Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/_h3FGAhO3fVXS5xwWldFCoCGTk8.roa
File:                     _h3FGAhO3fVXS5xwWldFCoCGTk8.roa (raw, json)
Hash identifier:          csfcVsaCewEHGOnoGemFfnFrqe3f8adfupDygaqxPac=
Subject key identifier:   FE:1D:C5:18:08:4E:DD:F5:57:4B:9C:70:5A:57:45:0A:80:86:4E:4F
Certificate issuer:       /CN=729ca63e6d2b504449217dc0788c9d37489b4c45
Certificate serial:       0198513ACE046A0CCC0A15E188E5062CDEFD
Authority key identifier: 72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/_h3FGAhO3fVXS5xwWldFCoCGTk8.roa
Signing time:             Mon 28 Jul 2025 13:31:04 +0000
ROA not before:           Mon 28 Jul 2025 13:31:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        212.108.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 07:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:51:3a:ce:04:6a:0c:cc:0a:15:e1:88:e5:06:2c:de:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=729ca63e6d2b504449217dc0788c9d37489b4c45
        Validity
            Not Before: Jul 28 13:31:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe1dc518084eddf5574b9c705a57450a80864e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:85:ef:5f:b6:8d:8e:7f:07:e6:1d:82:64:2b:
                    7a:f7:ab:90:9f:60:02:8f:ef:25:7a:dd:eb:01:ef:
                    d0:8f:81:91:a3:a5:bc:eb:4e:b8:ca:61:eb:c1:f0:
                    44:2f:1d:69:62:eb:8a:de:32:f0:a2:8d:3d:30:28:
                    ae:cf:8c:c8:49:d4:0e:ad:8c:e6:19:63:73:4f:7d:
                    c0:61:b6:5c:d0:4c:34:ed:26:8e:b8:aa:00:20:a2:
                    8a:6f:28:f1:43:59:19:35:9f:22:6e:4b:20:ef:82:
                    5c:06:43:c7:8c:56:eb:7e:c4:e5:2f:84:c6:18:fa:
                    ed:84:6c:af:9e:97:16:b1:7a:fc:f8:a4:9f:8f:99:
                    e8:c2:5b:b1:9b:f3:92:dd:a7:fa:98:52:b0:8f:f9:
                    66:ea:8b:cb:25:c7:bb:1a:92:38:2d:de:86:80:b6:
                    4d:02:dd:a8:87:51:5d:75:1e:29:5b:a2:e7:08:97:
                    15:58:13:3e:a1:37:b9:8b:61:91:db:d2:8e:cd:64:
                    e2:cd:1f:f7:1f:e4:a6:4c:e7:54:53:d1:66:0e:ee:
                    c8:72:5c:a4:96:5d:7d:5d:43:67:77:17:55:64:84:
                    f7:e1:bc:79:35:ad:ee:41:ee:6b:7f:d3:96:cb:db:
                    15:85:1d:ab:2b:59:04:78:e0:fe:20:35:0d:17:74:
                    7c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:1D:C5:18:08:4E:DD:F5:57:4B:9C:70:5A:57:45:0A:80:86:4E:4F
            X509v3 Authority Key Identifier:
                keyid:72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/_h3FGAhO3fVXS5xwWldFCoCGTk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:6a:e1:93:47:92:c0:d3:f2:b1:0e:f2:c6:d0:cb:73:9b:bd:
         92:32:92:bb:f6:57:db:df:09:88:a0:41:76:f9:9c:cf:3f:7f:
         54:4d:e7:d1:7a:be:ef:f3:48:6f:d5:1d:29:ce:2d:d1:93:b8:
         21:ca:aa:0a:5f:0d:3c:2b:32:a1:1d:a0:43:38:e6:62:c2:1e:
         7e:30:c1:01:a1:ae:0d:c8:d3:ab:d0:e4:80:36:bd:f6:85:be:
         8d:8d:8b:ca:05:82:99:18:c6:0c:c4:e4:b6:c3:2e:de:4e:5c:
         ba:cd:50:68:d4:af:8b:4d:0b:3b:6d:34:51:bc:59:d1:b8:9b:
         19:d8:8a:7a:44:45:76:8f:e0:90:01:fd:ab:fe:de:0f:be:a7:
         6a:c6:77:7d:4a:21:d6:db:b9:24:2e:e9:35:6e:9e:79:77:9d:
         bc:23:fe:7c:f8:3f:00:33:82:f4:80:5a:55:a0:06:5c:95:c1:
         db:08:77:6d:98:d8:91:30:07:2c:e9:f7:42:5d:e0:ab:f4:2b:
         35:18:0c:9c:04:64:e6:b8:cd:d1:35:d4:52:45:15:ba:d2:11:
         40:81:a6:fe:b5:6d:f1:fc:41:b3:7f:30:5a:29:6b:1c:34:a3:
         4a:e9:0a:1f:b9:43:e0:b8:18:19:8a:b6:40:57:e6:f1:60:be:
         dc:44:9e:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhROs4EagzMChXhiOUGLN79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOWNhNjNlNmQyYjUwNDQ0OTIxN2RjMDc4OGM5ZDM3NDg5
YjRjNDUwHhcNMjUwNzI4MTMzMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTFkYzUxODA4NGVkZGY1NTc0YjljNzA1YTU3NDUwYTgwODY0ZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoXvX7aNjn8H5h2CZCt696uQn2AC
j+8let3rAe/Qj4GRo6W86064ymHrwfBELx1pYuuK3jLwoo09MCiuz4zISdQOrYzm
GWNzT33AYbZc0Ew07SaOuKoAIKKKbyjxQ1kZNZ8ibksg74JcBkPHjFbrfsTlL4TG
GPrthGyvnpcWsXr8+KSfj5nowluxm/OS3af6mFKwj/lm6ovLJce7GpI4Ld6GgLZN
At2oh1FddR4pW6LnCJcVWBM+oTe5i2GR29KOzWTizR/3H+SmTOdUU9FmDu7Iclyk
ll19XUNndxdVZIT34bx5Na3uQe5rf9OWy9sVhR2rK1kEeOD+IDUNF3R8WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4dxRgITt31V0uccFpXRQqAhk5PMB8GA1UdIwQY
MBaAFHKcpj5tK1BESSF9wHiMnTdIm0xFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2Ut
NTU5ZTNkNzZjNWI2LzEvX2gzRkdBaE8zZlZYUzV4d1dsZEZDb0NHVGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2UtNTU5ZTNkNzZjNWI2
LzEvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxiMA0G
CSqGSIb3DQEBCwUAA4IBAQAFauGTR5LA0/KxDvLG0Mtzm72SMpK79lfb3wmIoEF2
+ZzPP39UTefRer7v80hv1R0pzi3Rk7ghyqoKXw08KzKhHaBDOOZiwh5+MMEBoa4N
yNOr0OSANr32hb6NjYvKBYKZGMYMxOS2wy7eTly6zVBo1K+LTQs7bTRRvFnRuJsZ
2Ip6REV2j+CQAf2r/t4Pvqdqxnd9SiHW27kkLuk1bp55d528I/58+D8AM4L0gFpV
oAZclcHbCHdtmNiRMAcs6fdCXeCr9Cs1GAycBGTmuM3RNdRSRRW60hFAgab+tW3x
/EGzfzBaKWscNKNK6QofuUPguBgZirZAV+bxYL7cRJ77
-----END CERTIFICATE-----