Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/Mt4ySnJ9tLnzzQYq2U6tfp3Q3JA.roa
File:                     Mt4ySnJ9tLnzzQYq2U6tfp3Q3JA.roa (raw, json)
Hash identifier:          Czeue2iwQkgf4dbWmDFWclQeOMsHJV7V0inLeSwakN8=
Subject key identifier:   32:DE:32:4A:72:7D:B4:B9:F3:CD:06:2A:D9:4E:AD:7E:9D:D0:DC:90
Certificate issuer:       /CN=5446df07ff3cb26dfcf4eeb8761fb016caf7f9ee
Certificate serial:       019865404AA1EEC81DB22AF6577B7E3D9D6F
Authority key identifier: 54:46:DF:07:FF:3C:B2:6D:FC:F4:EE:B8:76:1F:B0:16:CA:F7:F9:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEbfB_88sm389O64dh-wFsr3-e4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/Mt4ySnJ9tLnzzQYq2U6tfp3Q3JA.roa
Signing time:             Fri 01 Aug 2025 10:49:28 +0000
ROA not before:           Fri 01 Aug 2025 10:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205277
IP address blocks:        185.223.124.0/22 maxlen: 22
                          185.223.124.0/23 maxlen: 23
                          185.223.124.0/24 maxlen: 24
                          185.223.125.0/24 maxlen: 24
                          185.223.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/VEbfB_88sm389O64dh-wFsr3-e4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/VEbfB_88sm389O64dh-wFsr3-e4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEbfB_88sm389O64dh-wFsr3-e4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 14:26:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:65:40:4a:a1:ee:c8:1d:b2:2a:f6:57:7b:7e:3d:9d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5446df07ff3cb26dfcf4eeb8761fb016caf7f9ee
        Validity
            Not Before: Aug  1 10:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32de324a727db4b9f3cd062ad94ead7e9dd0dc90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:32:cb:84:71:0b:6a:e7:a9:bd:ab:29:9e:63:
                    67:ec:0b:46:d2:0a:86:7d:f3:c0:57:66:14:e9:1f:
                    23:67:21:3f:02:b9:d5:2a:c3:03:ed:a8:d8:1c:91:
                    09:0c:3b:c7:9b:5d:4d:44:9c:7e:8b:89:be:e0:ee:
                    ca:56:c1:bd:ee:3d:ae:8f:ee:31:1b:55:55:96:40:
                    7d:b9:46:8a:f8:ab:f3:f5:b8:c9:4c:2a:5f:0f:ac:
                    59:32:ca:13:bb:d0:19:f1:56:97:d3:f3:f8:c6:fc:
                    36:b7:40:ba:ad:3a:5c:98:52:73:a3:17:ae:06:d1:
                    52:30:b8:7d:fe:fc:6f:1c:9a:ac:9a:0d:20:dc:3c:
                    77:7d:fc:66:a9:de:16:85:60:c7:6c:06:24:84:ad:
                    9d:e7:04:6b:1f:76:48:53:a7:c6:7f:72:82:2d:2f:
                    a0:5a:99:a0:8a:f7:ca:fd:98:5c:99:44:c4:ac:c5:
                    e9:55:ff:4a:fb:a8:4d:f5:50:ea:2c:77:03:ff:b0:
                    21:39:ac:fc:d0:64:83:86:d7:3b:97:46:5d:84:14:
                    72:97:06:2e:da:db:37:5e:9e:bd:d7:b3:ab:99:62:
                    c8:19:00:0a:f4:03:d7:f8:48:e6:7a:53:9d:db:20:
                    32:3c:f4:22:2b:91:ed:d2:c3:2a:96:e9:44:b8:25:
                    fb:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:DE:32:4A:72:7D:B4:B9:F3:CD:06:2A:D9:4E:AD:7E:9D:D0:DC:90
