Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/jD35TOijn9apPv16PQrnNabes-w.roa
File:                     jD35TOijn9apPv16PQrnNabes-w.roa (raw, json)
Hash identifier:          z+ASTmxv+lpTm0jTqXiWySU/ngS1GGd0PmGfXBJYTzE=
Subject key identifier:   8C:3D:F9:4C:E8:A3:9F:D6:A9:3E:FD:7A:3D:0A:E7:35:A6:DE:B3:EC
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01985F9D6E6CD00945F49B80359A3BBE8CBF
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/jD35TOijn9apPv16PQrnNabes-w.roa
Signing time:             Thu 31 Jul 2025 08:33:29 +0000
ROA not before:           Thu 31 Jul 2025 08:33:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214663
IP address blocks:        185.223.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 02:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5f:9d:6e:6c:d0:09:45:f4:9b:80:35:9a:3b:be:8c:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 31 08:33:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c3df94ce8a39fd6a93efd7a3d0ae735a6deb3ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:c5:95:58:76:b9:02:53:06:18:a8:84:61:03:
                    69:be:50:1e:83:64:69:4f:09:f5:e9:f7:c4:73:57:
                    21:e0:4d:cc:5c:2b:4b:3a:5c:14:a8:c7:92:93:11:
                    32:2b:8a:b4:b2:b6:08:7c:cc:21:c9:95:14:61:48:
                    2e:ba:d1:49:56:46:a8:cc:fb:32:74:65:50:83:9d:
                    df:72:68:1e:95:d4:1b:d6:b7:37:44:fe:3d:32:9d:
                    2a:b5:ea:b8:b9:d0:45:cd:bf:48:b0:87:d0:d6:cf:
                    e4:d7:b1:d2:77:ad:d6:ed:b7:ca:3c:95:0c:c0:c6:
                    64:94:c9:d1:92:7b:77:88:d1:02:5e:e9:8d:6b:78:
                    7c:91:be:c0:57:05:da:e5:15:f2:8b:b4:29:32:12:
                    53:7f:67:20:02:d6:4b:14:8a:45:d6:92:db:d0:52:
                    b7:0e:ef:ea:17:d1:0d:f7:d4:5c:6b:0f:21:82:fb:
                    95:2d:ba:fd:c3:4e:c9:25:2a:39:41:c8:79:8f:4b:
                    fd:ee:f4:b3:4b:8c:e2:e1:41:5b:1d:36:f3:bd:63:
                    2a:2f:e1:f2:07:64:a6:76:ba:af:fa:34:94:5e:48:
                    bf:1f:bf:55:fb:d6:8d:3c:fe:4b:55:75:6d:01:26:
                    94:dd:cb:81:6b:48:c1:20:c8:4f:af:6e:3c:d9:45:
                    9f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:3D:F9:4C:E8:A3:9F:D6:A9:3E:FD:7A:3D:0A:E7:35:A6:DE:B3:EC
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/jD35TOijn9apPv16PQrnNabes-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:2f:89:a7:75:d3:1a:ae:bf:78:6a:ab:f6:f8:28:d8:b2:b6:
         dc:a9:41:a5:13:90:7f:58:6a:89:e1:ea:67:20:7b:4b:33:25:
         f1:0a:6e:bb:89:aa:5e:aa:aa:a6:b9:a2:03:db:62:f9:72:77:
         87:16:2a:0e:57:6b:10:ee:de:29:76:20:34:da:35:56:0b:d0:
         53:76:3b:67:6d:72:c2:8b:a8:c5:c7:3f:ef:c2:03:06:98:77:
         26:ec:30:3e:e8:dc:44:9f:02:46:a6:61:47:e0:3f:20:74:d2:
         1f:b4:70:f6:ca:58:55:1e:a2:f7:d6:de:5a:a1:38:8a:06:b4:
         7c:5b:b7:dc:1f:a5:b3:c0:16:4e:38:6a:2a:9a:85:48:18:03:
         31:19:3d:0b:ce:65:9a:50:e1:88:39:4e:1b:de:02:d3:b7:08:
         f8:24:19:62:a5:89:e6:ab:4d:ed:8a:c4:d2:aa:14:aa:cb:18:
         a8:09:c9:5e:23:4a:7a:df:9e:b0:5a:6d:ff:b0:96:d1:46:ab:
         2a:75:8b:7f:9e:61:66:16:09:0e:b6:55:8f:ab:29:e4:0f:c4:
         7f:08:d5:a3:26:7c:a6:5b:a8:57:53:62:e3:33:23:8c:4a:16:
         51:9d:5c:11:01:5e:66:aa:0f:af:55:76:55:56:87:6d:b6:63:
         7d:ac:6e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhfnW5s0AlF9JuANZo7voy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNzMxMDgzMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzNkZjk0Y2U4YTM5ZmQ2YTkzZWZkN2EzZDBhZTczNWE2ZGViM2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sWVWHa5AlMGGKiEYQNpvlAeg2Rp
Twn16ffEc1ch4E3MXCtLOlwUqMeSkxEyK4q0srYIfMwhyZUUYUguutFJVkaozPsy
dGVQg53fcmgeldQb1rc3RP49Mp0qteq4udBFzb9IsIfQ1s/k17HSd63W7bfKPJUM
wMZklMnRknt3iNECXumNa3h8kb7AVwXa5RXyi7QpMhJTf2cgAtZLFIpF1pLb0FK3
Du/qF9EN99Rcaw8hgvuVLbr9w07JJSo5Qch5j0v97vSzS4zi4UFbHTbzvWMqL+Hy
B2Smdrqv+jSUXki/H79V+9aNPP5LVXVtASaU3cuBa0jBIMhPr2482UWffwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIw9+Uzoo5/WqT79ej0K5zWm3rPsMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvakQzNVRPaWpuOWFwUHYxNlBRcm5OYWJlcy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud9QMA0G
CSqGSIb3DQEBCwUAA4IBAQC1L4mnddMarr94aqv2+CjYsrbcqUGlE5B/WGqJ4epn
IHtLMyXxCm67iapeqqqmuaID22L5cneHFioOV2sQ7t4pdiA02jVWC9BTdjtnbXLC
i6jFxz/vwgMGmHcm7DA+6NxEnwJGpmFH4D8gdNIftHD2ylhVHqL31t5aoTiKBrR8
W7fcH6WzwBZOOGoqmoVIGAMxGT0LzmWaUOGIOU4b3gLTtwj4JBlipYnmq03tisTS
qhSqyxioCcleI0p6356wWm3/sJbRRqsqdYt/nmFmFgkOtlWPqynkD8R/CNWjJnym
W6hXU2LjMyOMShZRnVwRAV5mqg+vVXZVVodttmN9rG6G
-----END CERTIFICATE-----