Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/H2BNPmlBfhtAsDApleTz64AWPsM.roa
File:                     H2BNPmlBfhtAsDApleTz64AWPsM.roa (raw, json)
Hash identifier:          guAQsXA/mb8umz46ROZO5L8VAidQfknhPYv2sReEc38=
Subject key identifier:   1F:60:4D:3E:69:41:7E:1B:40:B0:30:29:95:E4:F3:EB:80:16:3E:C3
Certificate issuer:       /CN=c089de2f42fcf44a4daab6a824c120abb8b7165d
Certificate serial:       0198EAA8BF721338DDF7BCF35D7921FB6268
Authority key identifier: C0:89:DE:2F:42:FC:F4:4A:4D:AA:B6:A8:24:C1:20:AB:B8:B7:16:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIneL0L89EpNqraoJMEgq7i3Fl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/H2BNPmlBfhtAsDApleTz64AWPsM.roa
Signing time:             Wed 27 Aug 2025 08:33:04 +0000
ROA not before:           Wed 27 Aug 2025 08:33:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47239
IP address blocks:        185.176.64.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/wIneL0L89EpNqraoJMEgq7i3Fl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/wIneL0L89EpNqraoJMEgq7i3Fl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIneL0L89EpNqraoJMEgq7i3Fl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:a8:bf:72:13:38:dd:f7:bc:f3:5d:79:21:fb:62:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089de2f42fcf44a4daab6a824c120abb8b7165d
        Validity
            Not Before: Aug 27 08:33:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f604d3e69417e1b40b0302995e4f3eb80163ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:35:cf:93:3d:41:4d:ae:68:1f:8f:82:e4:a6:
                    18:12:d3:09:e4:6b:81:49:81:cd:e3:19:d1:49:df:
                    99:57:0b:51:c2:a5:2a:55:8f:6f:9a:69:cc:1a:95:
                    16:02:17:a6:91:a2:08:9e:e0:7b:1c:06:c7:9c:bb:
                    4a:d3:fc:b8:11:4b:03:c0:62:fa:b0:bf:50:0c:5f:
                    78:c0:c5:a5:37:c1:b9:dd:78:4f:6d:fd:33:49:12:
                    e8:71:fa:8f:57:2a:8f:24:bc:3e:2f:fd:5d:10:cb:
                    35:92:a8:44:bf:c8:af:64:4b:47:19:c7:14:7f:75:
                    e9:fa:ac:14:39:3d:0a:c3:f6:02:7d:09:87:b3:2b:
                    e9:b0:36:a0:d4:1e:9a:0a:22:61:0e:cd:d2:45:9b:
                    b7:6e:cc:1d:a5:1c:4b:bb:5f:4d:a0:f1:4d:ab:e1:
                    9e:28:78:87:da:49:67:dc:85:ad:d0:37:fc:b1:5e:
                    92:06:81:26:44:48:96:a1:79:43:4e:48:20:71:f8:
                    82:a2:48:fa:b9:b7:f7:ff:be:1d:f0:a0:85:e1:1e:
                    2d:19:fc:0c:20:28:f1:6d:5d:f7:57:86:72:bc:14:
                    50:b7:76:70:d9:2b:3f:64:1e:5d:11:9c:c9:ae:05:
                    d0:70:da:0a:7f:32:d6:f2:74:37:60:9e:bd:eb:9e:
                    be:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:60:4D:3E:69:41:7E:1B:40:B0:30:29:95:E4:F3:EB:80:16:3E:C3
            X509v3 Authority Key Identifier:
