Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/R3eWLtKMf3s5qAL6kT28Ne2Bwe0.roa
File:                     R3eWLtKMf3s5qAL6kT28Ne2Bwe0.roa (raw, json)
Hash identifier:          Lww5QfUVNpWO8iTO91HP9UB5bQE1iug9GL1iYY+w1m8=
Subject key identifier:   47:77:96:2E:D2:8C:7F:7B:39:A8:02:FA:91:3D:BC:35:ED:81:C1:ED
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01985524656A3135CDEA98F687D8D815F345
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/R3eWLtKMf3s5qAL6kT28Ne2Bwe0.roa
Signing time:             Tue 29 Jul 2025 07:45:05 +0000
ROA not before:           Tue 29 Jul 2025 07:45:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        185.223.82.0/24 maxlen: 24
                          193.8.112.0/24 maxlen: 24
                          194.76.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 02:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:24:65:6a:31:35:cd:ea:98:f6:87:d8:d8:15:f3:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 29 07:45:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4777962ed28c7f7b39a802fa913dbc35ed81c1ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:64:b8:f9:c0:7a:39:82:13:46:06:f0:a1:ef:
                    a8:2b:1a:4e:05:d1:b4:3f:6e:15:1b:7a:bf:82:82:
                    5e:81:f0:9e:8f:12:5d:f7:71:80:f0:70:38:e3:1a:
                    f2:4a:b9:4b:39:29:f8:e2:37:17:76:db:60:03:fa:
                    d6:9f:89:1f:85:ec:d3:c8:e0:5c:a3:6b:d8:35:6a:
                    cf:e4:66:99:be:2e:7c:c5:1e:08:5b:39:56:2d:69:
                    c7:1f:92:e2:54:39:4e:79:c7:f0:b3:b2:24:90:f1:
                    90:72:5b:33:97:d0:d0:e0:e6:d9:eb:52:ba:c3:69:
                    14:f8:a3:77:1b:f4:b3:ba:97:0e:bd:b9:4c:b7:04:
                    57:1f:9e:04:a9:79:46:d6:7f:db:12:6b:1d:5c:13:
                    06:fc:84:b6:5d:a0:14:1a:a0:b8:92:55:c9:fa:d0:
                    f2:f8:29:84:c4:8d:8e:88:e9:20:db:5e:f6:5b:be:
                    a7:a3:d1:26:11:30:69:e8:7f:c6:ae:ae:d9:4f:35:
                    d2:45:96:da:e1:59:91:54:0d:66:dd:87:4f:f8:28:
                    9a:d8:9a:b9:0c:ce:6a:aa:ed:c4:fa:d1:a0:ea:e1:
                    79:42:3d:82:25:e1:f9:aa:e4:38:60:d7:53:40:7a:
                    70:2c:25:3b:d6:17:23:09:84:a1:40:c4:83:40:26:
                    0a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:77:96:2E:D2:8C:7F:7B:39:A8:02:FA:91:3D:BC:35:ED:81:C1:ED
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/R3eWLtKMf3s5qAL6kT28Ne2Bwe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.82.0/24
                  193.8.112.0/24
                  194.76.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:53:6a:57:8b:29:89:5f:21:4a:f1:bd:63:e8:4c:a9:37:da:
         52:a9:a7:67:b6:5a:36:54:37:d8:06:83:39:d5:0c:a3:4f:88:
         91:e8:ce:e4:c9:48:c5:37:ae:a9:6c:8b:33:3c:03:10:f8:2f:
         76:22:f7:4a:71:16:63:88:46:d0:f4:6c:09:00:f6:fe:d6:ce:
         c2:de:3a:85:9b:33:86:82:6b:f7:ee:83:5c:0b:bd:36:d5:e7:
         e5:3a:98:a3:ad:c1:1f:89:59:2d:0e:95:0b:1b:ad:6b:53:d4:
         68:75:7d:64:46:ef:58:c7:54:dd:ba:76:94:82:36:49:53:db:
         db:fa:9e:6d:d3:ec:29:21:ac:7c:c3:d2:31:4f:dc:72:85:59:
         44:58:12:02:22:a2:a5:48:46:51:0c:12:62:5b:9e:54:45:20:
         3b:cf:47:1f:ea:12:54:ad:3b:3f:4a:8a:cb:c0:0b:c5:24:26:
         37:f7:9c:02:dc:1a:07:d9:5c:d4:ad:df:38:92:5b:f7:49:e5:
         ed:e2:e4:6a:c9:48:96:40:1e:37:06:c7:1f:4d:06:f6:81:5f:
         f5:0f:c0:8d:a2:44:3d:75:9b:30:d6:1d:65:73:b6:dc:2c:e5:
         36:f4:bf:64:52:7a:dc:1f:6e:ab:7b:a7:72:8d:37:cc:03:9a:
         dc:6e:91:48
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhVJGVqMTXN6pj2h9jYFfNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNzI5MDc0NTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzc3OTYyZWQyOGM3ZjdiMzlhODAyZmE5MTNkYmMzNWVkODFjMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2S4+cB6OYITRgbwoe+oKxpOBdG0
P24VG3q/goJegfCejxJd93GA8HA44xrySrlLOSn44jcXdttgA/rWn4kfhezTyOBc
o2vYNWrP5GaZvi58xR4IWzlWLWnHH5LiVDlOecfws7IkkPGQclszl9DQ4ObZ61K6
w2kU+KN3G/SzupcOvblMtwRXH54EqXlG1n/bEmsdXBMG/IS2XaAUGqC4klXJ+tDy
+CmExI2OiOkg2172W76no9EmETBp6H/Grq7ZTzXSRZba4VmRVA1m3YdP+Cia2Jq5
DM5qqu3E+tGg6uF5Qj2CJeH5quQ4YNdTQHpwLCU71hcjCYShQMSDQCYKFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEd3li7SjH97OagC+pE9vDXtgcHtMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUjNlV0x0S01mM3M1cUFMNmtUMjhOZTJCd2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAud9SAwQA
wQhwAwQAwkytMA0GCSqGSIb3DQEBCwUAA4IBAQC5U2pXiymJXyFK8b1j6EypN9pS
qadntlo2VDfYBoM51QyjT4iR6M7kyUjFN66pbIszPAMQ+C92IvdKcRZjiEbQ9GwJ
APb+1s7C3jqFmzOGgmv37oNcC7021eflOpijrcEfiVktDpULG61rU9RodX1kRu9Y
x1TdunaUgjZJU9vb+p5t0+wpIax8w9IxT9xyhVlEWBICIqKlSEZRDBJiW55URSA7
z0cf6hJUrTs/SorLwAvFJCY395wC3BoH2VzUrd84klv3SeXt4uRqyUiWQB43Bscf
TQb2gV/1D8CNokQ9dZsw1h1lc7bcLOU29L9kUnrcH26re6dyjTfMA5rcbpFI
-----END CERTIFICATE-----