Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2ef040-a617-4c91-8038-3d485b7cdf5c/1/j8bQQ_2ixu-vog4cLNKhBgofx1M.roa
File:                     j8bQQ_2ixu-vog4cLNKhBgofx1M.roa (raw, json)
Hash identifier:          v4k62I4wJVyjDK80IFPhBu/XJr/LGdFEyW7xkPuyAOU=
Subject key identifier:   8F:C6:D0:43:FD:A2:C6:EF:AF:A2:0E:1C:2C:D2:A1:06:0A:1F:C7:53
Certificate issuer:       /CN=bbf7f3bfb4ed53e59cef8c4584b627470b60a820
Certificate serial:       01986A1617158F32A2ED39927D738BCC0E51
Authority key identifier: BB:F7:F3:BF:B4:ED:53:E5:9C:EF:8C:45:84:B6:27:47:0B:60:A8:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_fzv7TtU-Wc74xFhLYnRwtgqCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2ef040-a617-4c91-8038-3d485b7cdf5c/1/j8bQQ_2ixu-vog4cLNKhBgofx1M.roa
Signing time:             Sat 02 Aug 2025 09:21:29 +0000
ROA not before:           Sat 02 Aug 2025 09:21:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        194.104.28.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2ef040-a617-4c91-8038-3d485b7cdf5c/1/u_fzv7TtU-Wc74xFhLYnRwtgqCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2ef040-a617-4c91-8038-3d485b7cdf5c/1/u_fzv7TtU-Wc74xFhLYnRwtgqCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_fzv7TtU-Wc74xFhLYnRwtgqCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6a:16:17:15:8f:32:a2:ed:39:92:7d:73:8b:cc:0e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf7f3bfb4ed53e59cef8c4584b627470b60a820
        Validity
            Not Before: Aug  2 09:21:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fc6d043fda2c6efafa20e1c2cd2a1060a1fc753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:fa:f2:0b:37:d5:03:8a:6f:3f:01:b2:ef:d6:
                    fe:fa:f2:bd:61:2a:a9:22:d6:23:d9:b8:23:43:4e:
                    cf:b2:69:77:57:44:d2:0a:12:70:3d:cf:3d:8a:79:
                    2d:84:1f:9b:cc:1d:e0:18:09:7c:1d:b7:b1:08:37:
                    19:2a:b8:c0:af:6c:1e:be:b0:67:ae:72:f7:d5:15:
                    1c:77:c1:b2:33:be:0e:69:5b:62:4c:6a:66:25:f7:
                    f8:fc:45:f5:3e:02:67:58:c5:09:47:ee:6c:e7:56:
                    33:8f:e7:e9:c1:0c:60:cc:a8:eb:45:83:85:a8:c4:
                    d0:ad:8b:9b:06:fb:f6:9c:fa:99:dd:ec:95:82:bb:
                    55:62:f3:0e:d7:c3:2d:94:2f:22:e9:5a:c5:23:c3:
                    5b:78:cd:95:d3:92:e0:4f:bc:be:91:2f:d5:52:ab:
                    4c:bc:93:a3:55:1f:89:26:0a:34:4e:2e:ec:36:2c:
                    de:c5:20:29:12:69:64:7c:e5:00:8f:57:06:09:e4:
                    ae:ac:33:0e:93:50:4f:e3:d7:ba:47:58:a9:28:7c:
                    d5:ca:66:eb:8f:d5:78:6e:46:56:3d:db:09:23:39:
                    85:be:8a:5d:d6:d4:bf:1d:3f:e9:88:c3:a8:36:12:
                    ba:0f:49:cc:0b:c2:17:c2:a7:6b:f4:88:10:02:74:
                    ed:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:C6:D0:43:FD:A2:C6:EF:AF:A2:0E:1C:2C:D2:A1:06:0A:1F:C7:53
            X509v3 Authority Key Identifier:
