Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/X7SHg_A24l4kZdK_3UVkEqbUHCc.roa
File:                     X7SHg_A24l4kZdK_3UVkEqbUHCc.roa (raw, json)
Hash identifier:          GGhwpo65jZNoaWT6C6LuI7fdnz1I8s6oou5ziFrcPWo=
Subject key identifier:   5F:B4:87:83:F0:36:E2:5E:24:65:D2:BF:DD:45:64:12:A6:D4:1C:27
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0197C548F6D2D282A68F56F3534FA76EBF28
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/X7SHg_A24l4kZdK_3UVkEqbUHCc.roa
Signing time:             Tue 01 Jul 2025 09:19:42 +0000
ROA not before:           Tue 01 Jul 2025 09:19:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200239
IP address blocks:        185.194.30.0/24 maxlen: 24
                          185.218.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:48:f6:d2:d2:82:a6:8f:56:f3:53:4f:a7:6e:bf:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul  1 09:19:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fb48783f036e25e2465d2bfdd456412a6d41c27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1a:71:3b:80:2d:7d:14:39:9e:e1:4d:ed:c0:
                    b2:69:f0:43:78:27:e6:7c:a4:0e:e4:f6:47:7c:24:
                    0f:5c:a3:f4:c1:aa:98:31:51:e6:bb:ca:5b:57:95:
                    7a:73:05:9d:1d:77:5b:05:86:74:e1:26:7c:b9:67:
                    b1:cb:70:01:96:d4:40:94:f9:a4:f5:6a:a0:1f:3f:
                    5a:0e:7b:90:c5:61:db:e2:90:5a:eb:a5:63:2d:05:
                    64:61:be:5e:c6:ed:2f:bb:b5:8a:d6:91:a1:e1:02:
                    61:0a:2b:b4:73:83:8f:87:14:f0:5a:f8:8c:fc:99:
                    0b:d7:bd:0d:f1:6d:99:93:91:8f:72:29:f4:b3:66:
                    2a:55:88:9b:e6:6e:1e:48:bd:20:2d:e7:e5:ce:c3:
                    67:49:b3:f2:79:3b:14:5a:81:e6:e2:b8:a6:a8:4b:
                    7e:67:25:89:f8:bd:6d:8d:ba:93:57:7c:0e:e0:b5:
                    7a:f0:a4:cc:c0:0d:87:44:b5:07:1d:bd:0d:16:24:
                    b4:84:17:3b:99:27:0b:3d:68:c7:44:51:a9:fb:df:
                    64:f5:a3:08:89:d4:21:28:d5:60:9d:89:d8:40:f3:
                    59:4e:9c:bd:07:ba:0b:6b:91:97:76:a6:19:b7:d8:
                    30:b7:f9:fa:f6:d2:90:3e:d7:30:d1:3e:db:7a:d9:
                    85:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B4:87:83:F0:36:E2:5E:24:65:D2:BF:DD:45:64:12:A6:D4:1C:27
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/X7SHg_A24l4kZdK_3UVkEqbUHCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.30.0/24
                  185.218.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:4a:a0:57:11:0a:16:40:9b:e0:33:90:f7:e5:9f:4e:c1:94:
         16:3f:89:7f:9a:ee:99:f2:3c:cb:a6:c0:7e:3b:aa:03:97:01:
         c4:ea:93:e8:05:2e:af:80:92:ca:a4:c8:f2:3c:de:d4:52:34:
         c1:ab:d0:ef:7b:ef:8a:51:e5:b5:c2:07:d6:df:66:9c:ed:2d:
         13:ca:3c:45:ce:50:ea:68:56:52:52:07:64:90:83:55:43:60:
         d6:1c:79:75:a8:4b:be:ca:bb:d6:57:e7:ad:6c:17:e4:90:31:
         84:0e:44:ec:c7:a2:e1:55:51:04:54:b4:c1:03:e2:7f:a1:ff:
         6a:7f:42:ea:de:78:88:90:cd:21:a9:8b:e7:b3:e0:d0:3a:2e:
         f8:e0:21:60:24:fa:08:c0:8e:72:6d:97:a1:e8:8f:78:90:c5:
         f7:71:78:d0:a8:38:f1:dd:ee:07:88:cf:0b:c3:42:65:a0:a9:
         58:cc:2d:85:a5:88:d7:ac:3b:60:75:50:a1:c5:e2:bf:b2:0e:
         31:e6:48:5c:04:64:1c:da:7d:ae:5a:dd:8c:73:28:46:4e:03:
         91:3e:b5:4b:9f:a0:33:10:d8:9b:18:59:00:e9:96:b3:a7:3d:
         dc:42:ae:c7:d2:84:76:61:7b:a2:4d:23:00:f8:17:20:c1:13:
         de:c4:37:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfFSPbS0oKmj1bzU0+nbr8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNzAxMDkxOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI0ODc4M2YwMzZlMjVlMjQ2NWQyYmZkZDQ1NjQxMmE2ZDQxYzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RpxO4AtfRQ5nuFN7cCyafBDeCfm
fKQO5PZHfCQPXKP0waqYMVHmu8pbV5V6cwWdHXdbBYZ04SZ8uWexy3ABltRAlPmk
9WqgHz9aDnuQxWHb4pBa66VjLQVkYb5exu0vu7WK1pGh4QJhCiu0c4OPhxTwWviM
/JkL170N8W2Zk5GPcin0s2YqVYib5m4eSL0gLeflzsNnSbPyeTsUWoHm4rimqEt+
ZyWJ+L1tjbqTV3wO4LV68KTMwA2HRLUHHb0NFiS0hBc7mScLPWjHRFGp+99k9aMI
idQhKNVgnYnYQPNZTpy9B7oLa5GXdqYZt9gwt/n69tKQPtcw0T7betmFywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF+0h4PwNuJeJGXSv91FZBKm1BwnMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWDdTSGdfQTI0bDRrWmRLXzNVVmtFcWJVSENjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucIeAwQA
udplMA0GCSqGSIb3DQEBCwUAA4IBAQCySqBXEQoWQJvgM5D35Z9OwZQWP4l/mu6Z
8jzLpsB+O6oDlwHE6pPoBS6vgJLKpMjyPN7UUjTBq9Dve++KUeW1wgfW32ac7S0T
yjxFzlDqaFZSUgdkkINVQ2DWHHl1qEu+yrvWV+etbBfkkDGEDkTsx6LhVVEEVLTB
A+J/of9qf0Lq3niIkM0hqYvns+DQOi744CFgJPoIwI5ybZeh6I94kMX3cXjQqDjx
3e4HiM8Lw0JloKlYzC2FpYjXrDtgdVChxeK/sg4x5khcBGQc2n2uWt2McyhGTgOR
PrVLn6AzENibGFkA6Zazpz3cQq7H0oR2YXuiTSMA+BcgwRPexDfH
-----END CERTIFICATE-----