Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QLsD-OflgrNfVrCu5ag87FjA3yY.roa
File:                     QLsD-OflgrNfVrCu5ag87FjA3yY.roa (raw, json)
Hash identifier:          JNqYauqae+Qj1/iwb4lAZ/FH5680SIqMfgtc5UasmTU=
Subject key identifier:   40:BB:03:F8:E7:E5:82:B3:5F:56:B0:AE:E5:A8:3C:EC:58:C0:DF:26
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019A67D3FE9F626C2855FF7F28F2872AD81B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QLsD-OflgrNfVrCu5ag87FjA3yY.roa
Signing time:             Sun 09 Nov 2025 08:55:37 +0000
ROA not before:           Sun 09 Nov 2025 08:55:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        185.220.248.0/24 maxlen: 24
                          185.225.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Nov 2025 15:37:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:67:d3:fe:9f:62:6c:28:55:ff:7f:28:f2:87:2a:d8:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  9 08:55:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40bb03f8e7e582b35f56b0aee5a83cec58c0df26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8d:9a:8b:44:41:81:71:a3:73:20:66:64:b9:
                    bf:89:6b:58:02:0a:e4:92:b3:4f:61:e3:b4:27:ab:
                    af:b9:83:5c:07:6d:e4:ac:c5:cf:5d:43:70:c5:af:
                    6b:44:54:c2:25:cf:59:6f:4b:7b:33:e7:05:4c:f9:
                    72:e6:90:6f:b8:c6:04:f5:d7:94:68:41:ba:31:43:
                    fd:12:e5:b0:6a:24:68:63:57:9e:82:61:89:6d:d1:
                    7d:55:02:cd:08:b9:69:15:da:26:46:0d:38:e0:38:
                    d1:71:12:d9:43:a2:55:45:31:10:7a:a0:e3:c3:b0:
                    14:1c:51:23:bc:37:18:e0:46:95:60:8a:5b:b5:b8:
                    f4:ca:0e:2f:89:b9:83:de:be:66:58:07:ed:28:fa:
                    e2:fd:c7:81:5e:25:a4:f9:fb:b9:fa:99:cf:98:5c:
                    1b:3b:72:e5:e5:02:14:ef:06:c8:57:e1:e9:fd:a2:
                    7d:cc:e9:a6:7f:3a:0d:34:38:4a:89:3a:87:22:a0:
                    dc:74:9f:e6:56:b6:13:43:82:4d:5c:1b:57:6c:d7:
                    a6:e0:ae:02:bb:24:e6:db:6c:cd:09:44:22:9d:1c:
                    2c:00:6a:86:ff:01:3e:71:3d:75:37:1b:ca:5e:53:
                    3b:64:0f:35:9b:87:45:96:24:31:3d:bd:3a:f8:bd:
                    8d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:BB:03:F8:E7:E5:82:B3:5F:56:B0:AE:E5:A8:3C:EC:58:C0:DF:26
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QLsD-OflgrNfVrCu5ag87FjA3yY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.248.0/24
                  185.225.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ec:63:4f:69:8f:7c:e8:56:c0:c1:1e:37:0d:94:6d:f5:09:
         43:88:e6:2b:9b:57:07:a1:f3:7e:11:2a:da:12:e8:71:4d:89:
         b1:e8:58:5e:6f:56:c0:43:c5:3f:37:40:4e:ce:e3:41:20:cd:
         85:26:fc:51:31:7e:74:ac:36:a7:2d:68:98:c9:d6:63:cf:d7:
         58:84:59:c6:42:f8:0b:44:1e:51:6b:13:61:d2:c9:3e:81:e4:
         f1:b4:4f:74:f1:47:67:38:00:45:a5:93:70:7f:7e:7d:0a:b2:
         65:ef:de:20:07:64:ad:d1:5f:08:96:72:43:c4:2b:92:c5:28:
         9f:7a:06:e7:61:e4:16:64:43:6d:b5:7e:a0:83:b2:9d:34:da:
         ad:e7:06:6c:82:f5:04:aa:f8:c4:c3:5f:5e:b2:f9:e0:71:17:
         8b:c7:f0:e1:65:e7:15:d0:2c:33:03:e2:b1:46:9a:59:99:b8:
         0d:5a:70:9c:2f:b2:cd:5d:90:a7:7e:ff:04:23:5a:45:6f:b1:
         dc:87:14:56:6a:d5:6c:8c:ac:f5:ab:38:79:64:e4:a7:2e:95:
         07:c6:c1:24:91:7c:17:8d:1f:5b:ff:5c:c0:ad:08:30:e9:32:
         e5:26:30:4e:7f:dd:4c:df:40:ce:57:6b:db:e4:1a:e3:4a:f3:
         86:55:f3:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpn0/6fYmwoVf9/KPKHKtgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUxMTA5MDg1NTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGJiMDNmOGU3ZTU4MmIzNWY1NmIwYWVlNWE4M2NlYzU4YzBkZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwo2ai0RBgXGjcyBmZLm/iWtYAgrk
krNPYeO0J6uvuYNcB23krMXPXUNwxa9rRFTCJc9Zb0t7M+cFTPly5pBvuMYE9deU
aEG6MUP9EuWwaiRoY1eegmGJbdF9VQLNCLlpFdomRg044DjRcRLZQ6JVRTEQeqDj
w7AUHFEjvDcY4EaVYIpbtbj0yg4vibmD3r5mWAftKPri/ceBXiWk+fu5+pnPmFwb
O3Ll5QIU7wbIV+Hp/aJ9zOmmfzoNNDhKiTqHIqDcdJ/mVrYTQ4JNXBtXbNem4K4C
uyTm22zNCUQinRwsAGqG/wE+cT11NxvKXlM7ZA81m4dFliQxPb06+L2N0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEC7A/jn5YKzX1awruWoPOxYwN8mMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUUxzRC1PZmxnck5mVnJDdTVhZzg3RmpBM3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudz4AwQA
ueEBMA0GCSqGSIb3DQEBCwUAA4IBAQBS7GNPaY986FbAwR43DZRt9QlDiOYrm1cH
ofN+ESraEuhxTYmx6Fheb1bAQ8U/N0BOzuNBIM2FJvxRMX50rDanLWiYydZjz9dY
hFnGQvgLRB5RaxNh0sk+geTxtE908UdnOABFpZNwf359CrJl794gB2St0V8IlnJD
xCuSxSifegbnYeQWZENttX6gg7KdNNqt5wZsgvUEqvjEw19esvngcReLx/DhZecV
0CwzA+KxRppZmbgNWnCcL7LNXZCnfv8EI1pFb7HchxRWatVsjKz1qzh5ZOSnLpUH
xsEkkXwXjR9b/1zArQgw6TLlJjBOf91M30DOV2vb5BrjSvOGVfPG
-----END CERTIFICATE-----