Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/8bYh9KTQNyhUoZK5Xa3Zu-_BqQk.roa
File:                     8bYh9KTQNyhUoZK5Xa3Zu-_BqQk.roa (raw, json)
Hash identifier:          Ckdj62IcP39fMv9cL87VgjiYlT1GoMjuC5C5dI+N2jA=
Subject key identifier:   F1:B6:21:F4:A4:D0:37:28:54:A1:92:B9:5D:AD:D9:BB:EF:C1:A9:09
Certificate issuer:       /CN=4df0970484eb26bc59fd8fa8d5bf7c3c7212d011
Certificate serial:       0198C32D53FD06BC3F9C1988771A669AB3FB
Authority key identifier: 4D:F0:97:04:84:EB:26:BC:59:FD:8F:A8:D5:BF:7C:3C:72:12:D0:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/8bYh9KTQNyhUoZK5Xa3Zu-_BqQk.roa
Signing time:             Tue 19 Aug 2025 16:33:04 +0000
ROA not before:           Tue 19 Aug 2025 16:33:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8772
IP address blocks:        185.230.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c3:2d:53:fd:06:bc:3f:9c:19:88:77:1a:66:9a:b3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4df0970484eb26bc59fd8fa8d5bf7c3c7212d011
        Validity
            Not Before: Aug 19 16:33:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1b621f4a4d0372854a192b95dadd9bbefc1a909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:83:25:2e:34:35:ac:2d:e4:e1:08:7b:27:1e:
                    c9:72:ff:28:50:ee:a0:8b:3f:02:2e:0e:59:07:5f:
                    83:5d:97:f1:8e:3d:da:ee:ce:d1:4d:c4:fd:6b:90:
                    bb:1a:7f:aa:d4:ed:a4:af:0e:d1:3f:37:23:d9:64:
                    fe:07:95:5a:9b:bb:ba:b0:c7:34:49:17:a1:d8:4a:
                    46:d5:f5:1a:15:6c:37:42:fc:f8:92:ae:c2:49:b8:
                    fb:75:82:b0:a3:a7:4f:3e:14:e8:1e:3c:25:82:59:
                    0a:e0:5f:1e:87:69:5d:e0:ec:c8:f8:d6:ef:db:c9:
                    c3:41:73:cf:7f:6a:26:86:4b:82:9e:56:12:64:f1:
                    34:f9:2e:8b:af:41:d3:28:11:41:4f:d2:76:68:9d:
                    4a:0e:ef:1a:97:30:f8:30:27:92:bc:5e:13:41:28:
                    ec:de:73:af:67:b2:1a:20:85:99:3a:41:d0:ab:4f:
                    55:ca:52:63:98:f4:72:bd:84:a7:53:12:45:cd:69:
                    6b:c9:2d:e6:bb:74:81:83:29:70:4b:1b:f2:67:2d:
                    9e:3c:dd:90:aa:ef:36:94:fb:67:01:ed:93:d9:31:
                    29:f3:a3:53:37:63:eb:88:00:38:c8:8f:e4:c6:c6:
                    b4:9b:55:c4:03:93:17:25:de:f7:e9:9f:90:97:5f:
                    74:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:B6:21:F4:A4:D0:37:28:54:A1:92:B9:5D:AD:D9:BB:EF:C1:A9:09
            X509v3 Authority Key Identifier:
                keyid:4D:F0:97:04:84:EB:26:BC:59:FD:8F:A8:D5:BF:7C:3C:72:12:D0:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/8bYh9KTQNyhUoZK5Xa3Zu-_BqQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:eb:20:95:6a:07:c2:b4:d2:df:06:91:75:a4:f8:89:79:c9:
