Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/tVNklZT96j0o2vM1vFyzeOT8bDo.roa
File:                     tVNklZT96j0o2vM1vFyzeOT8bDo.roa (raw, json)
Hash identifier:          X8HwNTOIYXkyadyS3xbX6x0xWEuSl2cwCWxlE5a5tY0=
Subject key identifier:   B5:53:64:95:94:FD:EA:3D:28:DA:F3:35:BC:5C:B3:78:E4:FC:6C:3A
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0199C7B42E63E3AB40AC9C467D46ADF2EDFE
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/tVNklZT96j0o2vM1vFyzeOT8bDo.roa
Signing time:             Thu 09 Oct 2025 06:41:38 +0000
ROA not before:           Thu 09 Oct 2025 06:41:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400909
IP address blocks:        185.199.148.0/23 maxlen: 23
                          185.199.212.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 03:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:b4:2e:63:e3:ab:40:ac:9c:46:7d:46:ad:f2:ed:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Oct  9 06:41:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b553649594fdea3d28daf335bc5cb378e4fc6c3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:16:6b:fb:7f:93:d9:d6:e4:0f:a3:d2:c0:90:
                    0f:87:68:0a:0e:f2:20:b9:ca:d3:31:58:85:ff:99:
                    70:78:81:ac:94:02:9f:84:09:21:42:0b:38:e0:b1:
                    7b:04:f3:92:85:73:71:e3:50:0c:eb:e7:87:26:7c:
                    35:d5:68:94:26:6b:79:2b:10:35:d9:d4:02:b5:05:
                    04:38:57:44:d1:45:8f:d2:8a:3c:69:c0:c9:9c:26:
                    cd:e4:02:5a:9c:4f:87:77:96:ba:20:72:87:7c:cd:
                    18:ea:f1:e7:22:79:03:30:2a:f5:81:e7:67:2c:30:
                    3d:a3:7f:8c:1a:e6:a4:9f:b5:8e:57:2e:db:9a:d3:
                    00:3e:3b:57:32:35:58:08:e0:d6:1d:f8:ef:10:b1:
                    93:f4:c8:e1:61:3e:65:e4:c1:87:a3:57:dc:e2:f3:
                    21:73:1d:8f:4c:cb:8f:42:3d:51:b3:a4:e8:51:02:
                    13:db:04:98:41:d0:49:1d:f9:b0:df:aa:cd:76:16:
                    fa:89:fd:b7:9f:18:c6:6b:48:5e:08:17:bf:33:63:
                    30:ad:d7:a6:9c:f7:c1:76:8b:ee:63:47:90:e1:4e:
                    6f:a1:c5:bd:5d:53:74:a7:ea:ea:15:59:5c:b8:e8:
                    b6:6a:75:8f:c3:3c:0e:20:3b:53:42:fb:4b:39:20:
                    75:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:53:64:95:94:FD:EA:3D:28:DA:F3:35:BC:5C:B3:78:E4:FC:6C:3A
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/tVNklZT96j0o2vM1vFyzeOT8bDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.148.0/23
                  185.199.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:9c:92:9d:ef:d8:b5:16:79:1d:55:05:55:44:1e:72:d1:1f:
         a3:23:86:e3:1a:31:d9:cc:af:c3:bf:63:e5:18:b4:52:1b:59:
         2e:f0:de:f0:ae:9f:e8:df:0a:ff:49:86:ef:f1:d9:d9:f4:a1:
         ca:89:85:a4:27:ea:60:7d:d1:e7:87:ad:7a:50:72:84:54:a7:
         ae:bf:31:14:51:22:8e:b6:2e:c6:87:e5:a2:45:5e:63:5d:57:
         5e:b7:00:5c:38:d9:ac:12:77:28:1c:b8:c7:30:80:79:11:dd:
         a2:91:67:33:29:0d:ef:a3:ba:02:f8:48:45:52:35:86:ab:32:
         76:cb:36:09:4a:32:0a:d0:bf:cd:89:2f:00:59:3a:28:e3:50:
         3c:15:4d:fb:ac:56:85:e4:af:c1:04:2b:e2:1b:70:21:ad:5a:
         bb:2b:d5:27:92:99:1f:61:12:ab:e9:4b:e1:f8:fe:b7:fe:1b:
         cb:77:f6:bd:0b:64:3a:37:40:86:0f:dc:6f:c4:a4:43:24:c6:
         3f:fc:ef:8f:e3:41:60:04:b8:88:38:70:76:7e:07:ec:7c:5d:
         14:51:61:b8:5b:01:ed:bc:e8:07:49:d8:f5:3d:64:7c:f2:2b:
         fd:b4:94:cc:95:10:1f:31:0a:ef:f1:d5:81:ec:0b:c0:5d:71:
         67:79:67:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnHtC5j46tArJxGfUat8u3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUxMDA5MDY0MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTUzNjQ5NTk0ZmRlYTNkMjhkYWYzMzViYzVjYjM3OGU0ZmM2YzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhZr+3+T2dbkD6PSwJAPh2gKDvIg
ucrTMViF/5lweIGslAKfhAkhQgs44LF7BPOShXNx41AM6+eHJnw11WiUJmt5KxA1
2dQCtQUEOFdE0UWP0oo8acDJnCbN5AJanE+Hd5a6IHKHfM0Y6vHnInkDMCr1gedn
LDA9o3+MGuakn7WOVy7bmtMAPjtXMjVYCODWHfjvELGT9MjhYT5l5MGHo1fc4vMh
cx2PTMuPQj1Rs6ToUQIT2wSYQdBJHfmw36rNdhb6if23nxjGa0heCBe/M2Mwrdem
nPfBdovuY0eQ4U5vocW9XVN0p+rqFVlcuOi2anWPwzwOIDtTQvtLOSB1QwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLVTZJWU/eo9KNrzNbxcs3jk/Gw6MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvdFZOa2xaVDk2ajBvMnZNMXZGeXplT1Q4YkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuceUAwQB
ucfUMA0GCSqGSIb3DQEBCwUAA4IBAQAHnJKd79i1FnkdVQVVRB5y0R+jI4bjGjHZ
zK/Dv2PlGLRSG1ku8N7wrp/o3wr/SYbv8dnZ9KHKiYWkJ+pgfdHnh616UHKEVKeu
vzEUUSKOti7Gh+WiRV5jXVdetwBcONmsEncoHLjHMIB5Ed2ikWczKQ3vo7oC+EhF
UjWGqzJ2yzYJSjIK0L/NiS8AWToo41A8FU37rFaF5K/BBCviG3AhrVq7K9Unkpkf
YRKr6Uvh+P63/hvLd/a9C2Q6N0CGD9xvxKRDJMY//O+P40FgBLiIOHB2fgfsfF0U
UWG4WwHtvOgHSdj1PWR88iv9tJTMlRAfMQrv8dWB7AvAXXFneWdl
-----END CERTIFICATE-----