                keyid:C0:89:DE:2F:42:FC:F4:4A:4D:AA:B6:A8:24:C1:20:AB:B8:B7:16:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIneL0L89EpNqraoJMEgq7i3Fl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/H2BNPmlBfhtAsDApleTz64AWPsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/wIneL0L89EpNqraoJMEgq7i3Fl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:f7:76:df:f5:78:e1:58:94:c6:ca:58:25:78:0b:95:ec:8e:
         00:47:80:ec:82:5f:d0:e6:0d:6d:fe:ac:02:04:93:bf:10:29:
         b2:05:de:a2:29:fa:01:3a:46:bc:72:6d:51:fd:74:6f:c0:95:
         11:54:b5:89:c8:fe:65:fc:4e:f5:19:f4:5f:1d:b9:15:43:35:
         81:4b:65:92:4d:74:1a:d5:cd:5f:1b:94:9c:7f:12:18:fc:15:
         55:da:1f:f3:49:62:cf:de:66:79:0a:60:38:9f:4f:1e:a7:39:
         cb:e8:f6:f2:ec:c1:b7:02:4f:a3:11:88:1f:26:57:e2:9a:25:
         60:7b:db:8f:89:20:1b:61:18:70:7f:bf:00:50:87:d9:63:8a:
         14:34:ae:33:32:a8:82:34:fc:e8:85:81:15:96:11:df:b8:b3:
         d8:96:32:ff:b1:ef:13:b9:db:a5:52:10:fa:d8:4b:32:6d:04:
         41:1f:26:5d:13:5c:a0:c0:46:7c:ab:c5:75:2d:e8:8a:84:de:
         04:39:a3:36:df:87:2a:af:9b:44:f9:77:fb:e9:92:1c:05:4a:
         b5:ea:6d:5e:7a:f5:29:33:98:cf:1a:e1:78:13:06:f3:61:e6:
         65:d4:4f:a6:6e:1e:1d:86:67:38:97:f5:c1:36:4f:10:41:5d:
         74:b1:30:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjqqL9yEzjd97zzXXkh+2JoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODlkZTJmNDJmY2Y0NGE0ZGFhYjZhODI0YzEyMGFiYjhi
NzE2NWQwHhcNMjUwODI3MDgzMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjYwNGQzZTY5NDE3ZTFiNDBiMDMwMjk5NWU0ZjNlYjgwMTYzZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DXPkz1BTa5oH4+C5KYYEtMJ5GuB
SYHN4xnRSd+ZVwtRwqUqVY9vmmnMGpUWAhemkaIInuB7HAbHnLtK0/y4EUsDwGL6
sL9QDF94wMWlN8G53XhPbf0zSRLocfqPVyqPJLw+L/1dEMs1kqhEv8ivZEtHGccU
f3Xp+qwUOT0Kw/YCfQmHsyvpsDag1B6aCiJhDs3SRZu3bswdpRxLu19NoPFNq+Ge
KHiH2kln3IWt0Df8sV6SBoEmREiWoXlDTkggcfiCokj6ubf3/74d8KCF4R4tGfwM
ICjxbV33V4ZyvBRQt3Zw2Ss/ZB5dEZzJrgXQcNoKfzLW8nQ3YJ69656+9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9gTT5pQX4bQLAwKZXk8+uAFj7DMB8GA1UdIwQY
MBaAFMCJ3i9C/PRKTaq2qCTBIKu4txZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0luZUwwTDg5RXBOcXJhb0pNRWdxN2kzRmwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS83YmI0MTYtYmE4Zi00OWE3LWI1YWEt
ZWUyZGMyODYwZDViLzEvSDJCTlBtbEJmaHRBc0RBcGxlVHo2NEFXUHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS83YmI0MTYtYmE4Zi00OWE3LWI1YWEtZWUyZGMyODYwZDVi
LzEvd0luZUwwTDg5RXBOcXJhb0pNRWdxN2kzRmwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubBAMA0G
CSqGSIb3DQEBCwUAA4IBAQCf93bf9XjhWJTGylgleAuV7I4AR4Dsgl/Q5g1t/qwC
BJO/ECmyBd6iKfoBOka8cm1R/XRvwJURVLWJyP5l/E71GfRfHbkVQzWBS2WSTXQa
1c1fG5ScfxIY/BVV2h/zSWLP3mZ5CmA4n08epznL6Pby7MG3Ak+jEYgfJlfimiVg
e9uPiSAbYRhwf78AUIfZY4oUNK4zMqiCNPzohYEVlhHfuLPYljL/se8TudulUhD6
2EsybQRBHyZdE1ygwEZ8q8V1LeiKhN4EOaM234cqr5tE+Xf76ZIcBUq16m1eevUp
M5jPGuF4EwbzYeZl1E+mbh4dhmc4l/XBNk8QQV10sTC3
-----END CERTIFICATE-----