Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/jP0oG4-lTwdPgvwQsai3xzsKBUA.roa
File:                     jP0oG4-lTwdPgvwQsai3xzsKBUA.roa (raw, json)
Hash identifier:          cwxrU32A7FjEaD6Xb0+naWkVMI0iVDnV1C3ohgsG2Sc=
Subject key identifier:   8C:FD:28:1B:8F:A5:4F:07:4F:82:FC:10:B1:A8:B7:C7:3B:0A:05:40
Certificate issuer:       /CN=70a76929cbe21cedd94c012ba58bb0b6f129722e
Certificate serial:       019874CB2CB9A89AA3039428FAD14F31EA78
Authority key identifier: 70:A7:69:29:CB:E2:1C:ED:D9:4C:01:2B:A5:8B:B0:B6:F1:29:72:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/jP0oG4-lTwdPgvwQsai3xzsKBUA.roa
Signing time:             Mon 04 Aug 2025 11:15:28 +0000
ROA not before:           Mon 04 Aug 2025 11:15:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6893
IP address blocks:        185.25.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/cKdpKcviHO3ZTAErpYuwtvEpci4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/cKdpKcviHO3ZTAErpYuwtvEpci4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:cb:2c:b9:a8:9a:a3:03:94:28:fa:d1:4f:31:ea:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70a76929cbe21cedd94c012ba58bb0b6f129722e
        Validity
            Not Before: Aug  4 11:15:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cfd281b8fa54f074f82fc10b1a8b7c73b0a0540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:68:2c:b6:f6:b3:84:51:c2:c9:26:33:a2:3e:
                    ec:45:41:5b:b7:53:14:f5:87:fa:4b:25:e6:1e:7f:
                    dd:4d:b6:2a:d6:6a:fc:8e:aa:ae:d3:3a:a9:ce:4f:
                    12:a2:85:19:da:32:95:9a:43:0b:a5:98:8a:e4:87:
                    16:13:43:e3:07:bf:35:fc:f4:30:4d:0c:2c:3d:ac:
                    d0:c8:33:dc:89:1d:d6:9e:e0:98:93:1d:eb:6b:1b:
                    6e:b4:58:6a:e7:7e:f4:96:0c:74:36:81:78:d6:2c:
                    71:fe:71:7f:6b:e1:81:21:11:96:91:d7:95:32:33:
                    48:45:1e:dd:66:1a:99:fe:4c:a6:82:72:6c:e4:14:
                    75:e2:47:f5:8c:e7:85:f3:29:b0:91:aa:49:fd:80:
                    91:c3:4d:05:dc:83:c3:06:31:58:b1:d3:b9:e5:de:
                    c6:47:e5:b8:5b:b9:ff:9e:a6:29:3b:6e:f0:df:52:
                    2c:96:f2:6d:a1:43:08:88:82:81:38:0e:4f:4b:2d:
                    b4:bc:3e:5b:9a:24:fb:f8:30:96:44:c3:9a:7c:e7:
                    dc:bd:b0:56:55:28:91:38:d1:c6:f9:2a:e0:57:fe:
                    28:c9:11:f6:0e:b9:b0:c9:e9:d7:d7:28:05:e6:4f:
                    85:4c:8d:67:16:97:07:41:fa:c2:eb:2b:72:96:b1:
                    71:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:FD:28:1B:8F:A5:4F:07:4F:82:FC:10:B1:A8:B7:C7:3B:0A:05:40
            X509v3 Authority Key Identifier:
                keyid:70:A7:69:29:CB:E2:1C:ED:D9:4C:01:2B:A5:8B:B0:B6:F1:29:72:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/jP0oG4-lTwdPgvwQsai3xzsKBUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/cKdpKcviHO3ZTAErpYuwtvEpci4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dc:fd:1c:a7:65:29:04:64:79:6f:66:81:61:87:1d:9c:6c:82:
         2d:c0:82:0a:90:9e:8d:7e:a2:0c:70:16:b6:82:0e:6a:65:bb:
         ed:a1:5c:d0:58:4a:72:f9:d8:91:29:b7:e7:58:a7:57:4e:82:
         fe:04:d0:25:a0:3a:6e:d2:7b:07:c4:88:bb:c0:62:44:ff:d1:
         85:cf:e4:c0:50:00:8d:b7:dd:d6:04:8d:ef:4f:69:1d:61:04:
         2a:f4:8c:08:d1:22:b5:4c:6c:6d:00:97:c0:eb:d7:0d:12:3d:
         d7:79:8a:7f:02:48:55:6a:cd:2e:5c:1c:45:d1:c5:e6:55:aa:
         be:48:af:7d:51:72:61:91:39:4d:e0:84:37:8d:b8:42:65:b5:
         05:01:6c:2d:27:49:b5:53:74:07:78:5a:fa:00:7c:d2:3d:d5:
         8b:56:7e:e6:67:e6:98:71:8d:da:78:ac:4a:9b:88:cb:b1:eb:
         28:56:b7:9b:e6:e1:80:23:db:94:f7:5d:4b:22:75:56:57:71:
         09:7f:e4:fa:6e:89:fe:ea:0d:ea:4d:f8:86:94:8f:08:b8:53:
         34:33:41:e0:90:68:59:e2:43:8e:31:41:e0:92:c4:ff:a5:34:
         89:11:02:95:b4:e1:5d:0f:37:17:9b:56:a0:24:88:c9:90:60:
         63:e2:09:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh0yyy5qJqjA5Qo+tFPMep4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYTc2OTI5Y2JlMjFjZWRkOTRjMDEyYmE1OGJiMGI2ZjEy
OTcyMmUwHhcNMjUwODA0MTExNTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2ZkMjgxYjhmYTU0ZjA3NGY4MmZjMTBiMWE4YjdjNzNiMGEwNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2gstvazhFHCySYzoj7sRUFbt1MU
9Yf6SyXmHn/dTbYq1mr8jqqu0zqpzk8SooUZ2jKVmkMLpZiK5IcWE0PjB781/PQw
TQwsPazQyDPciR3WnuCYkx3raxtutFhq5370lgx0NoF41ixx/nF/a+GBIRGWkdeV
MjNIRR7dZhqZ/kymgnJs5BR14kf1jOeF8ymwkapJ/YCRw00F3IPDBjFYsdO55d7G
R+W4W7n/nqYpO27w31IslvJtoUMIiIKBOA5PSy20vD5bmiT7+DCWRMOafOfcvbBW
VSiRONHG+SrgV/4oyRH2DrmwyenX1ygF5k+FTI1nFpcHQfrC6ytylrFxxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIz9KBuPpU8HT4L8ELGot8c7CgVAMB8GA1UdIwQY
MBaAFHCnaSnL4hzt2UwBK6WLsLbxKXIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0tkcEtjdmlITzNaVEFFcnBZdXd0dkVwY2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8wMTRmNDctNjI4Yi00ZmI4LWIzNDQt
YTQwOWUyMmEyNDNlLzEvalAwb0c0LWxUd2RQZ3Z3UXNhaTN4enNLQlVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8wMTRmNDctNjI4Yi00ZmI4LWIzNDQtYTQwOWUyMmEyNDNl
LzEvY0tkcEtjdmlITzNaVEFFcnBZdXd0dkVwY2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRnhMA0G
CSqGSIb3DQEBCwUAA4IBAQDc/RynZSkEZHlvZoFhhx2cbIItwIIKkJ6NfqIMcBa2
gg5qZbvtoVzQWEpy+diRKbfnWKdXToL+BNAloDpu0nsHxIi7wGJE/9GFz+TAUACN
t93WBI3vT2kdYQQq9IwI0SK1TGxtAJfA69cNEj3XeYp/AkhVas0uXBxF0cXmVaq+
SK99UXJhkTlN4IQ3jbhCZbUFAWwtJ0m1U3QHeFr6AHzSPdWLVn7mZ+aYcY3aeKxK
m4jLsesoVreb5uGAI9uU911LInVWV3EJf+T6bon+6g3qTfiGlI8IuFM0M0HgkGhZ
4kOOMUHgksT/pTSJEQKVtOFdDzcXm1agJIjJkGBj4gnk
-----END CERTIFICATE-----