Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/44WqLxBoNN2QK30ATokBgtKLkeI.roa
File:                     44WqLxBoNN2QK30ATokBgtKLkeI.roa (raw, json)
Hash identifier:          r1vcmWXJ0IlZk5aHbff1XD3Hg2Mieqe53U03waIk5x4=
Subject key identifier:   E3:85:AA:2F:10:68:34:DD:90:2B:7D:00:4E:89:01:82:D2:8B:91:E2
Certificate issuer:       /CN=2183b256a215b4d6fe2617d1262b638bfa7d6d40
Certificate serial:       0198743F19D7BD0CD23D2D20663B90C8CE87
Authority key identifier: 21:83:B2:56:A2:15:B4:D6:FE:26:17:D1:26:2B:63:8B:FA:7D:6D:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYOyVqIVtNb-JhfRJitji_p9bUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/44WqLxBoNN2QK30ATokBgtKLkeI.roa
Signing time:             Mon 04 Aug 2025 08:42:29 +0000
ROA not before:           Mon 04 Aug 2025 08:42:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209381
IP address blocks:        185.170.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/IYOyVqIVtNb-JhfRJitji_p9bUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/IYOyVqIVtNb-JhfRJitji_p9bUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYOyVqIVtNb-JhfRJitji_p9bUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:3f:19:d7:bd:0c:d2:3d:2d:20:66:3b:90:c8:ce:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2183b256a215b4d6fe2617d1262b638bfa7d6d40
        Validity
            Not Before: Aug  4 08:42:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e385aa2f106834dd902b7d004e890182d28b91e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:43:f1:45:10:97:b7:61:96:1d:5a:6b:f9:c0:
                    fa:48:a0:64:db:08:b7:ed:ea:86:8b:3e:2e:e5:4a:
                    a1:a0:7d:2b:fd:f5:e0:de:17:d6:79:1a:af:3f:53:
                    a1:16:6c:45:42:c8:36:81:fb:40:30:c3:db:30:34:
                    20:15:7e:c4:bc:e5:a9:c5:3e:e2:2c:92:c3:35:24:
                    01:0d:44:0c:94:ba:b1:32:82:01:e8:a5:e3:b0:1f:
                    8c:0f:18:97:13:7d:44:76:c3:00:bc:7e:ac:66:7a:
                    9e:d9:2a:31:8c:89:33:f2:4e:8a:21:ac:fe:72:a3:
                    75:a1:17:71:aa:0d:05:b5:2d:e5:c0:08:85:09:2f:
                    94:2f:23:91:e7:3d:ed:4a:d0:a7:cc:14:81:e5:b0:
                    85:ee:c6:76:1d:c2:7b:9a:73:67:e1:90:71:dd:60:
                    06:12:b9:1c:48:8f:26:17:d2:f0:28:09:ba:53:01:
                    9a:ec:6a:e6:97:fd:d4:ed:84:ce:de:aa:87:3b:fc:
                    59:d4:a5:1d:b5:74:37:52:39:27:5e:35:ac:f6:6f:
                    e5:e2:77:14:8a:1e:36:7f:f1:64:0a:48:e8:46:39:
                    f3:d5:fe:ab:bf:72:25:43:f9:92:3b:0d:77:7f:04:
                    31:27:92:f9:2f:18:51:c8:17:79:37:bf:27:ee:ab:
                    57:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:85:AA:2F:10:68:34:DD:90:2B:7D:00:4E:89:01:82:D2:8B:91:E2
            X509v3 Authority Key Identifier:
                keyid:21:83:B2:56:A2:15:B4:D6:FE:26:17:D1:26:2B:63:8B:FA:7D:6D:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYOyVqIVtNb-JhfRJitji_p9bUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/44WqLxBoNN2QK30ATokBgtKLkeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9173a0-2884-4a79-8b3e-69a245095ab4/1/IYOyVqIVtNb-JhfRJitji_p9bUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:86:f6:d5:cb:08:f3:c7:62:06:48:04:66:c1:ce:26:bc:c8:
         8a:6e:a6:15:16:a8:1b:77:18:53:09:85:de:3a:4c:c0:a9:d9:
         9b:67:03:74:dc:5f:07:64:30:23:77:e7:e4:27:65:ac:f1:56:
         96:06:90:fa:9b:d6:d1:bc:90:57:9a:70:d7:e4:f2:a8:ae:7a:
         dc:1f:4b:45:b1:f5:84:e3:89:a3:e0:18:0a:42:e5:61:70:02:
         9b:99:35:e7:a3:c1:81:94:8c:1e:69:c5:6c:e6:4f:45:12:74:
         ec:81:ca:41:f5:18:00:e0:d7:63:ee:b2:e6:97:5a:80:f9:3b:
         83:86:6d:11:af:fd:d6:a7:a3:9b:b1:3a:b4:36:76:db:fa:c7:
         5a:33:0f:e9:32:fe:b2:27:71:61:ba:63:07:33:a5:8c:88:c2:
         65:7e:16:bf:bf:69:fb:0d:68:64:21:5e:28:94:88:72:b4:ff:
         57:26:66:38:7d:bc:2e:da:a2:90:62:b1:03:44:1e:f5:a6:73:
         69:3d:be:81:95:2c:be:03:92:1b:cf:af:5a:e0:95:aa:a7:6a:
         5a:39:c3:f4:f3:83:79:bc:8e:75:73:c9:a9:6f:56:a2:1e:71:
         98:63:e1:8c:46:ca:f9:29:64:44:11:5d:6b:dc:04:95:22:1d:
         6b:90:d0:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh0PxnXvQzSPS0gZjuQyM6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxODNiMjU2YTIxNWI0ZDZmZTI2MTdkMTI2MmI2MzhiZmE3
ZDZkNDAwHhcNMjUwODA0MDg0MjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzg1YWEyZjEwNjgzNGRkOTAyYjdkMDA0ZTg5MDE4MmQyOGI5MWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kPxRRCXt2GWHVpr+cD6SKBk2wi3
7eqGiz4u5UqhoH0r/fXg3hfWeRqvP1OhFmxFQsg2gftAMMPbMDQgFX7EvOWpxT7i
LJLDNSQBDUQMlLqxMoIB6KXjsB+MDxiXE31EdsMAvH6sZnqe2SoxjIkz8k6KIaz+
cqN1oRdxqg0FtS3lwAiFCS+ULyOR5z3tStCnzBSB5bCF7sZ2HcJ7mnNn4ZBx3WAG
ErkcSI8mF9LwKAm6UwGa7Grml/3U7YTO3qqHO/xZ1KUdtXQ3UjknXjWs9m/l4ncU
ih42f/FkCkjoRjnz1f6rv3IlQ/mSOw13fwQxJ5L5LxhRyBd5N78n7qtXCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOFqi8QaDTdkCt9AE6JAYLSi5HiMB8GA1UdIwQY
MBaAFCGDslaiFbTW/iYX0SYrY4v6fW1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVlPeVZxSVZ0TmItSmhmUkppdGppX3A5YlVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy85MTczYTAtMjg4NC00YTc5LThiM2Ut
NjlhMjQ1MDk1YWI0LzEvNDRXcUx4Qm9OTjJRSzMwQVRva0JndEtMa2VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy85MTczYTAtMjg4NC00YTc5LThiM2UtNjlhMjQ1MDk1YWI0
LzEvSVlPeVZxSVZ0TmItSmhmUkppdGppX3A5YlVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuap8MA0G
CSqGSIb3DQEBCwUAA4IBAQBmhvbVywjzx2IGSARmwc4mvMiKbqYVFqgbdxhTCYXe
OkzAqdmbZwN03F8HZDAjd+fkJ2Ws8VaWBpD6m9bRvJBXmnDX5PKornrcH0tFsfWE
44mj4BgKQuVhcAKbmTXno8GBlIweacVs5k9FEnTsgcpB9RgA4Ndj7rLml1qA+TuD
hm0Rr/3Wp6ObsTq0Nnbb+sdaMw/pMv6yJ3FhumMHM6WMiMJlfha/v2n7DWhkIV4o
lIhytP9XJmY4fbwu2qKQYrEDRB71pnNpPb6BlSy+A5Ibz69a4JWqp2paOcP084N5
vI51c8mpb1aiHnGYY+GMRsr5KWREEV1r3ASVIh1rkNBP
-----END CERTIFICATE-----