Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/3b2bb3-fdb6-46af-b3d2-be11c14db6e0/1/DH5lWnRu4VKIIyGckr7F-ImJh8g.roa
File:                     DH5lWnRu4VKIIyGckr7F-ImJh8g.roa (raw, json)
Hash identifier:          h8GN1vDvRKFfkC5MTFTkZWf2BqZtBn12n/5FdI8mvIA=
Subject key identifier:   0C:7E:65:5A:74:6E:E1:52:88:23:21:9C:92:BE:C5:F8:89:89:87:C8
Certificate issuer:       /CN=bb105fa32b2b175f18dd5908dd271915bbf4e38e
Certificate serial:       019836CFCE7995E5C569F29A604E189DC268
Authority key identifier: BB:10:5F:A3:2B:2B:17:5F:18:DD:59:08:DD:27:19:15:BB:F4:E3:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uxBfoysrF18Y3VkI3ScZFbv0444.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/3b2bb3-fdb6-46af-b3d2-be11c14db6e0/1/DH5lWnRu4VKIIyGckr7F-ImJh8g.roa
Signing time:             Wed 23 Jul 2025 10:24:05 +0000
ROA not before:           Wed 23 Jul 2025 10:24:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202594
IP address blocks:        185.156.0.0/22 maxlen: 22
                          185.156.0.0/23 maxlen: 23
                          185.156.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/3b2bb3-fdb6-46af-b3d2-be11c14db6e0/1/uxBfoysrF18Y3VkI3ScZFbv0444.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/3b2bb3-fdb6-46af-b3d2-be11c14db6e0/1/uxBfoysrF18Y3VkI3ScZFbv0444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uxBfoysrF18Y3VkI3ScZFbv0444.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:cf:ce:79:95:e5:c5:69:f2:9a:60:4e:18:9d:c2:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb105fa32b2b175f18dd5908dd271915bbf4e38e
        Validity
            Not Before: Jul 23 10:24:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c7e655a746ee1528823219c92bec5f8898987c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9b:8c:19:f0:3b:3b:6c:ce:9d:80:7f:7f:d4:
                    af:d5:36:f9:8f:a8:ed:06:6f:9d:95:67:60:c5:46:
                    00:2d:e0:b7:9e:9f:87:a0:65:8d:3f:96:a5:d7:a4:
                    b9:72:ba:11:a6:cb:bd:90:df:92:97:54:8e:77:73:
                    3a:df:55:8c:5c:d9:8e:08:08:ce:23:77:52:1c:13:
                    08:1c:90:99:cf:c0:3d:d6:2e:ef:70:7d:14:9d:3c:
                    9a:18:88:31:a9:f0:06:9e:df:30:58:22:45:e9:ca:
                    07:3f:e5:b2:52:df:3b:f7:ca:1e:ca:15:9d:e9:00:
                    61:d9:1f:da:e0:34:ab:e9:ef:c1:96:77:68:03:08:
                    53:08:3f:66:be:c7:76:86:e2:c0:3f:09:a9:34:2c:
                    f6:07:14:c7:9c:89:6a:53:9f:3f:56:09:ca:51:0b:
                    0f:c1:86:61:30:1c:fe:a7:15:d2:5a:21:62:cd:33:
                    44:cf:7b:72:ab:a0:81:ba:b8:7c:63:78:89:d3:84:
                    bc:eb:24:30:8b:68:c7:a6:af:37:2d:fd:64:3c:9c:
                    a7:4c:24:a9:d6:ec:0a:67:54:ea:52:95:35:8e:93:
                    79:a1:b3:6d:c7:82:c6:40:e6:1e:2b:00:1f:3a:a3:
                    a2:21:c0:8b:8c:e7:53:b9:33:80:90:dd:ec:6d:0d:
                    f5:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:7E:65:5A:74:6E:E1:52:88:23:21:9C:92:BE:C5:F8:89:89:87:C8
