Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/twJfM1b3K1XophieDfrOK9Yb-bY.roa
File:                     twJfM1b3K1XophieDfrOK9Yb-bY.roa (raw, json)
Hash identifier:          MXmmwrQwlazvGbzqXnWAVBTx7ErXJeD/39Xn13fKyq4=
Subject key identifier:   B7:02:5F:33:56:F7:2B:55:E8:A6:18:9E:0D:FA:CE:2B:D6:1B:F9:B6
Certificate issuer:       /CN=38728e9bd37399df9ffae587bd06884b350a65b7
Certificate serial:       019A4E4172D9D28822AA7F9571EAE5A13E42
Authority key identifier: 38:72:8E:9B:D3:73:99:DF:9F:FA:E5:87:BD:06:88:4B:35:0A:65:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OHKOm9Nzmd-f-uWHvQaISzUKZbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/twJfM1b3K1XophieDfrOK9Yb-bY.roa
Signing time:             Tue 04 Nov 2025 09:45:03 +0000
ROA not before:           Tue 04 Nov 2025 09:45:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20495
IP address blocks:        185.184.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/OHKOm9Nzmd-f-uWHvQaISzUKZbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/OHKOm9Nzmd-f-uWHvQaISzUKZbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OHKOm9Nzmd-f-uWHvQaISzUKZbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:41:72:d9:d2:88:22:aa:7f:95:71:ea:e5:a1:3e:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38728e9bd37399df9ffae587bd06884b350a65b7
        Validity
            Not Before: Nov  4 09:45:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7025f3356f72b55e8a6189e0dface2bd61bf9b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:2c:a0:24:2a:3d:56:d7:cd:29:40:95:72:86:
                    51:b2:39:14:71:98:00:c0:cb:ab:b0:be:2b:c4:83:
                    23:dc:9f:42:65:ac:56:09:cb:42:98:d7:5a:05:a7:
                    78:db:b5:dc:7e:f1:e5:0d:95:ea:42:89:26:f5:48:
                    65:75:9f:e9:79:11:f6:6f:f6:ba:ed:a8:f7:b7:d8:
                    b0:29:a8:6d:36:ee:d9:d6:13:e9:d7:fa:25:f3:6c:
                    db:32:da:f5:13:f3:13:56:bc:e3:d5:98:2a:e2:20:
                    b2:a7:65:06:4d:25:21:82:d1:f0:97:63:4f:95:5c:
                    8d:8e:0b:0a:dc:d0:66:fe:33:44:02:11:e0:d6:c7:
                    91:d1:bc:9f:2a:a0:e3:aa:dd:8e:be:40:fd:aa:95:
                    c6:06:62:c8:f1:48:6b:5e:9b:42:2d:6a:47:2f:80:
                    58:08:59:77:48:fd:60:df:71:99:8f:e6:1b:c7:01:
                    e4:fc:c6:2e:64:1b:9b:42:a3:d0:06:21:18:54:2a:
                    24:42:e4:eb:1f:d1:c0:94:74:e2:97:62:ca:23:38:
                    93:32:bf:b5:c1:d6:f4:39:d9:49:dd:ac:2c:91:5d:
                    54:08:84:f4:7d:e6:31:06:40:cf:35:06:87:40:f1:
                    29:d8:f2:b6:a6:25:f7:1a:f8:2e:14:69:0a:6c:c7:
                    7e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:02:5F:33:56:F7:2B:55:E8:A6:18:9E:0D:FA:CE:2B:D6:1B:F9:B6
            X509v3 Authority Key Identifier:
                keyid:38:72:8E:9B:D3:73:99:DF:9F:FA:E5:87:BD:06:88:4B:35:0A:65:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OHKOm9Nzmd-f-uWHvQaISzUKZbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/twJfM1b3K1XophieDfrOK9Yb-bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/be3e25-881c-4aec-a932-f8cfa33d684e/1/OHKOm9Nzmd-f-uWHvQaISzUKZbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:ec:a7:c9:1a:c4:04:a6:2b:96:b4:44:92:b5:ba:42:65:4c:
         30:9a:43:ba:a0:3e:fe:3b:2c:38:20:48:26:e0:dc:d9:3d:6f:
         8d:18:35:ab:7d:c8:62:e3:96:48:fa:21:06:cb:a2:4e:49:41:
         e8:16:19:6f:34:e2:bf:87:b7:96:9e:3a:7f:19:c9:f6:ac:68:
         0e:33:3c:5d:1c:86:49:31:e5:5e:36:1b:0d:74:ec:e4:cb:43:
         5b:20:34:5c:8b:c9:37:d8:a1:da:68:97:df:c8:45:07:02:7c:
         a5:53:4e:ab:2e:e4:18:f1:27:5a:90:f2:04:bf:45:4a:35:79:
         32:d5:18:fb:80:32:29:c0:43:b6:5a:dd:f6:f8:c6:c2:8e:d7:
         a6:c8:73:3e:30:f5:af:a3:02:51:9f:19:17:4f:10:ab:74:5f:
         87:29:1a:84:38:ea:49:0f:3c:71:69:c2:83:0a:aa:8d:87:bc:
         38:93:17:a2:ee:ce:31:dc:a7:a0:af:2b:17:3a:97:63:d1:cc:
         af:09:7e:cf:1b:8a:65:b3:2b:b7:26:33:46:07:e9:41:5d:f7:
         72:ba:2d:a2:d6:04:87:96:29:4f:b8:aa:1b:f2:48:f5:6f:8d:
         d3:da:0f:65:de:cd:27:07:86:a7:cc:47:84:df:13:29:ec:c9:
         42:cd:84:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpOQXLZ0ogiqn+VcerloT5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NzI4ZTliZDM3Mzk5ZGY5ZmZhZTU4N2JkMDY4ODRiMzUw
YTY1YjcwHhcNMjUxMTA0MDk0NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzAyNWYzMzU2ZjcyYjU1ZThhNjE4OWUwZGZhY2UyYmQ2MWJmOWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iygJCo9VtfNKUCVcoZRsjkUcZgA
wMursL4rxIMj3J9CZaxWCctCmNdaBad427XcfvHlDZXqQokm9UhldZ/peRH2b/a6
7aj3t9iwKahtNu7Z1hPp1/ol82zbMtr1E/MTVrzj1Zgq4iCyp2UGTSUhgtHwl2NP
lVyNjgsK3NBm/jNEAhHg1seR0byfKqDjqt2OvkD9qpXGBmLI8UhrXptCLWpHL4BY
CFl3SP1g33GZj+YbxwHk/MYuZBubQqPQBiEYVCokQuTrH9HAlHTil2LKIziTMr+1
wdb0OdlJ3awskV1UCIT0feYxBkDPNQaHQPEp2PK2piX3GvguFGkKbMd+pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcCXzNW9ytV6KYYng36zivWG/m2MB8GA1UdIwQY
MBaAFDhyjpvTc5nfn/rlh70GiEs1CmW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0hLT205TnptZC1mLXVXSHZRYUlTelVLWmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9iZTNlMjUtODgxYy00YWVjLWE5MzIt
ZjhjZmEzM2Q2ODRlLzEvdHdKZk0xYjNLMVhvcGhpZURmck9LOVliLWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9iZTNlMjUtODgxYy00YWVjLWE5MzItZjhjZmEzM2Q2ODRl
LzEvT0hLT205TnptZC1mLXVXSHZRYUlTelVLWmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubhsMA0G
CSqGSIb3DQEBCwUAA4IBAQCT7KfJGsQEpiuWtESStbpCZUwwmkO6oD7+Oyw4IEgm
4NzZPW+NGDWrfchi45ZI+iEGy6JOSUHoFhlvNOK/h7eWnjp/Gcn2rGgOMzxdHIZJ
MeVeNhsNdOzky0NbIDRci8k32KHaaJffyEUHAnylU06rLuQY8SdakPIEv0VKNXky
1Rj7gDIpwEO2Wt32+MbCjtemyHM+MPWvowJRnxkXTxCrdF+HKRqEOOpJDzxxacKD
CqqNh7w4kxei7s4x3KegrysXOpdj0cyvCX7PG4plsyu3JjNGB+lBXfdyui2i1gSH
lilPuKob8kj1b43T2g9l3s0nB4anzEeE3xMp7MlCzYSQ
-----END CERTIFICATE-----