Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/8DPJokshklZiZ-Wg3NyoXUsggCo.roa
File:                     8DPJokshklZiZ-Wg3NyoXUsggCo.roa (raw, json)
Hash identifier:          saLQlFoD5jr+b8OXd/uC1s8XxDV1hFFRgD40BfF/jSg=
Subject key identifier:   F0:33:C9:A2:4B:21:92:56:62:67:E5:A0:DC:DC:A8:5D:4B:20:80:2A
Certificate issuer:       /CN=2fbd908d0c5bd3aacf5280dd81ea20382cd978ea
Certificate serial:       0198566B9990ED724F0C1AFA7065B17D60DD
Authority key identifier: 2F:BD:90:8D:0C:5B:D3:AA:CF:52:80:DD:81:EA:20:38:2C:D9:78:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L72QjQxb06rPUoDdgeogOCzZeOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/8DPJokshklZiZ-Wg3NyoXUsggCo.roa
Signing time:             Tue 29 Jul 2025 13:42:28 +0000
ROA not before:           Tue 29 Jul 2025 13:42:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39700
IP address blocks:        185.228.196.0/22 maxlen: 24
                          2a0d:3600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/L72QjQxb06rPUoDdgeogOCzZeOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/L72QjQxb06rPUoDdgeogOCzZeOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L72QjQxb06rPUoDdgeogOCzZeOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:6b:99:90:ed:72:4f:0c:1a:fa:70:65:b1:7d:60:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fbd908d0c5bd3aacf5280dd81ea20382cd978ea
        Validity
            Not Before: Jul 29 13:42:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f033c9a24b2192566267e5a0dcdca85d4b20802a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ea:58:97:fc:07:47:31:1a:54:c9:1f:9a:0d:
                    e3:ea:65:76:8f:e6:65:bf:c5:1d:64:66:e1:49:5a:
                    fe:79:79:87:d1:b4:35:36:89:c6:6f:26:5d:f1:58:
                    5a:3b:1e:97:0f:72:8a:65:58:6c:f4:0f:df:23:9d:
                    ce:e0:b0:83:bf:42:f5:0e:19:1d:38:0d:99:03:c3:
                    7d:6e:b3:26:62:d4:98:a4:ad:42:ec:a7:62:5d:4e:
                    08:1c:64:20:d8:cc:02:5a:c5:8c:07:fe:fe:aa:36:
                    17:21:52:10:49:ff:72:63:54:43:17:b5:02:08:da:
                    c0:a4:a7:3d:b2:96:db:65:7b:80:2f:eb:68:f2:a4:
                    a4:15:23:78:9f:61:0c:3e:2c:e1:b3:99:1d:60:29:
                    de:d8:e2:9a:4d:a4:07:f1:11:41:e5:21:82:a3:35:
                    a7:9d:9d:82:a0:7e:03:81:1c:4f:5f:8d:d4:f8:ab:
                    6c:1d:6b:60:1f:f4:5f:6f:1e:26:6d:da:64:f6:6d:
                    e4:bc:ec:7f:29:49:f8:98:ce:ce:40:29:fb:8e:c8:
                    dd:c6:a2:ff:0b:97:83:31:6a:af:e5:71:02:69:dd:
                    d1:64:ef:77:cb:b4:57:0e:22:de:6f:42:3e:61:f9:
                    58:f1:4a:af:7e:ca:d7:50:11:c3:eb:b0:fa:1d:47:
                    d0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:33:C9:A2:4B:21:92:56:62:67:E5:A0:DC:DC:A8:5D:4B:20:80:2A
            X509v3 Authority Key Identifier:
                keyid:2F:BD:90:8D:0C:5B:D3:AA:CF:52:80:DD:81:EA:20:38:2C:D9:78:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L72QjQxb06rPUoDdgeogOCzZeOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/8DPJokshklZiZ-Wg3NyoXUsggCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e7234c-887e-41e9-ad3c-7ecdd2f64d2d/1/L72QjQxb06rPUoDdgeogOCzZeOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.196.0/22
                IPv6:
                  2a0d:3600::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:64:7b:90:4d:0c:ad:fb:21:ba:96:c2:db:82:41:75:87:3f:
         f2:c6:ac:00:2c:b4:60:9e:90:b8:f6:f4:41:d8:1d:98:13:13:
         e5:71:85:1f:cb:36:27:a3:58:45:6c:c1:a3:77:7e:5d:dc:6b:
         e6:57:e6:c8:98:aa:3d:5a:96:70:47:98:ac:94:e0:a3:ff:19:
         57:53:79:8f:75:e5:46:2b:b7:16:f0:59:54:d6:0c:16:5e:b3:
         2c:0e:28:52:ab:d7:66:21:77:87:a1:12:9a:5c:28:ae:5b:de:
         43:27:5d:e0:04:90:e4:7c:c0:de:46:9c:1b:bc:af:f8:18:49:
         3e:71:17:14:8f:47:7c:63:a0:1d:6f:73:c6:48:b7:1a:2a:9f:
         e3:50:db:07:1d:18:5d:e6:db:07:a0:56:54:58:f1:8b:bd:d9:
         ee:54:f8:a8:4e:e2:a4:d3:46:21:b1:3f:71:e8:79:2f:dd:ed:
         57:27:12:77:1b:e2:fa:f2:b0:5d:15:0d:75:97:a8:b1:d7:ac:
         b6:83:d1:d8:4e:cb:b1:ee:7d:98:3c:c5:99:ad:1e:ab:9f:66:
         c3:3d:89:f6:f0:25:ec:aa:f3:c2:c4:d1:cc:7b:79:6e:2f:00:
         06:64:a1:e6:04:0f:d6:cc:3a:d8:c6:66:38:a6:47:b1:ad:76:
         ef:fa:d4:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhWa5mQ7XJPDBr6cGWxfWDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYmQ5MDhkMGM1YmQzYWFjZjUyODBkZDgxZWEyMDM4MmNk
OTc4ZWEwHhcNMjUwNzI5MTM0MjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDMzYzlhMjRiMjE5MjU2NjI2N2U1YTBkY2RjYTg1ZDRiMjA4MDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1upYl/wHRzEaVMkfmg3j6mV2j+Zl
v8UdZGbhSVr+eXmH0bQ1NonGbyZd8VhaOx6XD3KKZVhs9A/fI53O4LCDv0L1Dhkd
OA2ZA8N9brMmYtSYpK1C7KdiXU4IHGQg2MwCWsWMB/7+qjYXIVIQSf9yY1RDF7UC
CNrApKc9spbbZXuAL+to8qSkFSN4n2EMPizhs5kdYCne2OKaTaQH8RFB5SGCozWn
nZ2CoH4DgRxPX43U+KtsHWtgH/Rfbx4mbdpk9m3kvOx/KUn4mM7OQCn7jsjdxqL/
C5eDMWqv5XECad3RZO93y7RXDiLeb0I+YflY8UqvfsrXUBHD67D6HUfQxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPAzyaJLIZJWYmfloNzcqF1LIIAqMB8GA1UdIwQY
MBaAFC+9kI0MW9Oqz1KA3YHqIDgs2XjqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDcyUWpReGIwNnJQVW9EZGdlb2dPQ3paZU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNzIzNGMtODg3ZS00MWU5LWFkM2Mt
N2VjZGQyZjY0ZDJkLzEvOERQSm9rc2hrbFppWi1XZzNOeW9YVXNnZ0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNzIzNGMtODg3ZS00MWU5LWFkM2MtN2VjZGQyZjY0ZDJk
LzEvTDcyUWpReGIwNnJQVW9EZGdlb2dPQ3paZU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueTEMA0E
AgACMAcDBQMqDTYAMA0GCSqGSIb3DQEBCwUAA4IBAQA5ZHuQTQyt+yG6lsLbgkF1
hz/yxqwALLRgnpC49vRB2B2YExPlcYUfyzYno1hFbMGjd35d3GvmV+bImKo9WpZw
R5islOCj/xlXU3mPdeVGK7cW8FlU1gwWXrMsDihSq9dmIXeHoRKaXCiuW95DJ13g
BJDkfMDeRpwbvK/4GEk+cRcUj0d8Y6Adb3PGSLcaKp/jUNsHHRhd5tsHoFZUWPGL
vdnuVPioTuKk00YhsT9x6Hkv3e1XJxJ3G+L68rBdFQ11l6ix16y2g9HYTsux7n2Y
PMWZrR6rn2bDPYn28CXsqvPCxNHMe3luLwAGZKHmBA/WzDrYxmY4pkexrXbv+tQM
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:41:54 2025 by rpki-client