Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/50rNnFjazBYlu5lhZ-PnYemFhBU.roa
File:                     50rNnFjazBYlu5lhZ-PnYemFhBU.roa (raw, json)
Hash identifier:          TBn3PnK+MHsgG76RW1zj1H988aqSsXlA0MWIu2a6Dcs=
Subject key identifier:   E7:4A:CD:9C:58:DA:CC:16:25:BB:99:61:67:E3:E7:61:E9:85:84:15
Certificate issuer:       /CN=ac9092bbc2cacae247774f62b0fdbdc44a974cf2
Certificate serial:       0198559261861DA48CB06A7017649A9A17BC
Authority key identifier: AC:90:92:BB:C2:CA:CA:E2:47:77:4F:62:B0:FD:BD:C4:4A:97:4C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJCSu8LKyuJHd09isP29xEqXTPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/50rNnFjazBYlu5lhZ-PnYemFhBU.roa
Signing time:             Tue 29 Jul 2025 09:45:13 +0000
ROA not before:           Tue 29 Jul 2025 09:45:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.206.124.0/24 maxlen: 24
                          185.206.126.0/24 maxlen: 24
                          185.206.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/rJCSu8LKyuJHd09isP29xEqXTPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/rJCSu8LKyuJHd09isP29xEqXTPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJCSu8LKyuJHd09isP29xEqXTPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:92:61:86:1d:a4:8c:b0:6a:70:17:64:9a:9a:17:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9092bbc2cacae247774f62b0fdbdc44a974cf2
        Validity
            Not Before: Jul 29 09:45:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e74acd9c58dacc1625bb996167e3e761e9858415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:44:4f:63:89:e2:e1:9e:7c:4e:fb:be:09:de:
                    c2:28:96:34:0b:9b:eb:e6:87:e4:ab:88:b6:5a:66:
                    e6:87:4e:07:37:c4:a9:43:1f:a5:ab:cd:79:f9:02:
                    1e:3d:c0:2a:3a:3f:01:b5:30:aa:44:5e:e7:ba:d9:
                    40:ca:d1:12:07:4d:a6:50:7f:df:aa:f6:4e:5e:68:
                    b5:b1:94:38:7e:df:fc:7f:a7:fc:f6:3f:de:16:0d:
                    36:ef:89:d8:05:85:55:5d:67:82:23:c8:5f:66:ed:
                    74:02:4f:5d:89:94:79:6d:5a:54:c0:ed:51:ef:b2:
                    07:14:e1:ee:e8:59:08:35:c7:e3:6f:3c:72:94:34:
                    8b:eb:c6:b7:f7:85:1c:5e:6d:89:73:28:7f:6c:31:
                    20:48:df:47:16:8d:df:3c:fb:31:6a:2c:f2:10:e0:
                    29:bc:25:82:8b:e6:ce:5a:30:7a:0b:b8:e6:c0:80:
                    7e:7e:0c:90:f7:82:59:ab:a1:8f:b3:08:cd:fd:4b:
                    35:99:43:8e:b0:aa:49:be:3c:27:24:df:71:52:12:
                    47:a5:43:bb:88:93:ce:36:50:87:6f:29:09:15:f1:
                    7a:fe:c1:21:46:00:00:6b:eb:60:d6:8f:84:19:cd:
                    d8:e2:56:83:f5:4e:d1:f0:42:85:55:99:f3:09:2f:
                    4d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:4A:CD:9C:58:DA:CC:16:25:BB:99:61:67:E3:E7:61:E9:85:84:15
            X509v3 Authority Key Identifier:
                keyid:AC:90:92:BB:C2:CA:CA:E2:47:77:4F:62:B0:FD:BD:C4:4A:97:4C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJCSu8LKyuJHd09isP29xEqXTPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/50rNnFjazBYlu5lhZ-PnYemFhBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/rJCSu8LKyuJHd09isP29xEqXTPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.124.0/24
                  185.206.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:29:0a:b6:99:d7:fb:0a:2c:47:d3:e2:2b:1b:73:04:0a:11:
         52:57:1b:3e:b8:96:47:f0:1d:83:81:83:cc:5d:55:f4:7d:fb:
         53:8c:69:69:c8:44:7d:89:d3:00:a5:7b:e0:0d:9d:b2:9a:95:
         4c:dd:1e:2c:14:4c:a2:e8:1f:26:3f:b6:44:c8:c6:ef:38:06:
         81:0a:ce:f5:9e:ae:31:c1:9b:5b:20:3f:8c:1e:b7:d7:af:bd:
         72:4b:ba:2d:19:5f:20:e2:46:82:cc:f3:ee:63:06:f3:3e:6e:
         d2:90:38:38:d1:3c:fe:ac:e9:15:a5:b1:e6:3b:93:82:47:c8:
         b3:3c:7c:32:fe:40:58:40:0f:58:0a:57:f7:ab:48:ce:85:ce:
         f0:a2:9c:68:3c:c5:73:d9:56:cc:3a:1b:06:99:dc:73:df:41:
         82:29:51:ff:f3:0f:53:90:3a:90:97:82:82:ac:84:9a:e2:2b:
         4c:06:90:41:9e:f9:e3:95:89:8c:c6:79:0b:14:04:79:b7:12:
         25:ff:3c:06:ae:db:0b:02:e7:0e:ed:a0:9f:98:a7:cc:69:40:
         93:27:00:31:5c:e8:b1:17:b6:04:33:51:78:96:26:14:36:7c:
         e3:2e:ec:69:20:55:4d:21:dc:a8:2f:6c:22:a8:38:d6:45:aa:
         81:62:ed:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhVkmGGHaSMsGpwF2Samhe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOTA5MmJiYzJjYWNhZTI0Nzc3NGY2MmIwZmRiZGM0NGE5
NzRjZjIwHhcNMjUwNzI5MDk0NTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzRhY2Q5YzU4ZGFjYzE2MjViYjk5NjE2N2UzZTc2MWU5ODU4NDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4URPY4ni4Z58Tvu+Cd7CKJY0C5vr
5ofkq4i2Wmbmh04HN8SpQx+lq815+QIePcAqOj8BtTCqRF7nutlAytESB02mUH/f
qvZOXmi1sZQ4ft/8f6f89j/eFg0274nYBYVVXWeCI8hfZu10Ak9diZR5bVpUwO1R
77IHFOHu6FkINcfjbzxylDSL68a394UcXm2Jcyh/bDEgSN9HFo3fPPsxaizyEOAp
vCWCi+bOWjB6C7jmwIB+fgyQ94JZq6GPswjN/Us1mUOOsKpJvjwnJN9xUhJHpUO7
iJPONlCHbykJFfF6/sEhRgAAa+tg1o+EGc3Y4laD9U7R8EKFVZnzCS9NywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOdKzZxY2swWJbuZYWfj52HphYQVMB8GA1UdIwQY
MBaAFKyQkrvCysriR3dPYrD9vcRKl0zyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckpDU3U4TEt5dUpIZDA5aXNQMjl4RXFYVFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9jOTYzNDktMGEyMi00MjQ3LTk5NDMt
YTNmYzE5NmFhYmIzLzEvNTByTm5GamF6QllsdTVsaFotUG5ZZW1GaEJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9jOTYzNDktMGEyMi00MjQ3LTk5NDMtYTNmYzE5NmFhYmIz
LzEvckpDU3U4TEt5dUpIZDA5aXNQMjl4RXFYVFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuc58AwQB
uc5+MA0GCSqGSIb3DQEBCwUAA4IBAQBIKQq2mdf7CixH0+IrG3MEChFSVxs+uJZH
8B2DgYPMXVX0fftTjGlpyER9idMApXvgDZ2ympVM3R4sFEyi6B8mP7ZEyMbvOAaB
Cs71nq4xwZtbID+MHrfXr71yS7otGV8g4kaCzPPuYwbzPm7SkDg40Tz+rOkVpbHm
O5OCR8izPHwy/kBYQA9YClf3q0jOhc7wopxoPMVz2VbMOhsGmdxz30GCKVH/8w9T
kDqQl4KCrISa4itMBpBBnvnjlYmMxnkLFAR5txIl/zwGrtsLAucO7aCfmKfMaUCT
JwAxXOixF7YEM1F4liYUNnzjLuxpIFVNIdyoL2wiqDjWRaqBYu3H
-----END CERTIFICATE-----