Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/H2vFxn04c_UElBs7HiPTVRvXT9g.roa
File:                     H2vFxn04c_UElBs7HiPTVRvXT9g.roa (raw, json)
Hash identifier:          muCBnxins6P5wLUKuHQztma0de4wIlDkYgQ/aFtysgk=
Subject key identifier:   1F:6B:C5:C6:7D:38:73:F5:04:94:1B:3B:1E:23:D3:55:1B:D7:4F:D8
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       0197A7CE3C6390C8577428BBA23DEF61668F
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/H2vFxn04c_UElBs7HiPTVRvXT9g.roa
Signing time:             Wed 25 Jun 2025 15:56:40 +0000
ROA not before:           Wed 25 Jun 2025 15:56:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        89.249.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a7:ce:3c:63:90:c8:57:74:28:bb:a2:3d:ef:61:66:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jun 25 15:56:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f6bc5c67d3873f504941b3b1e23d3551bd74fd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7b:d3:42:8a:73:6c:de:f2:b9:27:2f:ad:ac:
                    6c:ae:53:d1:c5:54:40:a0:d9:24:1d:3f:9a:b7:0d:
                    61:d8:57:a2:12:cc:8e:cc:3d:f5:83:6a:73:d0:d1:
                    ba:d3:94:77:3c:dc:66:61:a2:60:bb:bb:46:f8:29:
                    05:fb:39:9e:1b:c8:55:3d:5f:82:f8:a5:91:2d:3e:
                    f5:b5:83:19:39:24:8f:ca:be:e9:1d:7b:5a:46:27:
                    99:cc:2f:7d:6b:c2:ae:92:00:55:f7:1d:f1:a3:ad:
                    6a:2d:f9:a6:2f:4d:3d:7a:a9:73:23:db:fb:0a:99:
                    65:5f:22:13:85:09:6e:ab:43:3b:af:9c:99:8b:4a:
                    55:2b:84:17:c5:84:b6:16:87:19:69:f1:5c:1b:8b:
                    a8:aa:46:0f:34:11:cb:d9:5d:d3:71:0a:24:28:fe:
                    94:9b:90:cc:b2:53:07:b5:ea:05:8a:dc:07:cd:a2:
                    28:f6:9c:88:55:92:77:9d:56:37:f9:c0:13:16:03:
                    ba:4e:09:27:59:e8:1d:f2:90:4a:c5:1c:5b:39:ae:
                    a0:12:a0:28:68:7c:d5:49:e2:c6:7f:a3:78:97:1e:
                    36:74:e0:51:8c:ec:a6:ed:0b:65:a7:6b:02:78:41:
                    c6:11:58:37:72:8d:c2:d0:b7:df:d2:dd:26:fa:b3:
                    72:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:6B:C5:C6:7D:38:73:F5:04:94:1B:3B:1E:23:D3:55:1B:D7:4F:D8
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/H2vFxn04c_UElBs7HiPTVRvXT9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:dc:b7:ca:4a:76:32:c7:04:39:82:61:6d:c8:55:40:57:97:
         a6:02:b7:d9:c7:8e:6c:4f:9c:68:4d:d3:81:3f:ed:6e:2c:6a:
         65:49:ae:3b:9c:78:32:b3:a6:ef:e9:44:cd:23:77:3b:ce:73:
         05:0d:8c:52:ca:9b:fb:7e:21:e4:3e:d2:f7:f2:c2:0a:59:2d:
         84:e7:ee:80:c2:59:f2:59:90:a4:b0:1d:e5:8c:46:76:57:f2:
         1f:5a:e0:cd:3c:36:13:9f:33:b5:c7:89:86:9c:f7:b3:3e:e4:
         2c:a1:9a:ca:a6:e6:3b:cc:4b:67:2f:08:bd:cd:fc:91:cc:c0:
         10:34:b4:9a:b2:3f:ae:81:06:01:78:0a:03:f3:76:25:09:44:
         b9:61:db:6f:43:3a:98:6d:71:8c:3b:1b:a1:56:52:50:60:5d:
         6b:c4:14:ea:c1:fc:f6:c0:ab:62:4a:34:d3:b8:27:98:13:82:
         99:27:1e:0c:3f:fb:0e:11:f6:b0:f5:35:92:d2:21:da:c7:9c:
         1d:f3:76:4b:ab:b4:48:9f:0b:02:0f:14:52:80:fe:63:da:8c:
         01:8f:b0:9a:7e:c1:db:e6:07:0d:76:81:af:be:6b:8a:7e:eb:
         74:b2:67:e9:9f:44:64:fd:dd:e3:91:86:6f:6d:9c:62:4b:1b:
         3c:c2:87:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZenzjxjkMhXdCi7oj3vYWaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwNjI1MTU1NjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjZiYzVjNjdkMzg3M2Y1MDQ5NDFiM2IxZTIzZDM1NTFiZDc0ZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynvTQopzbN7yuScvraxsrlPRxVRA
oNkkHT+atw1h2FeiEsyOzD31g2pz0NG605R3PNxmYaJgu7tG+CkF+zmeG8hVPV+C
+KWRLT71tYMZOSSPyr7pHXtaRieZzC99a8KukgBV9x3xo61qLfmmL009eqlzI9v7
CpllXyIThQluq0M7r5yZi0pVK4QXxYS2FocZafFcG4uoqkYPNBHL2V3TcQokKP6U
m5DMslMHteoFitwHzaIo9pyIVZJ3nVY3+cATFgO6TgknWegd8pBKxRxbOa6gEqAo
aHzVSeLGf6N4lx42dOBRjOym7Qtlp2sCeEHGEVg3co3C0Lff0t0m+rNy6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9rxcZ9OHP1BJQbOx4j01Ub10/YMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvSDJ2RnhuMDRjX1VFbEJzN0hpUFRWUnZYVDlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnPMA0G
CSqGSIb3DQEBCwUAA4IBAQDa3LfKSnYyxwQ5gmFtyFVAV5emArfZx45sT5xoTdOB
P+1uLGplSa47nHgys6bv6UTNI3c7znMFDYxSypv7fiHkPtL38sIKWS2E5+6Awlny
WZCksB3ljEZ2V/IfWuDNPDYTnzO1x4mGnPezPuQsoZrKpuY7zEtnLwi9zfyRzMAQ
NLSasj+ugQYBeAoD83YlCUS5YdtvQzqYbXGMOxuhVlJQYF1rxBTqwfz2wKtiSjTT
uCeYE4KZJx4MP/sOEfaw9TWS0iHax5wd83ZLq7RInwsCDxRSgP5j2owBj7CafsHb
5gcNdoGvvmuKfut0smfpn0Rk/d3jkYZvbZxiSxs8woew
-----END CERTIFICATE-----