Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/uWvIVuLvFHoZxhGpHM002oi76Mc.roa
File:                     uWvIVuLvFHoZxhGpHM002oi76Mc.roa (raw, json)
Hash identifier:          N87ERhS7jhjo4DyQUGE54l3Mde2eEpf8FrfZ+BWMoSE=
Subject key identifier:   B9:6B:C8:56:E2:EF:14:7A:19:C6:11:A9:1C:CD:34:DA:88:BB:E8:C7
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0198C779CAAD8F39AE3789C3BA11F99E3B0F
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/uWvIVuLvFHoZxhGpHM002oi76Mc.roa
Signing time:             Wed 20 Aug 2025 12:35:04 +0000
ROA not before:           Wed 20 Aug 2025 12:35:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60223
IP address blocks:        185.244.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 12:35:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c7:79:ca:ad:8f:39:ae:37:89:c3:ba:11:f9:9e:3b:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Aug 20 12:35:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b96bc856e2ef147a19c611a91ccd34da88bbe8c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ad:b1:cd:ba:45:0f:cd:9e:7a:ac:d5:a4:76:
                    fb:84:12:28:95:ea:6e:fc:a6:10:b9:3c:a4:2e:17:
                    da:ce:82:59:a6:f2:a2:84:05:80:a7:ca:58:22:ce:
                    90:cb:c4:ed:7e:71:43:93:55:eb:87:11:f6:42:c1:
                    e6:97:3f:ad:21:ad:0d:56:0f:9a:e4:aa:18:68:20:
                    af:38:6b:71:d3:96:61:63:81:d0:41:9f:b1:43:0c:
                    0b:f8:86:1d:d6:b0:16:fb:62:71:0b:f4:fd:d4:87:
                    32:d4:59:91:0b:47:97:1a:4d:dc:e9:25:b4:2b:52:
                    10:c4:02:80:78:ff:f3:36:b6:37:78:03:53:3f:81:
                    c9:65:49:ff:36:24:2e:e7:ca:93:7c:16:26:f8:ca:
                    39:53:6f:50:22:02:2d:33:ac:4b:14:ae:fa:8e:d3:
                    6a:5c:6b:d0:85:b3:dd:9e:65:60:4b:98:ae:86:ca:
                    43:4a:3c:53:33:2b:52:89:40:f8:19:6c:82:ae:83:
                    1f:1d:c1:48:3c:de:54:0e:94:b7:18:d5:65:da:fb:
                    84:6e:dd:5e:be:e2:87:7f:71:92:8f:ce:4f:f9:3b:
                    b7:57:b4:06:4d:76:a1:be:4a:2e:44:9d:17:db:7d:
                    60:3a:c2:d3:c2:21:50:52:98:d6:79:8e:df:f3:87:
                    9c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:6B:C8:56:E2:EF:14:7A:19:C6:11:A9:1C:CD:34:DA:88:BB:E8:C7
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/uWvIVuLvFHoZxhGpHM002oi76Mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:57:a6:ce:ac:c1:36:a7:6e:ca:44:94:2b:ba:5f:3d:94:bc:
         56:c4:f3:8f:d2:be:06:21:9e:d8:c8:37:4c:51:74:b4:f2:c5:
         3b:2a:93:c3:7f:fa:69:7c:21:ca:0b:9b:75:01:f2:5b:ec:48:
         dc:8b:75:74:a0:dc:4c:78:9e:38:4c:1e:c3:88:13:8d:45:fe:
         fc:d5:8e:d7:69:3f:bc:82:a4:91:dd:a4:b7:bd:71:53:95:00:
         80:1a:6f:e0:59:36:72:89:da:9a:00:c1:c0:1f:09:81:90:08:
         da:e2:d9:06:47:a7:ca:b1:1b:2c:1e:91:5b:16:af:28:c6:88:
         eb:ac:81:2b:ca:c8:c7:cf:c2:21:7d:94:4a:a4:d6:78:d3:8b:
         10:82:24:a8:be:92:9f:5d:ac:64:62:b1:93:1a:eb:26:34:f4:
         54:1c:de:7d:cd:61:34:df:95:90:36:61:53:ed:43:2f:5d:1d:
         c2:70:62:dd:4c:32:4d:43:d6:16:1f:83:71:00:a7:59:14:72:
         2a:c5:d9:71:4a:0d:d3:42:ea:c1:23:99:4a:6d:54:80:17:ed:
         16:b5:03:ee:35:d6:0d:ef:f0:55:ff:22:e6:54:96:5d:76:d8:
         53:17:08:b9:51:f1:0a:92:22:05:7f:60:ab:3c:21:81:60:9f:
         41:e5:b5:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjHecqtjzmuN4nDuhH5njsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwODIwMTIzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTZiYzg1NmUyZWYxNDdhMTljNjExYTkxY2NkMzRkYTg4YmJlOGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtq2xzbpFD82eeqzVpHb7hBIolepu
/KYQuTykLhfazoJZpvKihAWAp8pYIs6Qy8TtfnFDk1XrhxH2QsHmlz+tIa0NVg+a
5KoYaCCvOGtx05ZhY4HQQZ+xQwwL+IYd1rAW+2JxC/T91Icy1FmRC0eXGk3c6SW0
K1IQxAKAeP/zNrY3eANTP4HJZUn/NiQu58qTfBYm+Mo5U29QIgItM6xLFK76jtNq
XGvQhbPdnmVgS5iuhspDSjxTMytSiUD4GWyCroMfHcFIPN5UDpS3GNVl2vuEbt1e
vuKHf3GSj85P+Tu3V7QGTXahvkouRJ0X231gOsLTwiFQUpjWeY7f84ecowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlryFbi7xR6GcYRqRzNNNqIu+jHMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvdVd2SVZ1THZGSG9aeGhHcEhNMDAyb2k3Nk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufRoMA0G
CSqGSIb3DQEBCwUAA4IBAQAwV6bOrME2p27KRJQrul89lLxWxPOP0r4GIZ7YyDdM
UXS08sU7KpPDf/ppfCHKC5t1AfJb7Ejci3V0oNxMeJ44TB7DiBONRf781Y7XaT+8
gqSR3aS3vXFTlQCAGm/gWTZyidqaAMHAHwmBkAja4tkGR6fKsRssHpFbFq8oxojr
rIErysjHz8IhfZRKpNZ404sQgiSovpKfXaxkYrGTGusmNPRUHN59zWE035WQNmFT
7UMvXR3CcGLdTDJNQ9YWH4NxAKdZFHIqxdlxSg3TQurBI5lKbVSAF+0WtQPuNdYN
7/BV/yLmVJZddthTFwi5UfEKkiIFf2CrPCGBYJ9B5bVV
-----END CERTIFICATE-----