Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/2twjNLFkFcozqB2mxvJuU68jmLE.roa
File:                     2twjNLFkFcozqB2mxvJuU68jmLE.roa (raw, json)
Hash identifier:          bmPLLc6O0eQwT076W3enAv0kmhMTqCUb/iSa3KHqzmE=
Subject key identifier:   DA:DC:23:34:B1:64:15:CA:33:A8:1D:A6:C6:F2:6E:53:AF:23:98:B1
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0198F19787EB42886EA7D07BF777F850C8D2
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/2twjNLFkFcozqB2mxvJuU68jmLE.roa
Signing time:             Thu 28 Aug 2025 16:51:36 +0000
ROA not before:           Thu 28 Aug 2025 16:51:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205380
IP address blocks:        104.238.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 13:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f1:97:87:eb:42:88:6e:a7:d0:7b:f7:77:f8:50:c8:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Aug 28 16:51:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dadc2334b16415ca33a81da6c6f26e53af2398b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fd:5b:13:d6:b1:b0:6d:27:ac:e4:a8:97:dd:
                    ce:8c:3b:7b:03:42:fe:f9:94:f0:7a:df:aa:f5:5c:
                    b0:be:a1:8e:52:57:82:34:2d:68:b8:b4:e0:b8:d9:
                    e0:c1:94:9a:ed:9e:4d:fd:1a:63:64:98:e7:2a:19:
                    bc:07:72:26:fa:af:b4:ad:6e:4f:5e:f4:91:cd:00:
                    68:70:a0:3b:4c:eb:12:ce:e4:a0:19:7d:61:1d:72:
                    f1:18:8d:4f:cb:90:e7:aa:36:25:de:cb:97:98:07:
                    91:43:fc:3b:a4:b5:55:5e:da:79:94:fb:98:52:55:
                    6a:f4:50:e6:b7:02:84:21:36:0d:75:8c:2a:09:70:
                    6a:8f:26:c2:a5:57:f6:33:bb:3a:50:1c:49:6e:54:
                    9c:2c:60:32:aa:36:04:e0:55:fc:59:87:7b:10:dc:
                    bb:30:d6:d4:4c:d1:5e:e0:78:fb:29:a3:58:e0:e4:
                    7e:c7:0c:33:e7:f5:50:b1:d3:55:e1:88:77:c7:93:
                    14:c8:67:fc:6f:19:61:3b:a2:48:c6:5f:e2:ca:cd:
                    70:46:13:9d:d4:02:a3:58:87:dd:da:34:d1:55:a5:
                    e8:64:aa:b3:38:d6:ce:4d:0b:67:a4:be:81:04:78:
                    02:38:74:60:56:c8:b8:ac:7d:5d:b1:42:15:5e:3d:
                    4e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:DC:23:34:B1:64:15:CA:33:A8:1D:A6:C6:F2:6E:53:AF:23:98:B1
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/2twjNLFkFcozqB2mxvJuU68jmLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:9c:6e:48:84:18:12:7d:98:a4:54:b0:32:4c:4f:ab:cd:97:
         1b:fe:7c:c6:db:69:08:a3:c4:49:c1:27:1a:5a:03:a7:05:37:
         4e:5c:9a:a7:27:73:8f:82:35:e0:9e:6e:21:49:07:b9:38:f2:
         41:ea:f9:13:73:ec:66:05:0e:e4:65:43:02:e9:4f:3c:d2:f4:
         a5:55:7a:20:10:3d:97:0c:59:18:5e:c5:76:a7:e7:bd:a9:c5:
         0f:97:69:74:75:b9:77:6b:45:66:e8:45:c7:68:3a:a6:f2:19:
         9d:fa:12:9a:75:63:02:d4:c5:bb:3e:50:f5:59:6d:dc:22:bb:
         89:3f:7a:3c:b1:a2:1b:ff:87:aa:72:56:31:e5:6a:29:ea:c6:
         9f:f2:a7:79:47:2d:05:9a:c0:10:0c:c0:aa:9c:4c:90:ee:59:
         2b:a3:d0:d7:72:e1:bf:3a:6c:c1:e7:1f:89:64:8a:6b:57:a4:
         20:30:5b:57:04:e3:c8:21:3d:59:df:77:28:a2:c2:7e:8b:82:
         be:4b:42:9a:e9:65:38:02:b0:e9:fc:2b:25:19:ce:38:3c:4b:
         75:2d:8b:01:93:5b:38:60:38:e2:09:ec:65:44:19:0a:b0:49:
         ac:a9:24:9b:63:44:8a:53:c3:cb:be:85:f9:fb:0b:14:6d:57:
         25:95:01:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjxl4frQohup9B793f4UMjSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwODI4MTY1MTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWRjMjMzNGIxNjQxNWNhMzNhODFkYTZjNmYyNmU1M2FmMjM5OGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1f1bE9axsG0nrOSol93OjDt7A0L+
+ZTwet+q9VywvqGOUleCNC1ouLTguNngwZSa7Z5N/RpjZJjnKhm8B3Im+q+0rW5P
XvSRzQBocKA7TOsSzuSgGX1hHXLxGI1Py5DnqjYl3suXmAeRQ/w7pLVVXtp5lPuY
UlVq9FDmtwKEITYNdYwqCXBqjybCpVf2M7s6UBxJblScLGAyqjYE4FX8WYd7ENy7
MNbUTNFe4Hj7KaNY4OR+xwwz5/VQsdNV4Yh3x5MUyGf8bxlhO6JIxl/iys1wRhOd
1AKjWIfd2jTRVaXoZKqzONbOTQtnpL6BBHgCOHRgVsi4rH1dsUIVXj1OPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrcIzSxZBXKM6gdpsbyblOvI5ixMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvMnR3ak5MRmtGY296cUIybXh2SnVVNjhqbUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaO4aMA0G
CSqGSIb3DQEBCwUAA4IBAQBYnG5IhBgSfZikVLAyTE+rzZcb/nzG22kIo8RJwSca
WgOnBTdOXJqnJ3OPgjXgnm4hSQe5OPJB6vkTc+xmBQ7kZUMC6U880vSlVXogED2X
DFkYXsV2p+e9qcUPl2l0dbl3a0Vm6EXHaDqm8hmd+hKadWMC1MW7PlD1WW3cIruJ
P3o8saIb/4eqclYx5Wop6saf8qd5Ry0FmsAQDMCqnEyQ7lkro9DXcuG/OmzB5x+J
ZIprV6QgMFtXBOPIIT1Z33coosJ+i4K+S0Ka6WU4ArDp/CslGc44PEt1LYsBk1s4
YDjiCexlRBkKsEmsqSSbY0SKU8PLvoX5+wsUbVcllQFe
-----END CERTIFICATE-----