Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/7hx0QzYWWVCkPEVV5lq2QHWbjp0.roa
File:                     7hx0QzYWWVCkPEVV5lq2QHWbjp0.roa (raw, json)
Hash identifier:          xjJKLS7l5C81JFvMndo8CalFmxjoCaAwKYnK1wZFZtI=
Subject key identifier:   EE:1C:74:43:36:16:59:50:A4:3C:45:55:E6:5A:B6:40:75:9B:8E:9D
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0198D0BFC0D2FDDAB2C0C56E63CF1BDC349A
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/7hx0QzYWWVCkPEVV5lq2QHWbjp0.roa
Signing time:             Fri 22 Aug 2025 07:48:04 +0000
ROA not before:           Fri 22 Aug 2025 07:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        81.18.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d0:bf:c0:d2:fd:da:b2:c0:c5:6e:63:cf:1b:dc:34:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Aug 22 07:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee1c744336165950a43c4555e65ab640759b8e9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2a:7d:04:75:72:11:a6:83:62:9d:93:44:68:
                    f5:0f:7d:cd:8e:0d:e9:1d:5e:d8:dd:c5:ad:2a:2e:
                    44:2a:18:19:16:28:a0:ca:78:1a:c3:2b:c4:4f:ca:
                    84:f4:98:f9:75:68:8c:80:75:6e:93:42:cf:f4:b0:
                    71:5d:1f:a6:75:f5:00:9c:73:5d:eb:8d:63:a8:9a:
                    e0:f7:5e:c5:25:bd:5b:ab:23:a8:7c:27:f2:81:3c:
                    0d:65:8d:c2:ca:45:3d:ae:dd:7d:54:64:3a:a1:1d:
                    10:75:7e:39:18:0a:56:88:db:1d:20:f3:b4:56:44:
                    8d:c0:b4:a9:d5:1c:3b:fc:28:21:b4:3e:2d:72:97:
                    be:de:f6:9b:36:98:aa:fe:e3:bb:0e:7e:e5:2e:6a:
                    76:32:1f:d3:e4:51:78:fe:b1:f7:0d:c3:df:6c:6f:
                    54:f8:e8:8e:3a:0e:ab:8e:1e:e4:4d:43:4b:f2:e7:
                    f7:74:2b:42:29:78:5b:d0:16:72:eb:45:45:50:aa:
                    32:f0:f3:61:72:1d:dc:9d:ac:2c:dd:cc:84:e7:71:
                    8c:4d:c2:7a:74:30:bd:5c:df:3e:f6:c9:16:d5:5a:
                    df:38:b2:52:20:b7:bb:6f:3c:96:37:8a:03:d5:01:
                    48:34:d6:65:e5:3b:3f:0e:3d:22:ae:9a:a4:c2:4e:
                    4e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:1C:74:43:36:16:59:50:A4:3C:45:55:E6:5A:B6:40:75:9B:8E:9D
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/7hx0QzYWWVCkPEVV5lq2QHWbjp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:b4:c4:f2:a0:22:7e:fe:41:c5:cd:45:9a:71:69:6c:95:7d:
         37:31:93:b9:bb:df:da:46:9d:be:23:6e:4c:8a:3a:35:20:fe:
         45:93:c6:61:e6:f2:69:8a:39:80:ac:09:f7:e4:9e:5a:ba:4f:
         3a:9a:a1:ce:36:1e:f2:13:3e:cd:49:78:1e:30:9e:18:a0:de:
         4f:e8:55:08:04:7b:f9:b4:02:33:f2:bf:7b:60:c6:89:35:df:
         9a:ae:a9:a4:55:48:7f:9c:b8:6f:5c:ca:e6:59:af:22:48:89:
         1f:0e:a5:8d:16:ce:41:1b:cc:4f:ce:3c:cc:59:f7:d2:44:d0:
         b1:c7:fc:cc:67:fe:9c:9e:f6:2f:76:38:94:b8:47:80:40:60:
         9a:0c:d3:21:53:1a:ea:25:f8:b1:cc:1f:02:33:f0:50:03:f8:
         55:cd:9d:fb:6e:2a:5e:15:28:f0:de:bd:54:b1:c2:da:88:3d:
         29:6d:2b:e2:24:bb:19:d2:60:4b:1f:5c:07:a9:b4:83:18:14:
         68:71:a7:04:8b:38:55:7c:0b:03:e4:2d:e6:ef:db:99:fc:a8:
         61:55:d1:de:4d:e9:08:15:90:4c:52:53:53:ba:7f:25:05:7f:
         9c:cc:07:21:22:be:d9:e4:18:df:f9:25:2b:48:96:c7:2c:08:
         9a:6f:49:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjQv8DS/dqywMVuY88b3DSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwODIyMDc0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTFjNzQ0MzM2MTY1OTUwYTQzYzQ1NTVlNjVhYjY0MDc1OWI4ZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSp9BHVyEaaDYp2TRGj1D33Njg3p
HV7Y3cWtKi5EKhgZFiigyngawyvET8qE9Jj5dWiMgHVuk0LP9LBxXR+mdfUAnHNd
641jqJrg917FJb1bqyOofCfygTwNZY3CykU9rt19VGQ6oR0QdX45GApWiNsdIPO0
VkSNwLSp1Rw7/CghtD4tcpe+3vabNpiq/uO7Dn7lLmp2Mh/T5FF4/rH3DcPfbG9U
+OiOOg6rjh7kTUNL8uf3dCtCKXhb0BZy60VFUKoy8PNhch3cnaws3cyE53GMTcJ6
dDC9XN8+9skW1VrfOLJSILe7bzyWN4oD1QFINNZl5Ts/Dj0irpqkwk5O1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4cdEM2FllQpDxFVeZatkB1m46dMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvN2h4MFF6WVdXVkNrUEVWVjVscTJRSFdianAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURI6MA0G
CSqGSIb3DQEBCwUAA4IBAQBwtMTyoCJ+/kHFzUWacWlslX03MZO5u9/aRp2+I25M
ijo1IP5Fk8Zh5vJpijmArAn35J5auk86mqHONh7yEz7NSXgeMJ4YoN5P6FUIBHv5
tAIz8r97YMaJNd+arqmkVUh/nLhvXMrmWa8iSIkfDqWNFs5BG8xPzjzMWffSRNCx
x/zMZ/6cnvYvdjiUuEeAQGCaDNMhUxrqJfixzB8CM/BQA/hVzZ37bipeFSjw3r1U
scLaiD0pbSviJLsZ0mBLH1wHqbSDGBRocacEizhVfAsD5C3m79uZ/KhhVdHeTekI
FZBMUlNTun8lBX+czAchIr7Z5Bjf+SUrSJbHLAiab0mF
-----END CERTIFICATE-----