         a2:91:d3:cc:40:3b:db:1a:b8:f0:2a:15:6d:74:17:27:7d:e7:
         ea:92:fa:d1:a2:3b:31:2d:17:c3:8d:ce:54:b7:a4:bf:86:ed:
         38:fe:1f:c6:fb:df:bf:bc:34:86:72:5b:67:7a:78:f6:8a:31:
         43:ee:eb:aa:21:fa:01:1c:86:b8:e7:89:4f:10:2c:9d:45:db:
         a2:03:36:cc:e6:d9:f3:e0:1e:a0:6b:c0:c7:68:79:19:25:00:
         b2:c5:75:4e:80:41:c2:7e:00:04:7c:45:54:79:09:08:9d:b7:
         63:fb:17:26:1f:a3:a7:96:d6:41:2f:89:c3:dc:cf:95:4c:da:
         06:fd:f8:9d:6e:f7:00:7c:de:28:07:72:95:14:2d:b7:aa:54:
         c5:0c:df:c6:f4:8d:e9:23:27:51:eb:cc:6f:80:1a:14:53:93:
         04:c2:24:db:e8:d7:17:5e:3b:f6:76:5d:f1:65:3b:5f:ab:03:
         38:5b:1c:1e:3c:cc:a0:e0:3e:7f:c6:13:31:4a:dc:a7:fb:95:
         75:86:ee:72:a1:27:dc:f7:9c:af:5f:6b:7b:83:27:a3:20:86:
         af:b8:30:a8:94:39:2e:fc:7e:82:4b:f9:78:e0:ad:12:b1:e6:
         67:2b:d1:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjDLVP9Brw/nBmIdxpmmrP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZjA5NzA0ODRlYjI2YmM1OWZkOGZhOGQ1YmY3YzNjNzIx
MmQwMTEwHhcNMjUwODE5MTYzMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWI2MjFmNGE0ZDAzNzI4NTRhMTkyYjk1ZGFkZDliYmVmYzFhOTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoMlLjQ1rC3k4Qh7Jx7Jcv8oUO6g
iz8CLg5ZB1+DXZfxjj3a7s7RTcT9a5C7Gn+q1O2krw7RPzcj2WT+B5Vam7u6sMc0
SReh2EpG1fUaFWw3Qvz4kq7CSbj7dYKwo6dPPhToHjwlglkK4F8eh2ld4OzI+Nbv
28nDQXPPf2omhkuCnlYSZPE0+S6Lr0HTKBFBT9J2aJ1KDu8alzD4MCeSvF4TQSjs
3nOvZ7IaIIWZOkHQq09VylJjmPRyvYSnUxJFzWlryS3mu3SBgylwSxvyZy2ePN2Q
qu82lPtnAe2T2TEp86NTN2PriAA4yI/kxsa0m1XEA5MXJd736Z+Ql190ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPG2IfSk0DcoVKGSuV2t2bvvwakJMB8GA1UdIwQY
MBaAFE3wlwSE6ya8Wf2PqNW/fDxyEtARMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGZDWEJJVHJKcnhaX1ktbzFiOThQSElTMEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84ZTExOTgtZTUwZi00MTZmLTlkNmIt
MWU5YmZmNWU0MDIxLzEvOGJZaDlLVFFOeWhVb1pLNVhhM1p1LV9CcVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84ZTExOTgtZTUwZi00MTZmLTlkNmItMWU5YmZmNWU0MDIx
LzEvVGZDWEJJVHJKcnhaX1ktbzFiOThQSElTMEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueYsMA0G
CSqGSIb3DQEBCwUAA4IBAQC26yCVagfCtNLfBpF1pPiJecmikdPMQDvbGrjwKhVt
dBcnfefqkvrRojsxLRfDjc5Ut6S/hu04/h/G+9+/vDSGcltnenj2ijFD7uuqIfoB
HIa454lPECydRduiAzbM5tnz4B6ga8DHaHkZJQCyxXVOgEHCfgAEfEVUeQkInbdj
+xcmH6OnltZBL4nD3M+VTNoG/fidbvcAfN4oB3KVFC23qlTFDN/G9I3pIydR68xv
gBoUU5MEwiTb6NcXXjv2dl3xZTtfqwM4WxwePMyg4D5/xhMxStyn+5V1hu5yoSfc
95yvX2t7gyejIIavuDColDku/H6CS/l44K0SseZnK9HY
-----END CERTIFICATE-----