Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/X7ahkfnEmFaoSYLOkH6cvJszqAg.roa
File:                     X7ahkfnEmFaoSYLOkH6cvJszqAg.roa (raw, json)
Hash identifier:          ZBhNnLeojHM3Ik+UYPBHPI1QecqQNM70yRSZf67cmJY=
Subject key identifier:   5F:B6:A1:91:F9:C4:98:56:A8:49:82:CE:90:7E:9C:BC:9B:33:A8:08
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0198752D2866455258C834E19F226C56FA97
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/X7ahkfnEmFaoSYLOkH6cvJszqAg.roa
Signing time:             Mon 04 Aug 2025 13:02:30 +0000
ROA not before:           Mon 04 Aug 2025 13:02:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42956
IP address blocks:        37.60.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 07:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:2d:28:66:45:52:58:c8:34:e1:9f:22:6c:56:fa:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug  4 13:02:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fb6a191f9c49856a84982ce907e9cbc9b33a808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:06:60:67:91:b9:3b:b3:d0:67:82:ff:8a:49:
                    cb:55:6d:de:b8:11:30:28:c0:79:f3:24:6c:5e:a9:
                    7e:e5:43:16:11:80:26:3d:8a:ac:07:a2:8e:6c:6b:
                    32:f2:69:9b:38:dc:9c:13:0e:53:be:d5:78:a9:eb:
                    d3:f1:3c:df:07:ab:89:ad:9b:a9:8d:52:e3:5b:45:
                    91:1a:71:3c:f1:ab:b7:ee:f5:bd:8a:af:26:16:ca:
                    cb:0c:47:e9:95:f1:56:d1:a2:63:28:d4:8c:5f:12:
                    15:cc:1e:9f:3e:d8:9f:30:be:f0:5f:4b:62:96:0f:
                    fb:7e:2c:b4:8e:d0:99:91:88:2e:17:13:34:20:e2:
                    0b:18:39:79:8d:26:6d:ae:c2:71:bc:29:a8:02:40:
                    0e:10:c2:f9:b2:b2:20:4f:d5:48:a1:6b:72:d3:d3:
                    3c:64:e5:c2:6a:74:cf:0c:74:9c:51:94:69:f8:cf:
                    19:da:cc:8f:cc:f5:72:1b:48:d5:78:5a:34:96:fc:
                    a7:96:e2:af:ca:48:20:2b:03:5f:51:1e:74:34:88:
                    f9:10:5e:5b:fd:1b:55:6e:ae:82:3f:d6:de:e2:17:
                    35:d7:c2:2c:f2:79:4e:73:b8:6f:c7:88:08:9a:01:
                    70:01:1a:74:c1:42:c2:4d:1f:c3:22:b9:26:f9:fc:
                    8b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B6:A1:91:F9:C4:98:56:A8:49:82:CE:90:7E:9C:BC:9B:33:A8:08
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/X7ahkfnEmFaoSYLOkH6cvJszqAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:2e:cf:40:bf:c6:cf:72:71:4f:45:66:b1:19:12:2d:4d:f8:
         42:7c:93:05:c2:89:a1:9c:18:5d:8b:89:04:1d:11:75:ed:48:
         88:5a:67:b2:31:e1:a7:b3:66:e1:3f:1e:00:47:fa:2a:a1:56:
         33:cd:b6:52:f4:dc:74:a7:38:3f:a7:8d:33:45:ab:6f:96:71:
         f3:eb:ad:48:b0:7e:4a:7a:a9:97:45:f8:2c:05:17:ed:be:43:
         02:fa:a9:34:41:11:8a:6a:8e:37:6a:c8:55:60:61:a2:7a:16:
         3f:f8:3e:29:6d:82:a0:25:4c:c1:df:c6:c3:86:d8:87:4b:b0:
         1f:40:a7:70:a3:a6:1a:ec:ba:1d:af:a8:b0:09:0c:c4:f4:92:
         86:17:89:10:8c:ba:a2:d5:c5:88:74:1b:e5:f2:05:c8:10:30:
         ef:76:67:0c:e8:65:af:2a:55:bb:ff:64:e8:d4:1b:e4:17:ad:
         b1:94:23:d2:87:a7:4c:38:00:6a:c7:7a:e9:88:18:31:65:d2:
         2b:89:67:f5:9c:4b:74:82:f6:22:f2:08:bd:21:cf:dc:da:77:
         05:bd:41:15:5d:b8:39:2e:20:78:0b:8e:c4:79:f3:ee:a0:8f:
         2b:e9:c3:4b:e8:37:aa:5f:ca:b7:4f:46:d6:18:3c:2b:0e:8e:
         8a:50:0e:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh1LShmRVJYyDThnyJsVvqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwODA0MTMwMjMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI2YTE5MWY5YzQ5ODU2YTg0OTgyY2U5MDdlOWNiYzliMzNhODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAZgZ5G5O7PQZ4L/iknLVW3euBEw
KMB58yRsXql+5UMWEYAmPYqsB6KObGsy8mmbONycEw5TvtV4qevT8TzfB6uJrZup
jVLjW0WRGnE88au37vW9iq8mFsrLDEfplfFW0aJjKNSMXxIVzB6fPtifML7wX0ti
lg/7fiy0jtCZkYguFxM0IOILGDl5jSZtrsJxvCmoAkAOEML5srIgT9VIoWty09M8
ZOXCanTPDHScUZRp+M8Z2syPzPVyG0jVeFo0lvynluKvykggKwNfUR50NIj5EF5b
/RtVbq6CP9be4hc118Is8nlOc7hvx4gImgFwARp0wULCTR/DIrkm+fyL/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+2oZH5xJhWqEmCzpB+nLybM6gIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWDdhaGtmbkVtRmFvU1lMT2tINmN2SnN6cUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJTyMMA0G
CSqGSIb3DQEBCwUAA4IBAQAVLs9Av8bPcnFPRWaxGRItTfhCfJMFwomhnBhdi4kE
HRF17UiIWmeyMeGns2bhPx4AR/oqoVYzzbZS9Nx0pzg/p40zRatvlnHz661IsH5K
eqmXRfgsBRftvkMC+qk0QRGKao43ashVYGGiehY/+D4pbYKgJUzB38bDhtiHS7Af
QKdwo6Ya7Lodr6iwCQzE9JKGF4kQjLqi1cWIdBvl8gXIEDDvdmcM6GWvKlW7/2To
1BvkF62xlCPSh6dMOABqx3rpiBgxZdIriWf1nEt0gvYi8gi9Ic/c2ncFvUEVXbg5
LiB4C47EefPuoI8r6cNL6DeqX8q3T0bWGDwrDo6KUA4D
-----END CERTIFICATE-----