ac:41:84:7c:c7:c3:2a:47:bf:1f:1a:ee:4f:
         27:f9:86:65:ca:0b:71:04:70:28:b7:3a:97:0e:38:11:68:bc:
         36:d8:f6:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYTHhWfg27CVOhuZdQuldQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjUwODExMDg0MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTIwYzk0YWY4YmQxMmEyNWQ3NGNiZWVhMjFmMzA3MThmYjE1Y2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2e68QoykNSTBKXY1v3pLSzMKPb3
DVOaV5CZKwG3rOm5okJtzpk03pXiNf+/v5jK08Hjfz5I9mUWU3ljv4ZNPQSyN/De
xO/SEt8PdBXBK7CtZ3rePB5rsqCE5TVpqiLu8ub5t0vqtpscLGqsZfy/2PJbs9F4
LS6EaOswy65Mv4u9OVOhMd5N3p7zYwUUvEoUWyPoeMnZovlUCbh690x8qaPbulxj
9VDKQ68dc61FVz11F56NqaQLinS+XFWowNu5v3dzhr/hcX1DVCumAmxa4w4A3nWe
bQCV3opm0xryV8GPie36Az0J7TKYpfjPrhEfDM4mnxuTz1t4vSVAZByroQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4gyUr4vRKiXXTL7qIfMHGPsVyyMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvamlESlN2aTlFcUpkZE12dW9oOHdjWS14WExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwizeMA0G
CSqGSIb3DQEBCwUAA4IBAQAxlU6Meor/ISysLOA7BU8+8ySWQ/L5TS1HzzqZGIA3
6MvbraJ5LsycwuS7WzYx7VeglMKx9yhgJiSVdMv9zHq89SIpWvUJtZ5r+Nq8L9r1
IuHmnA8Guoo2Lm9ljIHwt/8KHmwXusYI79foegSH9qdtuygHi+4Zm0zpeAaLsNYz
jUfFLeLa6H9TrcUHzpwZmudagV5VgdyncGNdiaVK6z288V8UWYPLauKm+TFSKhz0
Xy7zVtV3mGtadk7oX10xQjSreGZG4QX/3DpG4zQh0LB/Rp89R7q+uqmxNhnbjaxB
hHzHwypHvx8a7k8n+YZlygtxBHAotzqXDjgRaLw22PYD
-----END CERTIFICATE-----