Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/441755-b52f-4fb6-b3ef-7acbc6c9f985/1/DwKvg1G8x5cv5u3Gv7EK4EcgDbs.roa
File:                     DwKvg1G8x5cv5u3Gv7EK4EcgDbs.roa (raw, json)
Hash identifier:          hjUmhWRtdpUgPrX1NItRvu79MTnpfYFNp3hBghbYUH8=
Subject key identifier:   0F:02:AF:83:51:BC:C7:97:2F:E6:ED:C6:BF:B1:0A:E0:47:20:0D:BB
Certificate issuer:       /CN=af27d45fc18ba917ab1e89a17ef0b63609848224
Certificate serial:       0195BFB38BE8A7B605D1F8694E93B9EB9A04
Authority key identifier: AF:27:D4:5F:C1:8B:A9:17:AB:1E:89:A1:7E:F0:B6:36:09:84:82:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ryfUX8GLqRerHomhfvC2NgmEgiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/441755-b52f-4fb6-b3ef-7acbc6c9f985/1/DwKvg1G8x5cv5u3Gv7EK4EcgDbs.roa
Signing time:             Sat 22 Mar 2025 21:12:49 +0000
ROA not before:           Sat 22 Mar 2025 21:12:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57844
IP address blocks:        185.182.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/441755-b52f-4fb6-b3ef-7acbc6c9f985/1/ryfUX8GLqRerHomhfvC2NgmEgiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/441755-b52f-4fb6-b3ef-7acbc6c9f985/1/ryfUX8GLqRerHomhfvC2NgmEgiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ryfUX8GLqRerHomhfvC2NgmEgiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bf:b3:8b:e8:a7:b6:05:d1:f8:69:4e:93:b9:eb:9a:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af27d45fc18ba917ab1e89a17ef0b63609848224
        Validity
            Not Before: Mar 22 21:12:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f02af8351bcc7972fe6edc6bfb10ae047200dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5c:1a:05:28:62:df:3f:c8:af:de:4b:63:b3:
                    9b:b5:0c:28:98:7e:93:dc:a0:2e:38:b6:86:c1:c6:
                    f0:2b:54:e8:a7:58:9d:85:ab:e5:0e:62:5f:f8:42:
                    78:6c:f6:9b:62:a2:61:32:8e:d1:4f:f0:48:8f:17:
                    9e:66:df:6b:da:a1:dc:f8:ed:bd:e9:13:53:69:e4:
                    6e:ea:25:d8:bb:a4:bb:e0:0c:7b:ab:19:86:5d:e1:
                    3c:2f:f7:ae:b4:81:18:8e:1e:cd:1d:d9:84:f8:cd:
                    31:2e:7c:a2:0d:95:50:53:76:87:72:b2:e1:8c:d4:
                    c8:cf:4c:da:2a:99:a3:dd:74:54:87:91:9c:c2:10:
                    8a:55:16:cc:a7:dd:88:18:dc:cd:5f:a9:ae:48:e8:
                    6d:6c:32:36:59:15:08:d3:02:e7:c8:e7:f6:f7:94:
                    b2:ae:d6:b5:31:f2:bc:0b:e7:10:55:5e:f3:f8:91:
                    a0:43:64:06:50:09:d2:f0:26:94:c5:7b:31:e2:a6:
                    54:f3:20:aa:a0:bf:1f:12:76:11:52:f4:28:4b:89:
                    bf:99:cf:49:95:9a:8a:f8:c1:78:4e:e2:68:eb:5a:
                    00:e1:4f:b5:3f:cf:26:95:53:52:13:f5:61:da:aa:
                    1a:3d:95:f6:b2:71:0d:4c:fc:e1:37:bc:da:27:cd:
                    bb:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:02:AF:83:51:BC:C7:97:2F:E6:ED:C6:BF:B1:0A:E0:47:20:0D:BB
            X509v3 Authority Key Identifier:
