Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/HAicZvITeyleor-6egpXMr7Qpw4.roa
File:                     HAicZvITeyleor-6egpXMr7Qpw4.roa (raw, json)
Hash identifier:          e7xMYcGEuBR+nLo70n2qEgYYrjFEpdzgW97wkgGJRs0=
Subject key identifier:   1C:08:9C:66:F2:13:7B:29:5E:A2:BF:BA:7A:0A:57:32:BE:D0:A7:0E
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0199245D15EFD1231EFA166AFC359071C3F7
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/HAicZvITeyleor-6egpXMr7Qpw4.roa
Signing time:             Sun 07 Sep 2025 13:28:24 +0000
ROA not before:           Sun 07 Sep 2025 13:28:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1004
IP address blocks:        89.44.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 21:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:24:5d:15:ef:d1:23:1e:fa:16:6a:fc:35:90:71:c3:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Sep  7 13:28:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c089c66f2137b295ea2bfba7a0a5732bed0a70e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a0:f6:6b:73:8b:d2:00:83:e4:01:2c:3e:18:
                    a2:47:8b:c7:7d:cb:71:66:e9:48:25:b9:66:e8:d6:
                    9a:fc:e7:8b:f1:c8:9d:99:0f:f1:c4:02:39:91:aa:
                    53:bc:b7:72:5e:5a:c6:6f:76:44:36:f6:19:37:1a:
                    8c:80:c8:3a:b4:f2:24:cf:db:e1:13:fd:d3:5a:26:
                    76:e8:b3:01:3d:1b:1e:2d:5c:5c:79:c9:83:5a:8f:
                    3f:e0:9a:1a:a2:1b:31:87:1c:3e:1b:2d:f7:41:d5:
                    df:af:29:66:83:57:b8:45:d4:db:83:fc:3d:50:b6:
                    0e:48:55:38:72:89:9e:89:0b:97:cb:e3:08:f8:ef:
                    cc:bc:6e:ab:9f:13:72:30:9f:bb:d8:2c:e6:05:f4:
                    00:d2:30:83:b7:d4:b3:5f:b6:bf:5b:90:6f:86:1c:
                    ca:43:9e:30:6c:09:bb:a1:f1:c6:2b:89:12:3e:33:
                    aa:fa:45:63:05:f4:4a:da:8a:16:33:c1:e3:d5:92:
                    c3:91:c9:31:8d:29:59:05:d5:0e:de:30:8c:ba:e1:
                    5b:02:4e:e1:6e:0a:7d:47:d4:52:bc:17:e0:92:80:
                    b7:85:d9:c0:8d:f6:82:46:20:53:f2:07:7f:95:fd:
                    83:36:5e:5e:8e:1e:99:ab:81:19:f8:1d:6b:7f:3b:
                    62:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:08:9C:66:F2:13:7B:29:5E:A2:BF:BA:7A:0A:57:32:BE:D0:A7:0E
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/HAicZvITeyleor-6egpXMr7Qpw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:a9:84:27:52:e6:30:6c:54:c5:14:4a:c9:6d:19:b1:fe:cc:
         84:17:54:37:7a:b2:9a:6f:97:75:fa:99:4d:a5:e5:09:01:9e:
         c7:a6:9a:cc:85:f9:76:61:1e:77:1c:bf:57:4d:c8:d8:1e:29:
         65:c9:f9:c2:21:84:46:33:e0:2d:53:98:86:a7:33:24:e5:87:
         5b:62:0e:a5:e1:a2:7c:68:b7:91:6c:88:91:36:65:b3:d3:a3:
         c4:a4:eb:d4:78:70:dd:87:b1:6e:75:62:b9:65:86:b7:81:99:
         e6:07:b4:1b:fa:15:54:5c:41:16:45:c9:39:99:75:73:80:9f:
         c7:9f:33:7d:d3:32:88:b9:d3:75:93:55:91:61:12:87:85:5c:
         7d:65:1a:af:80:46:fa:58:c2:e2:e4:58:62:d8:d2:7b:a3:2c:
         e3:9d:4d:d9:3c:8e:0a:ff:75:f5:48:52:47:6f:1b:c5:b3:13:
         65:30:e7:3e:3e:24:c4:fe:05:af:9b:df:31:05:be:1f:46:2d:
         9f:4d:d1:c8:1a:12:30:ec:70:b3:57:fc:56:fc:4c:b8:bf:33:
         8a:6c:d0:8f:8d:cd:9c:57:94:70:fe:56:cd:b9:06:70:df:71:
         3c:be:94:5e:18:ca:74:b6:7b:68:33:e9:c1:6c:be:49:db:92:
         72:95:2c:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkkXRXv0SMe+hZq/DWQccP3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwOTA3MTMyODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzA4OWM2NmYyMTM3YjI5NWVhMmJmYmE3YTBhNTczMmJlZDBhNzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqD2a3OL0gCD5AEsPhiiR4vHfctx
ZulIJblm6Naa/OeL8cidmQ/xxAI5kapTvLdyXlrGb3ZENvYZNxqMgMg6tPIkz9vh
E/3TWiZ26LMBPRseLVxcecmDWo8/4Joaohsxhxw+Gy33QdXfrylmg1e4RdTbg/w9
ULYOSFU4comeiQuXy+MI+O/MvG6rnxNyMJ+72CzmBfQA0jCDt9SzX7a/W5BvhhzK
Q54wbAm7ofHGK4kSPjOq+kVjBfRK2ooWM8Hj1ZLDkckxjSlZBdUO3jCMuuFbAk7h
bgp9R9RSvBfgkoC3hdnAjfaCRiBT8gd/lf2DNl5ejh6Zq4EZ+B1rfztilQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwInGbyE3spXqK/unoKVzK+0KcOMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvSEFpY1p2SVRleWxlb3ItNmVncFhNcjdRcHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzxMA0G
CSqGSIb3DQEBCwUAA4IBAQBaqYQnUuYwbFTFFErJbRmx/syEF1Q3erKab5d1+plN
peUJAZ7HpprMhfl2YR53HL9XTcjYHillyfnCIYRGM+AtU5iGpzMk5YdbYg6l4aJ8
aLeRbIiRNmWz06PEpOvUeHDdh7FudWK5ZYa3gZnmB7Qb+hVUXEEWRck5mXVzgJ/H
nzN90zKIudN1k1WRYRKHhVx9ZRqvgEb6WMLi5Fhi2NJ7oyzjnU3ZPI4K/3X1SFJH
bxvFsxNlMOc+PiTE/gWvm98xBb4fRi2fTdHIGhIw7HCzV/xW/Ey4vzOKbNCPjc2c
V5Rw/lbNuQZw33E8vpReGMp0tntoM+nBbL5J25JylSzo
-----END CERTIFICATE-----