Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/O89RcNyEpBoVOp_UDdGtL1bIgiQ.roa
File:                     O89RcNyEpBoVOp_UDdGtL1bIgiQ.roa (raw, json)
Hash identifier:          joxp/CA1nvnGIDAqCtYQt08k/XmquZAGmsxNCKPjypI=
Subject key identifier:   3B:CF:51:70:DC:84:A4:1A:15:3A:9F:D4:0D:D1:AD:2F:56:C8:82:24
Certificate issuer:       /CN=c23642d1ab39d309ec5f33e4e8814adc3584825f
Certificate serial:       0198DFC40CE45F570646C1BF4A161D6035D4
Authority key identifier: C2:36:42:D1:AB:39:D3:09:EC:5F:33:E4:E8:81:4A:DC:35:84:82:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjZC0as50wnsXzPk6IFK3DWEgl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/O89RcNyEpBoVOp_UDdGtL1bIgiQ.roa
Signing time:             Mon 25 Aug 2025 05:47:04 +0000
ROA not before:           Mon 25 Aug 2025 05:47:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209178
IP address blocks:        193.58.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/wjZC0as50wnsXzPk6IFK3DWEgl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/wjZC0as50wnsXzPk6IFK3DWEgl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjZC0as50wnsXzPk6IFK3DWEgl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 05:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:df:c4:0c:e4:5f:57:06:46:c1:bf:4a:16:1d:60:35:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c23642d1ab39d309ec5f33e4e8814adc3584825f
        Validity
            Not Before: Aug 25 05:47:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bcf5170dc84a41a153a9fd40dd1ad2f56c88224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:90:fa:8f:04:f3:e1:f2:c7:5d:cb:1f:0c:93:
                    01:8f:bc:6e:5e:0b:52:3a:ae:24:86:2d:a0:3f:95:
                    59:64:19:78:b1:e2:31:cc:cb:28:31:f8:96:da:7b:
                    b2:dd:5f:29:3a:66:ae:1e:9b:eb:fe:0e:38:e8:16:
                    f9:d1:fb:2a:64:10:c9:fe:d8:18:bf:70:f4:2a:4f:
                    2e:b1:8c:4d:ec:6c:ce:2d:ab:fd:9e:3e:45:35:23:
                    44:8d:83:06:37:8e:a2:60:53:d2:1b:33:62:c0:dd:
                    d1:12:19:f1:8f:c2:63:ef:1a:5a:e4:5a:0e:04:2a:
                    50:b7:cb:a7:8e:33:8b:b5:13:00:6b:95:6c:30:fd:
                    4d:ce:2e:7d:2d:32:c8:21:1e:6c:e2:dd:db:ec:37:
                    c6:2c:48:58:2b:77:d2:ee:77:00:fa:7c:c2:27:55:
                    57:91:ce:99:70:86:ac:f3:8f:0d:ed:6c:76:7a:bd:
                    34:fa:4c:8d:f2:40:69:6a:eb:71:93:11:a5:3f:01:
                    b3:74:e1:10:00:82:f8:2b:c3:48:c0:e4:1b:15:ef:
                    f7:af:8a:f1:2b:7d:79:ad:b0:3a:66:ce:6d:fd:e2:
                    d7:89:97:d6:d2:79:4c:7d:86:16:1a:b0:53:80:84:
                    ac:e9:c7:55:bb:2c:f6:62:3c:6d:95:52:32:5e:4e:
                    7f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:CF:51:70:DC:84:A4:1A:15:3A:9F:D4:0D:D1:AD:2F:56:C8:82:24
            X509v3 Authority Key Identifier:
                keyid:C2:36:42:D1:AB:39:D3:09:EC:5F:33:E4:E8:81:4A:DC:35:84:82:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjZC0as50wnsXzPk6IFK3DWEgl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/O89RcNyEpBoVOp_UDdGtL1bIgiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/e41698-e7ac-418c-b91d-2267968b652f/1/wjZC0as50wnsXzPk6IFK3DWEgl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:ee:b2:58:d6:4c:4b:6b:23:0f:dc:ec:94:e8:2d:74:0e:a2:
         02:12:f9:d8:16:9f:9a:2d:3c:7d:c5:54:04:55:9b:df:3a:17:
         e6:75:d5:35:4a:c6:c9:da:10:a0:7e:33:89:5e:56:de:f4:51:
         8c:e6:33:3b:06:91:83:a3:d4:4a:ef:9f:5d:cf:86:68:32:b3:
         20:1a:cf:00:76:4f:2b:22:e8:18:af:28:54:99:04:67:d3:4b:
         99:31:22:8d:d7:2b:90:77:46:8a:cc:a6:b3:4a:db:15:a6:b5:
         f2:84:d9:2e:10:15:34:cd:bd:fd:25:32:76:44:94:d3:30:11:
         7c:d7:e2:3f:cf:8e:f2:5b:61:63:2d:b5:8e:6b:e0:c8:5c:80:
         75:bc:a9:c9:4e:64:0c:ee:d7:fc:55:3e:db:4c:f7:11:34:a5:
         b7:dc:ce:19:66:35:d6:22:0f:b8:6d:23:3d:c7:fa:4c:db:5d:
         c3:0e:84:06:a1:02:3a:f9:b9:15:45:e2:cb:5e:37:50:17:2e:
         bc:2e:9d:7c:e0:39:cd:d6:e6:da:9e:bf:ce:69:ab:41:c2:fe:
         2f:fe:5a:1a:de:af:b9:65:19:51:d7:94:b0:6a:49:1b:fb:0d:
         bb:67:55:d8:a5:46:94:52:8b:a7:d1:bd:c0:b6:29:7e:be:c3:
         2b:a0:b9:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjfxAzkX1cGRsG/ShYdYDXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzY0MmQxYWIzOWQzMDllYzVmMzNlNGU4ODE0YWRjMzU4
NDgyNWYwHhcNMjUwODI1MDU0NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNmNTE3MGRjODRhNDFhMTUzYTlmZDQwZGQxYWQyZjU2Yzg4MjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZD6jwTz4fLHXcsfDJMBj7xuXgtS
Oq4khi2gP5VZZBl4seIxzMsoMfiW2nuy3V8pOmauHpvr/g446Bb50fsqZBDJ/tgY
v3D0Kk8usYxN7GzOLav9nj5FNSNEjYMGN46iYFPSGzNiwN3REhnxj8Jj7xpa5FoO
BCpQt8unjjOLtRMAa5VsMP1Nzi59LTLIIR5s4t3b7DfGLEhYK3fS7ncA+nzCJ1VX
kc6ZcIas848N7Wx2er00+kyN8kBpautxkxGlPwGzdOEQAIL4K8NIwOQbFe/3r4rx
K315rbA6Zs5t/eLXiZfW0nlMfYYWGrBTgISs6cdVuyz2YjxtlVIyXk5/tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvPUXDchKQaFTqf1A3RrS9WyIIkMB8GA1UdIwQY
MBaAFMI2QtGrOdMJ7F8z5OiBStw1hIJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2paQzBhczUwd25zWHpQazZJRkszRFdFZ2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lNDE2OTgtZTdhYy00MThjLWI5MWQt
MjI2Nzk2OGI2NTJmLzEvTzg5UmNOeUVwQm9WT3BfVURkR3RMMWJJZ2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lNDE2OTgtZTdhYy00MThjLWI5MWQtMjI2Nzk2OGI2NTJm
LzEvd2paQzBhczUwd25zWHpQazZJRkszRFdFZ2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTp3MA0G
CSqGSIb3DQEBCwUAA4IBAQAd7rJY1kxLayMP3OyU6C10DqICEvnYFp+aLTx9xVQE
VZvfOhfmddU1SsbJ2hCgfjOJXlbe9FGM5jM7BpGDo9RK759dz4ZoMrMgGs8Adk8r
IugYryhUmQRn00uZMSKN1yuQd0aKzKazStsVprXyhNkuEBU0zb39JTJ2RJTTMBF8
1+I/z47yW2FjLbWOa+DIXIB1vKnJTmQM7tf8VT7bTPcRNKW33M4ZZjXWIg+4bSM9
x/pM213DDoQGoQI6+bkVReLLXjdQFy68Lp184DnN1ubanr/OaatBwv4v/loa3q+5
ZRlR15Swakkb+w27Z1XYpUaUUoun0b3Atil+vsMroLlv
-----END CERTIFICATE-----