            X509v3 Authority Key Identifier:
                keyid:BB:10:5F:A3:2B:2B:17:5F:18:DD:59:08:DD:27:19:15:BB:F4:E3:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uxBfoysrF18Y3VkI3ScZFbv0444.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3b2bb3-fdb6-46af-b3d2-be11c14db6e0/1/DH5lWnRu4VKIIyGckr7F-ImJh8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/3b2bb3-fdb6-46af-b3d2-be11c14db6e0/1/uxBfoysrF18Y3VkI3ScZFbv0444.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:70:ce:ef:0d:2a:46:9c:a0:57:cf:ab:05:1d:17:66:d0:aa:
         ec:6a:92:cc:96:3f:8e:f5:34:6d:a5:44:fe:97:9b:1f:c8:6a:
         1f:b5:6d:c2:20:02:eb:a4:56:3e:de:54:78:ee:3f:48:f7:99:
         17:3c:13:4f:0e:00:1e:56:e8:4d:0d:a5:7a:a1:7c:41:79:fb:
         57:d5:c3:eb:d4:29:0b:18:2b:75:d4:89:24:c2:41:c0:13:80:
         c3:dd:1b:5d:4c:aa:45:ea:48:ff:06:c1:07:77:53:d5:da:65:
         74:c3:6b:1f:ae:02:18:ee:49:ab:30:59:c4:23:f1:02:42:39:
         64:d3:b4:a7:7f:13:5d:30:90:87:27:ce:5c:71:ca:f2:17:0b:
         e7:11:4d:ff:46:1f:a9:48:de:a9:e3:75:f2:af:67:05:69:96:
         05:53:a8:d1:66:37:20:e8:42:1d:a4:37:c0:65:b7:ab:92:54:
         9e:75:7a:9e:ac:d3:38:52:1d:81:cb:84:97:89:46:e1:40:f0:
         3a:aa:12:27:5c:7d:79:a2:94:16:03:47:a0:31:8b:1e:4c:30:
         ce:00:d8:c4:f5:e4:d4:99:4f:6a:e5:f1:78:92:b5:ac:53:fb:
         69:11:e6:58:b4:12:75:cb:78:c5:ce:83:58:b2:b8:4a:d8:3f:
         ab:ae:ce:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg2z855leXFafKaYE4YncJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMTA1ZmEzMmIyYjE3NWYxOGRkNTkwOGRkMjcxOTE1YmJm
NGUzOGUwHhcNMjUwNzIzMTAyNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzdlNjU1YTc0NmVlMTUyODgyMzIxOWM5MmJlYzVmODg5ODk4N2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5uMGfA7O2zOnYB/f9Sv1Tb5j6jt
Bm+dlWdgxUYALeC3np+HoGWNP5al16S5croRpsu9kN+Sl1SOd3M631WMXNmOCAjO
I3dSHBMIHJCZz8A91i7vcH0UnTyaGIgxqfAGnt8wWCJF6coHP+WyUt8798oeyhWd
6QBh2R/a4DSr6e/BlndoAwhTCD9mvsd2huLAPwmpNCz2BxTHnIlqU58/VgnKUQsP
wYZhMBz+pxXSWiFizTNEz3tyq6CBurh8Y3iJ04S86yQwi2jHpq83Lf1kPJynTCSp
1uwKZ1TqUpU1jpN5obNtx4LGQOYeKwAfOqOiIcCLjOdTuTOAkN3sbQ317QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAx+ZVp0buFSiCMhnJK+xfiJiYfIMB8GA1UdIwQY
MBaAFLsQX6MrKxdfGN1ZCN0nGRW79OOOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXhCZm95c3JGMThZM1ZrSTNTY1pGYnYwNDQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8zYjJiYjMtZmRiNi00NmFmLWIzZDIt
YmUxMWMxNGRiNmUwLzEvREg1bFduUnU0VktJSXlHY2tyN0YtSW1KaDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8zYjJiYjMtZmRiNi00NmFmLWIzZDItYmUxMWMxNGRiNmUw
LzEvdXhCZm95c3JGMThZM1ZrSTNTY1pGYnYwNDQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZwAMA0G
CSqGSIb3DQEBCwUAA4IBAQAIcM7vDSpGnKBXz6sFHRdm0KrsapLMlj+O9TRtpUT+
l5sfyGoftW3CIALrpFY+3lR47j9I95kXPBNPDgAeVuhNDaV6oXxBeftX1cPr1CkL
GCt11IkkwkHAE4DD3RtdTKpF6kj/BsEHd1PV2mV0w2sfrgIY7kmrMFnEI/ECQjlk
07SnfxNdMJCHJ85cccryFwvnEU3/Rh+pSN6p43Xyr2cFaZYFU6jRZjcg6EIdpDfA
ZberklSedXqerNM4Uh2By4SXiUbhQPA6qhInXH15opQWA0egMYseTDDOANjE9eTU
mU9q5fF4krWsU/tpEeZYtBJ1y3jFzoNYsrhK2D+rrs4+
-----END CERTIFICATE-----