Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/1gQwU4p4QVwfrZ8PuTKYXHvMwKI.roa
File:                     1gQwU4p4QVwfrZ8PuTKYXHvMwKI.roa (raw, json)
Hash identifier:          G/d8VCkB/mmmWYCfbKq/5rX8Q5OU0yfRNbX1DF5gUeo=
Subject key identifier:   D6:04:30:53:8A:78:41:5C:1F:AD:9F:0F:B9:32:98:5C:7B:CC:C0:A2
Certificate issuer:       /CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
Certificate serial:       0196A4C278F002BCD65BB378377F8D51C160
Authority key identifier: 1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/1gQwU4p4QVwfrZ8PuTKYXHvMwKI.roa
Signing time:             Tue 06 May 2025 08:42:10 +0000
ROA not before:           Tue 06 May 2025 08:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44125
IP address blocks:        185.149.196.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a4:c2:78:f0:02:bc:d6:5b:b3:78:37:7f:8d:51:c1:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
        Validity
            Not Before: May  6 08:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d60430538a78415c1fad9f0fb932985c7bccc0a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9b:f3:9a:02:b5:d7:eb:d3:76:96:73:88:f0:
                    16:97:a7:49:5e:6e:04:66:12:e6:a3:d2:14:0a:e7:
                    ab:87:d7:9b:8f:d1:ad:e9:9b:fe:5d:21:a8:d7:1a:
                    b6:86:dc:61:8c:a7:14:35:6d:08:a5:e1:82:fe:f8:
                    9c:49:96:98:ee:e5:87:4f:96:e3:66:40:c7:67:ef:
                    13:a6:7f:bc:34:dd:0d:50:62:43:b4:be:80:b8:70:
                    d9:38:92:6e:0d:6c:a1:8e:2a:ff:4e:fe:6b:c3:bd:
                    f2:ee:3b:aa:0d:31:57:ea:9c:1e:93:b9:3d:25:7c:
                    48:54:23:49:d2:7b:3b:d9:8b:da:9f:5b:14:22:3d:
                    e8:0b:d5:7f:00:41:66:84:85:91:f1:8c:07:a9:1c:
                    c4:52:3b:f8:93:2d:dc:20:8e:4e:0d:4b:11:5a:23:
                    ba:0e:56:f5:03:a9:89:5e:8d:3c:39:2f:87:42:2a:
                    f0:9f:ad:01:ca:50:86:50:fb:27:53:da:d6:98:f0:
                    3b:76:be:b2:f2:a3:f6:d3:80:46:5a:12:7a:92:5a:
                    61:64:44:9a:6d:a7:6f:7a:5f:d5:95:e1:13:ab:66:
                    eb:08:bd:33:b4:73:b3:f3:5c:80:a5:99:23:b6:6e:
                    22:72:b6:b2:3c:e4:89:00:b0:1e:f8:35:a9:fc:8e:
                    6f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:04:30:53:8A:78:41:5C:1F:AD:9F:0F:B9:32:98:5C:7B:CC:C0:A2
            X509v3 Authority Key Identifier:
                keyid:1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/1gQwU4p4QVwfrZ8PuTKYXHvMwKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:68:94:dd:69:bc:d9:5d:25:3a:bd:b7:b8:b0:1d:8a:1b:fd:
         aa:d9:7b:8b:2b:d8:d1:c9:de:ff:d4:1d:00:1e:ec:a5:ea:c9:
         bb:27:e9:90:03:f7:71:87:f8:e9:e2:e1:ba:13:19:71:8f:1b:
         13:a5:67:e8:a2:8e:23:ed:60:78:1b:7b:c5:d5:71:c6:76:8c:
         e8:ff:02:09:4a:e1:74:23:97:cf:2b:6f:e1:fb:fa:3d:a7:a7:
         38:a5:59:f5:58:56:33:61:67:10:b3:b3:b6:6a:d0:72:a6:83:
         ec:5a:94:28:17:88:37:73:14:11:5b:27:ee:8e:ae:0d:5e:7e:
         45:fb:d1:69:4d:11:f1:01:0d:06:f2:04:e9:0a:15:3c:90:88:
         41:63:ad:50:0d:fc:67:6d:e7:31:b4:9c:c2:98:bf:af:89:b3:
         06:82:d1:57:90:56:96:5a:ca:b9:48:38:b5:67:e6:bf:cd:9f:
         28:db:e5:fa:dc:03:e3:2d:4b:a5:40:0e:01:62:10:a5:fb:49:
         8b:f8:5a:4e:67:98:14:3c:13:b5:d7:cb:7a:b8:c5:8d:eb:cf:
         09:de:02:e1:b4:36:18:a0:83:52:c0:3b:3c:08:1d:77:db:26:
         48:16:b2:c7:3b:c6:95:47:17:50:4f:5d:d3:1d:81:4d:92:a2:
         23:35:5e:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZakwnjwArzWW7N4N3+NUcFgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTVhMDY5NjY5ZWQ1YTc2NmVlZThlYmRjMzJlMzlmYjE0
ODQxMGIwHhcNMjUwNTA2MDg0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjA0MzA1MzhhNzg0MTVjMWZhZDlmMGZiOTMyOTg1YzdiY2NjMGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJvzmgK11+vTdpZziPAWl6dJXm4E
ZhLmo9IUCuerh9ebj9Gt6Zv+XSGo1xq2htxhjKcUNW0IpeGC/vicSZaY7uWHT5bj
ZkDHZ+8Tpn+8NN0NUGJDtL6AuHDZOJJuDWyhjir/Tv5rw73y7juqDTFX6pwek7k9
JXxIVCNJ0ns72Yvan1sUIj3oC9V/AEFmhIWR8YwHqRzEUjv4ky3cII5ODUsRWiO6
Dlb1A6mJXo08OS+HQirwn60BylCGUPsnU9rWmPA7dr6y8qP204BGWhJ6klphZESa
badvel/VleETq2brCL0ztHOz81yApZkjtm4icrayPOSJALAe+DWp/I5vjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYEMFOKeEFcH62fD7kymFx7zMCiMB8GA1UdIwQY
MBaAFB6VoGlmntWnZu7o69wy45+xSEELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAt
OTMzYmZhNTkyYjFkLzEvMWdRd1U0cDRRVndmclo4UHVUS1lYSHZNd0tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAtOTMzYmZhNTkyYjFk
LzEvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZXEMA0G
CSqGSIb3DQEBCwUAA4IBAQAIaJTdabzZXSU6vbe4sB2KG/2q2XuLK9jRyd7/1B0A
Huyl6sm7J+mQA/dxh/jp4uG6ExlxjxsTpWfooo4j7WB4G3vF1XHGdozo/wIJSuF0
I5fPK2/h+/o9p6c4pVn1WFYzYWcQs7O2atBypoPsWpQoF4g3cxQRWyfujq4NXn5F
+9FpTRHxAQ0G8gTpChU8kIhBY61QDfxnbecxtJzCmL+vibMGgtFXkFaWWsq5SDi1
Z+a/zZ8o2+X63APjLUulQA4BYhCl+0mL+FpOZ5gUPBO118t6uMWN688J3gLhtDYY
oINSwDs8CB132yZIFrLHO8aVRxdQT13THYFNkqIjNV5m
-----END CERTIFICATE-----