            X509v3 Authority Key Identifier:
                keyid:54:46:DF:07:FF:3C:B2:6D:FC:F4:EE:B8:76:1F:B0:16:CA:F7:F9:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEbfB_88sm389O64dh-wFsr3-e4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/Mt4ySnJ9tLnzzQYq2U6tfp3Q3JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3f85da-311f-45b4-a747-56560b26a0db/1/VEbfB_88sm389O64dh-wFsr3-e4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:43:db:24:78:2e:c5:d1:28:c2:07:71:71:77:0b:37:8d:94:
         a0:e0:fa:8a:6a:a7:c3:4c:2d:a9:cc:56:8d:3e:93:1e:f0:20:
         94:50:d6:ba:d6:49:8c:d7:72:16:da:ea:01:cf:22:67:c2:9f:
         f8:37:b6:aa:a1:01:b2:38:e9:98:0b:53:2b:74:6f:b7:48:5d:
         83:83:81:45:e1:36:a6:8e:82:13:1b:c0:39:f8:94:b0:91:fc:
         d5:27:ce:cb:6a:cd:92:f0:3e:2d:db:e9:72:34:6b:66:cc:68:
         f8:9a:9d:6f:8a:99:fd:e6:fe:aa:6f:52:19:d2:ff:38:a6:1e:
         b6:bf:eb:67:10:d0:d3:92:58:bc:17:1e:6c:41:6d:b8:63:f0:
         e2:a7:a1:45:1d:d4:09:22:85:f1:82:07:8d:c0:e3:be:75:df:
         3f:e0:d4:84:d5:00:59:c3:a9:8e:b3:d9:41:07:30:6b:87:0a:
         46:19:9c:c1:a9:84:ea:bd:07:41:12:9d:02:92:ba:b0:b3:7d:
         1d:47:44:76:5f:a1:c8:5b:68:c8:09:82:55:18:f5:a7:8e:60:
         c0:e4:f7:82:eb:a8:d0:83:b1:1f:7f:8e:f6:c6:0e:26:b3:3f:
         c7:dc:51:17:96:d2:e5:ac:0b:fc:e3:09:66:b6:f6:af:ba:13:
         a1:86:ba:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhlQEqh7sgdsir2V3t+PZ1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDZkZjA3ZmYzY2IyNmRmY2Y0ZWViODc2MWZiMDE2Y2Fm
N2Y5ZWUwHhcNMjUwODAxMTA0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmRlMzI0YTcyN2RiNGI5ZjNjZDA2MmFkOTRlYWQ3ZTlkZDBkYzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDLLhHELauepvaspnmNn7AtG0gqG
ffPAV2YU6R8jZyE/ArnVKsMD7ajYHJEJDDvHm11NRJx+i4m+4O7KVsG97j2uj+4x
G1VVlkB9uUaK+Kvz9bjJTCpfD6xZMsoTu9AZ8VaX0/P4xvw2t0C6rTpcmFJzoxeu
BtFSMLh9/vxvHJqsmg0g3Dx3ffxmqd4WhWDHbAYkhK2d5wRrH3ZIU6fGf3KCLS+g
WpmgivfK/ZhcmUTErMXpVf9K+6hN9VDqLHcD/7AhOaz80GSDhtc7l0ZdhBRylwYu
2ts3Xp6917OrmWLIGQAK9APX+EjmelOd2yAyPPQiK5Ht0sMqlulEuCX7gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDLeMkpyfbS5880GKtlOrX6d0NyQMB8GA1UdIwQY
MBaAFFRG3wf/PLJt/PTuuHYfsBbK9/nuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkViZkJfODhzbTM4OU82NGRoLXdGc3IzLWU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zZjg1ZGEtMzExZi00NWI0LWE3NDct
NTY1NjBiMjZhMGRiLzEvTXQ0eVNuSjl0TG56elFZcTJVNnRmcDNRM0pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zZjg1ZGEtMzExZi00NWI0LWE3NDctNTY1NjBiMjZhMGRi
LzEvVkViZkJfODhzbTM4OU82NGRoLXdGc3IzLWU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud98MA0G
CSqGSIb3DQEBCwUAA4IBAQBaQ9skeC7F0SjCB3Fxdws3jZSg4PqKaqfDTC2pzFaN
PpMe8CCUUNa61kmM13IW2uoBzyJnwp/4N7aqoQGyOOmYC1MrdG+3SF2Dg4FF4Tam
joITG8A5+JSwkfzVJ87Las2S8D4t2+lyNGtmzGj4mp1vipn95v6qb1IZ0v84ph62
v+tnENDTkli8Fx5sQW24Y/Dip6FFHdQJIoXxggeNwOO+dd8/4NSE1QBZw6mOs9lB
BzBrhwpGGZzBqYTqvQdBEp0Ckrqws30dR0R2X6HIW2jICYJVGPWnjmDA5PeC66jQ
g7Eff472xg4msz/H3FEXltLlrAv84wlmtvavuhOhhrrp
-----END CERTIFICATE-----
Generated at Wed Aug 6 19:37:42 2025 by rpki-client