                keyid:BB:F7:F3:BF:B4:ED:53:E5:9C:EF:8C:45:84:B6:27:47:0B:60:A8:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_fzv7TtU-Wc74xFhLYnRwtgqCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2ef040-a617-4c91-8038-3d485b7cdf5c/1/j8bQQ_2ixu-vog4cLNKhBgofx1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2ef040-a617-4c91-8038-3d485b7cdf5c/1/u_fzv7TtU-Wc74xFhLYnRwtgqCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:f7:96:ec:7a:c4:31:1e:ef:70:47:fe:13:8b:ad:5c:3a:92:
         2d:08:c6:01:ea:51:c9:87:be:8d:f9:4e:87:22:0d:d7:57:bf:
         40:7f:fa:b8:94:2c:40:e3:e2:0d:e9:f7:f3:b5:97:05:86:f9:
         4a:82:66:7d:26:58:f4:bb:f2:7f:0a:43:22:1f:89:e8:a5:69:
         47:0b:fe:b8:db:19:f3:14:24:cc:82:0d:c8:be:ca:9a:d1:ce:
         70:18:97:9e:60:36:55:c5:08:40:22:a4:64:aa:fe:f1:52:ec:
         60:aa:0b:3a:28:76:2d:f9:3f:cb:1b:13:8a:f5:95:9d:ee:99:
         53:b1:34:6e:e9:18:7d:fa:d8:e1:49:97:aa:8c:d7:f3:97:14:
         df:5d:46:2a:4a:54:58:cc:c1:a4:54:18:30:99:82:63:9b:ad:
         b0:a3:59:2c:6d:fd:6d:71:70:bc:9c:57:31:57:06:3d:ca:78:
         05:58:ff:6f:5e:e4:31:b6:01:4e:1f:ec:94:2a:05:e4:11:8a:
         b8:cb:0c:df:ed:45:27:b5:17:4b:c2:15:1b:eb:ae:1f:e7:1d:
         6f:1d:5b:25:6c:1c:09:91:1e:31:35:f0:5d:e5:ad:40:8f:60:
         d8:ac:41:13:cd:85:d9:c2:20:04:78:13:74:6e:57:66:5f:f3:
         0a:e2:d4:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhqFhcVjzKi7TmSfXOLzA5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjdmM2JmYjRlZDUzZTU5Y2VmOGM0NTg0YjYyNzQ3MGI2
MGE4MjAwHhcNMjUwODAyMDkyMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmM2ZDA0M2ZkYTJjNmVmYWZhMjBlMWMyY2QyYTEwNjBhMWZjNzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvryCzfVA4pvPwGy79b++vK9YSqp
ItYj2bgjQ07Psml3V0TSChJwPc89inkthB+bzB3gGAl8HbexCDcZKrjAr2wevrBn
rnL31RUcd8GyM74OaVtiTGpmJff4/EX1PgJnWMUJR+5s51Yzj+fpwQxgzKjrRYOF
qMTQrYubBvv2nPqZ3eyVgrtVYvMO18MtlC8i6VrFI8NbeM2V05LgT7y+kS/VUqtM
vJOjVR+JJgo0Ti7sNizexSApEmlkfOUAj1cGCeSurDMOk1BP49e6R1ipKHzVymbr
j9V4bkZWPdsJIzmFvopd1tS/HT/piMOoNhK6D0nMC8IXwqdr9IgQAnTtzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/G0EP9osbvr6IOHCzSoQYKH8dTMB8GA1UdIwQY
MBaAFLv387+07VPlnO+MRYS2J0cLYKggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9menY3VHRVLVdjNzR4RmhMWW5Sd3RncUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yZWYwNDAtYTYxNy00YzkxLTgwMzgt
M2Q0ODViN2NkZjVjLzEvajhiUVFfMml4dS12b2c0Y0xOS2hCZ29meDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yZWYwNDAtYTYxNy00YzkxLTgwMzgtM2Q0ODViN2NkZjVj
LzEvdV9menY3VHRVLVdjNzR4RmhMWW5Sd3RncUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwmgcMA0G
CSqGSIb3DQEBCwUAA4IBAQCf95bsesQxHu9wR/4Ti61cOpItCMYB6lHJh76N+U6H
Ig3XV79Af/q4lCxA4+IN6ffztZcFhvlKgmZ9Jlj0u/J/CkMiH4nopWlHC/642xnz
FCTMgg3Ivsqa0c5wGJeeYDZVxQhAIqRkqv7xUuxgqgs6KHYt+T/LGxOK9ZWd7plT
sTRu6Rh9+tjhSZeqjNfzlxTfXUYqSlRYzMGkVBgwmYJjm62wo1ksbf1tcXC8nFcx
VwY9yngFWP9vXuQxtgFOH+yUKgXkEYq4ywzf7UUntRdLwhUb664f5x1vHVslbBwJ
kR4xNfBd5a1Aj2DYrEETzYXZwiAEeBN0bldmX/MK4tTj
-----END CERTIFICATE-----