Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ToE5L5Ia8LQXLCJHwIj0RC41VKs.roa
File:                     ToE5L5Ia8LQXLCJHwIj0RC41VKs.roa (raw, json)
Hash identifier:          TO5aQzUI52rUnjs30uKjopdlTP0r7veN3jO/p/fmjis=
Subject key identifier:   4E:81:39:2F:92:1A:F0:B4:17:2C:22:47:C0:88:F4:44:2E:35:54:AB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019870E86E4D93C230BE63ACF78603A596F7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ToE5L5Ia8LQXLCJHwIj0RC41VKs.roa
Signing time:             Sun 03 Aug 2025 17:08:57 +0000
ROA not before:           Sun 03 Aug 2025 17:08:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        81.168.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 05:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:70:e8:6e:4d:93:c2:30:be:63:ac:f7:86:03:a5:96:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug  3 17:08:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e81392f921af0b4172c2247c088f4442e3554ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:51:1b:6f:1b:48:50:e0:b2:c4:d5:e3:c5:cd:
                    bb:01:97:64:b1:89:88:90:2e:3a:c1:48:20:48:71:
                    89:48:c5:59:8c:c7:95:3d:9b:3d:61:d2:65:66:ad:
                    e9:41:2c:eb:bc:2b:6e:23:8d:60:e5:76:78:4f:90:
                    35:d9:47:dc:43:a2:c5:a2:a9:5d:44:b6:04:26:cc:
                    53:dc:36:cb:75:d9:db:85:23:dc:ef:f5:b3:60:be:
                    8e:5d:ee:77:7d:b5:54:d3:e0:5e:00:58:16:16:2c:
                    55:de:2f:73:f1:44:1c:85:92:6a:2b:54:78:e4:8a:
                    cd:ef:94:7d:a8:66:9e:f1:6c:04:06:02:37:80:11:
                    b7:7c:ad:3f:17:6c:d6:f9:b3:db:5d:33:20:86:50:
                    bb:a1:4e:87:19:a7:f4:49:ac:d9:a5:10:37:b6:5c:
                    fb:b9:75:59:41:f6:e1:92:61:23:61:2c:4a:b6:8c:
                    a9:d2:ef:6d:4b:f5:ad:70:0a:23:70:ac:af:98:9f:
                    6b:d4:da:ca:81:30:a9:a9:ab:c4:6a:8f:de:df:60:
                    a9:e9:e3:de:a8:0b:3d:5f:2a:65:c4:4f:22:a4:ee:
                    f5:d6:e9:f6:fd:96:85:30:e4:55:c6:08:0e:38:dc:
                    0b:7e:49:78:74:c7:03:b0:8f:84:c8:54:c7:e4:da:
                    9c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:81:39:2F:92:1A:F0:B4:17:2C:22:47:C0:88:F4:44:2E:35:54:AB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ToE5L5Ia8LQXLCJHwIj0RC41VKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:4b:6f:11:ba:50:61:59:3c:fd:86:21:1b:6b:e8:a6:e7:81:
         91:07:47:62:45:26:4e:c1:9b:3b:70:04:ea:23:1c:d2:93:db:
         88:e2:0b:d4:90:a0:e4:08:54:a8:72:24:1b:ae:7e:c9:ca:37:
         ff:10:b7:8c:d9:7c:8b:7e:b9:84:94:bb:d4:3e:0c:9e:a4:4b:
         c1:bc:b1:20:64:15:e3:b6:51:7e:3a:8c:05:1d:4b:87:ba:24:
         3c:7a:53:e0:4f:64:fa:7a:1e:7d:0d:8e:cf:b3:71:71:87:8a:
         48:0f:b8:3c:ca:ea:22:ff:dc:fb:19:be:5d:01:4e:c0:5c:8a:
         0e:0e:e0:c1:bc:b7:9e:be:ce:d1:1a:58:1c:46:7f:60:02:60:
         c3:7e:ab:99:fb:7a:0c:35:6c:20:3c:16:e5:de:01:de:05:aa:
         e9:98:f6:d7:74:e0:e9:aa:23:32:f3:2d:89:68:5e:b0:a4:95:
         de:ab:d5:19:d7:a8:7d:9e:1d:0b:d0:2d:b8:e3:42:aa:ed:d1:
         6d:1f:f0:25:b9:96:32:d2:a0:3d:79:4c:37:81:c4:d3:df:73:
         ba:69:35:f9:99:10:74:10:8f:bf:7a:54:fb:59:ee:36:0f:97:
         3e:59:0b:c7:aa:4b:64:62:35:d5:e8:e2:87:0e:0b:23:50:d4:
         a5:86:7a:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhw6G5Nk8IwvmOs94YDpZb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODAzMTcwODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTgxMzkyZjkyMWFmMGI0MTcyYzIyNDdjMDg4ZjQ0NDJlMzU1NGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlEbbxtIUOCyxNXjxc27AZdksYmI
kC46wUggSHGJSMVZjMeVPZs9YdJlZq3pQSzrvCtuI41g5XZ4T5A12UfcQ6LFoqld
RLYEJsxT3DbLddnbhSPc7/WzYL6OXe53fbVU0+BeAFgWFixV3i9z8UQchZJqK1R4
5IrN75R9qGae8WwEBgI3gBG3fK0/F2zW+bPbXTMghlC7oU6HGaf0SazZpRA3tlz7
uXVZQfbhkmEjYSxKtoyp0u9tS/WtcAojcKyvmJ9r1NrKgTCpqavEao/e32Cp6ePe
qAs9XyplxE8ipO711un2/ZaFMORVxggOONwLfkl4dMcDsI+EyFTH5NqcCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6BOS+SGvC0FywiR8CI9EQuNVSrMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVG9FNUw1SWE4TFFYTENKSHdJajBSQzQxVktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUaggMA0G
CSqGSIb3DQEBCwUAA4IBAQA0S28RulBhWTz9hiEba+im54GRB0diRSZOwZs7cATq
IxzSk9uI4gvUkKDkCFSociQbrn7Jyjf/ELeM2XyLfrmElLvUPgyepEvBvLEgZBXj
tlF+OowFHUuHuiQ8elPgT2T6eh59DY7Ps3Fxh4pID7g8yuoi/9z7Gb5dAU7AXIoO
DuDBvLeevs7RGlgcRn9gAmDDfquZ+3oMNWwgPBbl3gHeBarpmPbXdODpqiMy8y2J
aF6wpJXeq9UZ16h9nh0L0C2440Kq7dFtH/AluZYy0qA9eUw3gcTT33O6aTX5mRB0
EI+/elT7We42D5c+WQvHqktkYjXV6OKHDgsjUNSlhnpM
-----END CERTIFICATE-----