                keyid:AF:27:D4:5F:C1:8B:A9:17:AB:1E:89:A1:7E:F0:B6:36:09:84:82:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ryfUX8GLqRerHomhfvC2NgmEgiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/441755-b52f-4fb6-b3ef-7acbc6c9f985/1/DwKvg1G8x5cv5u3Gv7EK4EcgDbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/441755-b52f-4fb6-b3ef-7acbc6c9f985/1/ryfUX8GLqRerHomhfvC2NgmEgiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:29:0b:f8:97:87:17:87:4d:5b:88:0e:d7:2f:b5:7c:a1:eb:
         fc:db:e8:59:00:92:0c:39:65:29:c6:8e:e7:0b:04:0c:62:73:
         1c:13:b8:6c:76:5b:71:73:c9:4e:77:95:a0:3d:f0:86:d0:e0:
         d4:0b:59:63:f9:67:85:db:31:24:7f:7b:04:1a:f6:d1:db:41:
         cd:af:8a:a0:e3:1e:39:46:6d:02:2f:53:6c:75:f9:ba:ee:d7:
         cd:6e:87:90:7c:10:24:36:36:8d:d6:52:8e:fb:45:05:2b:4a:
         15:15:b4:a8:39:b3:90:cd:74:59:ad:67:b1:79:c6:b2:7e:05:
         1d:9e:53:a9:5a:ed:b3:c5:d0:a9:d3:a2:b9:18:da:b0:aa:48:
         3c:76:34:11:75:98:12:2d:fe:75:1d:bf:22:74:e1:18:04:25:
         2f:2b:6c:40:5f:6f:a0:69:1d:e2:e9:15:2c:1e:cb:b9:ae:b0:
         c4:b1:1f:5d:0c:d6:8c:c1:6f:e5:cd:eb:7e:c5:3e:9a:6b:65:
         6e:94:86:7a:b7:72:c9:b8:d6:f6:a1:73:75:0d:c2:8d:20:da:
         67:ed:9a:5a:e3:a2:35:15:b5:6d:70:d1:64:29:30:ef:d8:75:
         52:93:cb:d5:f1:d1:05:11:b1:89:3c:f4:6c:8b:5f:36:39:c2:
         08:2c:24:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW/s4vop7YF0fhpTpO565oEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMjdkNDVmYzE4YmE5MTdhYjFlODlhMTdlZjBiNjM2MDk4
NDgyMjQwHhcNMjUwMzIyMjExMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjAyYWY4MzUxYmNjNzk3MmZlNmVkYzZiZmIxMGFlMDQ3MjAwZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFwaBShi3z/Ir95LY7ObtQwomH6T
3KAuOLaGwcbwK1Top1idhavlDmJf+EJ4bPabYqJhMo7RT/BIjxeeZt9r2qHc+O29
6RNTaeRu6iXYu6S74Ax7qxmGXeE8L/eutIEYjh7NHdmE+M0xLnyiDZVQU3aHcrLh
jNTIz0zaKpmj3XRUh5GcwhCKVRbMp92IGNzNX6muSOhtbDI2WRUI0wLnyOf295Sy
rta1MfK8C+cQVV7z+JGgQ2QGUAnS8CaUxXsx4qZU8yCqoL8fEnYRUvQoS4m/mc9J
lZqK+MF4TuJo61oA4U+1P88mlVNSE/Vh2qoaPZX2snENTPzhN7zaJ8273QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8Cr4NRvMeXL+btxr+xCuBHIA27MB8GA1UdIwQY
MBaAFK8n1F/Bi6kXqx6JoX7wtjYJhIIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnlmVVg4R0xxUmVySG9taGZ2QzJOZ21FZ2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80NDE3NTUtYjUyZi00ZmI2LWIzZWYt
N2FjYmM2YzlmOTg1LzEvRHdLdmcxRzh4NWN2NXUzR3Y3RUs0RWNnRGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80NDE3NTUtYjUyZi00ZmI2LWIzZWYtN2FjYmM2YzlmOTg1
LzEvcnlmVVg4R0xxUmVySG9taGZ2QzJOZ21FZ2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuba8MA0G
CSqGSIb3DQEBCwUAA4IBAQB5KQv4l4cXh01biA7XL7V8oev82+hZAJIMOWUpxo7n
CwQMYnMcE7hsdltxc8lOd5WgPfCG0ODUC1lj+WeF2zEkf3sEGvbR20HNr4qg4x45
Rm0CL1Nsdfm67tfNboeQfBAkNjaN1lKO+0UFK0oVFbSoObOQzXRZrWexecayfgUd
nlOpWu2zxdCp06K5GNqwqkg8djQRdZgSLf51Hb8idOEYBCUvK2xAX2+gaR3i6RUs
Hsu5rrDEsR9dDNaMwW/lzet+xT6aa2VulIZ6t3LJuNb2oXN1DcKNINpn7Zpa46I1
FbVtcNFkKTDv2HVSk8vV8dEFEbGJPPRsi182OcIILCSI
-----END CERTIFICATE-----