Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/dNzxn5A-O_IY4kKhDFT54XPWi98.roa
File:                     dNzxn5A-O_IY4kKhDFT54XPWi98.roa (raw, json)
Hash identifier:          hZGRgazjZI5svcWbSvqeGdQN54JXyQ8NKhSPSs0CGes=
Subject key identifier:   74:DC:F1:9F:90:3E:3B:F2:18:E2:42:A1:0C:54:F9:E1:73:D6:8B:DF
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       019A0B30B62AE7263B5BC8C29FAEFEEABC81
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/dNzxn5A-O_IY4kKhDFT54XPWi98.roa
Signing time:             Wed 22 Oct 2025 09:12:12 +0000
ROA not before:           Wed 22 Oct 2025 09:12:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.243.154.0/23 maxlen: 24
                          185.243.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 19:55:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:30:b6:2a:e7:26:3b:5b:c8:c2:9f:ae:fe:ea:bc:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Oct 22 09:12:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74dcf19f903e3bf218e242a10c54f9e173d68bdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:15:5d:f9:41:ad:e8:df:95:e4:f1:96:56:30:
                    45:b4:13:2b:b5:ae:9d:c2:1d:ca:ac:32:a8:5a:4a:
                    d2:e3:60:6d:d4:eb:79:ad:00:4b:1d:b4:68:be:1b:
                    a4:34:85:c0:f6:b8:40:6c:0f:04:aa:5b:18:7d:c4:
                    82:50:0e:3f:c6:fc:fc:26:4b:0f:89:70:7b:a4:a3:
                    88:13:c2:e4:22:71:4a:78:30:8e:a9:ff:0d:04:23:
                    d0:93:9f:d7:d3:cc:8c:b9:c6:b9:ae:c0:1e:9f:61:
                    ee:b7:50:e6:10:f4:ca:88:c4:e0:65:7c:5d:3e:98:
                    97:fa:39:68:bb:92:29:47:2d:7b:35:4f:18:e7:95:
                    ae:c9:cf:19:00:c5:4f:2c:55:2e:23:79:63:dc:3c:
                    a8:1a:35:52:ee:75:56:9c:78:7d:a9:ea:ba:23:82:
                    ed:1b:52:52:57:8e:05:10:32:3e:0c:95:ec:54:e9:
                    e7:8c:0d:3e:5d:4f:55:ae:7d:b2:02:8f:88:77:c6:
                    ab:c0:a4:a5:19:06:b1:d2:09:5b:73:33:c6:04:fc:
                    66:df:a4:31:16:60:8d:8c:c8:54:9d:06:c9:51:b8:
                    66:23:8f:e2:80:a4:00:27:60:b0:a8:ac:e7:9b:71:
                    c6:43:1b:83:fe:d5:c1:6e:4e:00:69:db:93:08:4c:
                    30:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:DC:F1:9F:90:3E:3B:F2:18:E2:42:A1:0C:54:F9:E1:73:D6:8B:DF
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/dNzxn5A-O_IY4kKhDFT54XPWi98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:5f:26:99:29:d3:07:f9:73:76:e3:ab:d4:fb:41:68:ba:ad:
         08:cb:3e:bb:7a:c0:e5:87:ac:20:31:b1:fe:58:b1:5d:02:f1:
         21:4c:5b:0b:93:79:0d:c8:95:0c:f1:b8:5f:6e:91:da:7f:e7:
         98:f2:d1:14:ba:be:9c:25:90:ef:35:53:95:3e:36:1e:27:a0:
         b6:69:69:ce:94:73:a8:2a:fe:17:74:fa:92:c2:87:70:4c:43:
         f7:17:28:29:93:64:5f:f6:b4:e6:8d:b6:84:26:82:77:f1:5d:
         37:1e:93:31:d4:7e:fe:aa:26:21:8c:f4:27:83:ce:b3:37:87:
         93:6f:ec:65:05:92:24:35:d0:83:7b:0f:33:ff:33:00:ed:95:
         11:df:70:37:2e:0e:9f:a5:a9:85:7d:09:1f:b9:16:1c:e2:3b:
         4f:b0:86:6a:eb:9b:75:29:f0:8b:d1:f8:ca:09:c0:9d:d3:af:
         b3:e7:0e:cf:89:6b:5f:94:8d:54:d8:37:4b:17:7e:29:2f:e2:
         ec:0a:86:8c:a6:48:20:93:d5:47:5d:f7:dc:71:06:4c:82:96:
         a7:db:c2:10:35:15:86:fa:cb:6e:1c:b0:9f:a2:9f:21:77:a0:
         bc:67:bc:3d:c4:de:94:36:de:1f:ec:75:97:ab:a1:13:6a:2e:
         e8:3b:f4:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoLMLYq5yY7W8jCn67+6ryBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUxMDIyMDkxMjEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGRjZjE5ZjkwM2UzYmYyMThlMjQyYTEwYzU0ZjllMTczZDY4YmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixVd+UGt6N+V5PGWVjBFtBMrta6d
wh3KrDKoWkrS42Bt1Ot5rQBLHbRovhukNIXA9rhAbA8EqlsYfcSCUA4/xvz8JksP
iXB7pKOIE8LkInFKeDCOqf8NBCPQk5/X08yMuca5rsAen2Hut1DmEPTKiMTgZXxd
PpiX+jlou5IpRy17NU8Y55Wuyc8ZAMVPLFUuI3lj3DyoGjVS7nVWnHh9qeq6I4Lt
G1JSV44FEDI+DJXsVOnnjA0+XU9Vrn2yAo+Id8arwKSlGQax0glbczPGBPxm36Qx
FmCNjMhUnQbJUbhmI4/igKQAJ2CwqKznm3HGQxuD/tXBbk4AaduTCEwwXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTc8Z+QPjvyGOJCoQxU+eFz1ovfMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvZE56eG41QS1PX0lZNGtLaERGVDU0WFBXaTk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufOaMA0G
CSqGSIb3DQEBCwUAA4IBAQAxXyaZKdMH+XN246vU+0Fouq0Iyz67esDlh6wgMbH+
WLFdAvEhTFsLk3kNyJUM8bhfbpHaf+eY8tEUur6cJZDvNVOVPjYeJ6C2aWnOlHOo
Kv4XdPqSwodwTEP3Fygpk2Rf9rTmjbaEJoJ38V03HpMx1H7+qiYhjPQng86zN4eT
b+xlBZIkNdCDew8z/zMA7ZUR33A3Lg6fpamFfQkfuRYc4jtPsIZq65t1KfCL0fjK
CcCd06+z5w7PiWtflI1U2DdLF34pL+LsCoaMpkggk9VHXffccQZMgpan28IQNRWG
+stuHLCfop8hd6C8Z7w9xN6UNt4f7HWXq6ETai7oO/S3
-----END CERTIFICATE-----