Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/ji-mlSpBC_ldO2fH2xoveSznohQ.roa
File:                     ji-mlSpBC_ldO2fH2xoveSznohQ.roa (raw, json)
Hash identifier:          y40m1DQahvtjZ0nXGs/iy40JwpshjeqdE7p40jR78SQ=
Subject key identifier:   8E:2F:A6:95:2A:41:0B:F9:5D:3B:67:C7:DB:1A:2F:79:2C:E7:A2:14
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       01987FDFA5C02FB6EF7D54593FC644BE86BF
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/ji-mlSpBC_ldO2fH2xoveSznohQ.roa
Signing time:             Wed 06 Aug 2025 14:53:39 +0000
ROA not before:           Wed 06 Aug 2025 14:53:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34702
IP address blocks:        37.252.4.0/23 maxlen: 23
                          176.97.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:df:a5:c0:2f:b6:ef:7d:54:59:3f:c6:44:be:86:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: Aug  6 14:53:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e2fa6952a410bf95d3b67c7db1a2f792ce7a214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:2e:00:83:46:ce:1d:ec:15:e5:bb:89:3e:05:
                    c8:c6:1f:cd:9c:68:ff:d7:eb:00:f5:7c:23:6b:f5:
                    70:71:0e:ca:1c:44:bb:be:98:61:da:1d:ac:83:86:
                    ab:2e:af:89:a5:6e:74:96:b8:19:6b:a1:81:cd:13:
                    97:93:b8:eb:27:cf:8f:9a:ea:96:e8:21:f7:3d:42:
                    57:d2:c4:a6:22:fa:71:59:46:8c:31:94:fe:35:ee:
                    45:22:cc:c0:04:7a:3e:0f:53:5b:fb:62:b5:0a:3c:
                    1b:90:87:13:c8:14:71:98:91:e9:0d:9d:bd:69:6f:
                    f3:71:74:b5:55:9a:bf:46:9b:d8:f3:9f:89:ab:d0:
                    88:2a:77:c2:8d:6c:74:b6:d7:19:06:1a:02:bd:26:
                    80:62:cf:20:26:e9:5b:7e:40:fb:ae:80:63:3c:5f:
                    c5:53:b1:0f:b6:9f:aa:f8:30:e7:41:08:65:2b:bf:
                    bd:2e:e1:79:b9:d4:c8:c0:a7:e6:bd:8e:df:85:78:
                    5c:f0:f7:03:69:10:d4:e6:d5:ea:71:f7:5d:bb:9b:
                    2a:26:b8:80:da:ba:ee:0d:db:1c:01:a6:c4:4d:a0:
                    2d:b7:0f:2d:a8:74:c1:c7:43:7d:36:ed:aa:bf:37:
                    dd:bd:b3:40:fd:25:3f:96:7a:d0:63:cf:01:8b:d5:
                    46:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:2F:A6:95:2A:41:0B:F9:5D:3B:67:C7:DB:1A:2F:79:2C:E7:A2:14
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/ji-mlSpBC_ldO2fH2xoveSznohQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.4.0/23
                  176.97.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:51:60:29:37:ca:3a:b4:50:c5:63:33:52:1a:2a:e5:79:9f:
         8c:b7:38:88:70:38:a2:01:10:f2:8e:10:52:c8:09:1e:4c:02:
         26:f8:45:9f:40:34:84:e9:02:6b:0a:49:d3:0a:54:bc:47:03:
         f3:ce:3e:8e:c7:e3:ab:53:b0:1b:39:b4:05:b1:95:c4:1b:64:
         93:df:c9:02:d9:89:80:41:ec:54:7e:4b:69:f0:fb:08:7c:8f:
         85:9e:02:aa:81:49:dd:0b:50:44:23:23:0d:f2:59:90:ad:6f:
         5c:89:ed:02:bc:1e:ad:48:1e:5e:d5:04:92:73:1a:b3:b3:5f:
         43:3f:df:a6:7b:55:e7:31:54:a9:62:08:74:8d:de:bc:c3:73:
         83:2d:33:01:39:a6:da:99:9d:ae:66:7f:47:de:14:4d:f1:65:
         e6:37:34:59:32:cb:74:ab:c9:1e:d0:4b:47:87:ef:a3:ae:34:
         6e:d6:c6:8e:cf:8c:79:7a:73:fe:bf:9d:27:83:85:a0:e6:04:
         ba:20:ee:74:f4:ed:f6:38:ec:38:15:7d:fa:fe:d8:cc:b2:d8:
         30:02:fa:0c:e8:15:cd:cc:d9:12:89:9c:72:6c:16:46:e9:62:
         69:c1:34:72:a8:96:04:da:85:ce:48:d7:e4:f9:80:d5:45:2c:
         90:e4:b5:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZh/36XAL7bvfVRZP8ZEvoa/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjUwODA2MTQ1MzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTJmYTY5NTJhNDEwYmY5NWQzYjY3YzdkYjFhMmY3OTJjZTdhMjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5S4Ag0bOHewV5buJPgXIxh/NnGj/
1+sA9Xwja/VwcQ7KHES7vphh2h2sg4arLq+JpW50lrgZa6GBzROXk7jrJ8+PmuqW
6CH3PUJX0sSmIvpxWUaMMZT+Ne5FIszABHo+D1Nb+2K1CjwbkIcTyBRxmJHpDZ29
aW/zcXS1VZq/RpvY85+Jq9CIKnfCjWx0ttcZBhoCvSaAYs8gJulbfkD7roBjPF/F
U7EPtp+q+DDnQQhlK7+9LuF5udTIwKfmvY7fhXhc8PcDaRDU5tXqcfddu5sqJriA
2rruDdscAabETaAttw8tqHTBx0N9Nu2qvzfdvbNA/SU/lnrQY88Bi9VGmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI4vppUqQQv5XTtnx9saL3ks56IUMB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvamktbWxTcEJDX2xkTzJmSDJ4b3ZlU3pub2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJfwEAwQA
sGFKMA0GCSqGSIb3DQEBCwUAA4IBAQCPUWApN8o6tFDFYzNSGirleZ+MtziIcDii
ARDyjhBSyAkeTAIm+EWfQDSE6QJrCknTClS8RwPzzj6Ox+OrU7AbObQFsZXEG2ST
38kC2YmAQexUfktp8PsIfI+FngKqgUndC1BEIyMN8lmQrW9cie0CvB6tSB5e1QSS
cxqzs19DP9+me1XnMVSpYgh0jd68w3ODLTMBOabamZ2uZn9H3hRN8WXmNzRZMst0
q8ke0EtHh++jrjRu1saOz4x5enP+v50ng4Wg5gS6IO509O32OOw4FX36/tjMstgw
AvoM6BXNzNkSiZxybBZG6WJpwTRyqJYE2oXOSNfk+YDVRSyQ5LXm
-----END CERTIFICATE-----