Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/M_4DwyYme9xEKhuy7Mfyotwnnp4.roa
File:                     M_4DwyYme9xEKhuy7Mfyotwnnp4.roa (raw, json)
Hash identifier:          /JsrWE7KhZiCHgUmqbe7O3ODc9jPIeNhzYO84AjrYLg=
Subject key identifier:   33:FE:03:C3:26:26:7B:DC:44:2A:1B:B2:EC:C7:F2:A2:DC:27:9E:9E
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0198AD830FFB3109E656E32E73CACE7C27D3
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/M_4DwyYme9xEKhuy7Mfyotwnnp4.roa
Signing time:             Fri 15 Aug 2025 11:35:04 +0000
ROA not before:           Fri 15 Aug 2025 11:35:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        178.253.226.0/24 maxlen: 24
                          188.255.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:83:0f:fb:31:09:e6:56:e3:2e:73:ca:ce:7c:27:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Aug 15 11:35:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33fe03c326267bdc442a1bb2ecc7f2a2dc279e9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0d:ab:33:d2:3f:77:f1:4b:d2:82:8d:63:11:
                    0b:be:6a:b2:e9:e0:e1:45:64:5c:59:87:92:17:f5:
                    f9:0d:2a:cf:75:98:fa:8f:8e:fb:b2:88:7f:91:60:
                    a6:0a:24:12:be:5b:41:02:82:9f:0a:10:3f:78:9c:
                    37:1a:61:3a:30:8a:df:ae:0f:ee:7d:bf:1e:7f:03:
                    a1:e6:c0:33:b9:20:d3:57:f8:21:82:85:5c:1f:cc:
                    dd:ce:b6:57:6d:8a:05:c1:b9:d4:5b:47:61:e1:06:
                    5f:cd:fa:6e:11:46:21:ac:27:12:40:db:85:a5:41:
                    d7:58:0d:30:ab:db:b4:af:d1:c1:5f:58:f7:79:97:
                    6b:47:ab:e9:27:21:89:b1:56:c8:5c:03:e5:5b:ad:
                    67:92:65:57:3b:c1:d3:ff:cf:41:ec:6d:00:7a:89:
                    65:e7:98:2b:c0:ef:be:05:8a:1c:09:4b:ce:ed:ef:
                    f0:bd:f3:cd:48:38:80:f5:bc:19:6f:ba:a9:05:e3:
                    25:42:73:2a:b9:52:c3:2a:c0:a2:49:d1:dc:f8:05:
                    10:51:d6:c4:99:02:92:4e:0f:a7:ec:c7:69:7a:78:
                    e3:e8:12:19:66:70:7c:d0:31:02:f0:91:be:81:19:
                    ed:22:be:a8:6d:7a:46:1f:7d:91:1e:43:3a:cc:60:
                    84:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:FE:03:C3:26:26:7B:DC:44:2A:1B:B2:EC:C7:F2:A2:DC:27:9E:9E
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/M_4DwyYme9xEKhuy7Mfyotwnnp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.226.0/24
                  188.255.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:4f:74:7a:b1:c2:c2:a8:0b:3b:15:33:39:e6:f1:47:8f:64:
         76:b9:62:40:86:0e:37:32:13:0b:bf:54:c4:0f:a8:fe:b4:80:
         39:03:aa:7e:50:fc:7c:ef:68:b8:08:55:6a:58:4e:d0:0b:99:
         bb:69:3a:97:59:3e:b6:45:5e:3e:6a:00:63:a0:6b:db:b8:f0:
         31:ad:5f:3c:3d:d8:be:0a:fb:6a:5d:05:4c:b8:28:d5:db:59:
         6a:84:1b:83:51:27:7c:2c:83:94:7b:31:b5:a7:43:3a:a7:2e:
         7d:33:ae:12:e5:16:66:68:5d:d1:85:e2:07:96:78:31:d3:51:
         a2:03:78:48:2e:52:17:ae:ee:01:bb:6f:f8:80:20:0b:ca:b4:
         c1:fb:8d:63:a5:b5:0f:8b:27:83:a4:97:5a:7d:31:96:1e:79:
         f9:1b:51:12:be:93:fa:d5:26:3f:1c:3c:dd:df:a4:c2:4c:11:
         7a:0c:31:f1:b4:47:e4:79:ab:1c:c2:59:0e:d9:d2:a6:26:27:
         d0:38:63:15:89:3b:51:b4:35:e9:59:d3:06:b1:62:79:96:b7:
         00:e4:82:dd:e7:75:ca:33:c1:25:33:5d:a2:2e:62:c2:27:5f:
         7c:c0:e9:18:40:f3:19:3d:e2:10:6e:37:06:61:1c:40:9c:12:
         91:83:95:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZitgw/7MQnmVuMuc8rOfCfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwODE1MTEzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2ZlMDNjMzI2MjY3YmRjNDQyYTFiYjJlY2M3ZjJhMmRjMjc5ZTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkw2rM9I/d/FL0oKNYxELvmqy6eDh
RWRcWYeSF/X5DSrPdZj6j477soh/kWCmCiQSvltBAoKfChA/eJw3GmE6MIrfrg/u
fb8efwOh5sAzuSDTV/ghgoVcH8zdzrZXbYoFwbnUW0dh4QZfzfpuEUYhrCcSQNuF
pUHXWA0wq9u0r9HBX1j3eZdrR6vpJyGJsVbIXAPlW61nkmVXO8HT/89B7G0Aeoll
55grwO++BYocCUvO7e/wvfPNSDiA9bwZb7qpBeMlQnMquVLDKsCiSdHc+AUQUdbE
mQKSTg+n7Mdpenjj6BIZZnB80DEC8JG+gRntIr6obXpGH32RHkM6zGCEQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDP+A8MmJnvcRCobsuzH8qLcJ56eMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvTV80RHd5WW1lOXhFS2h1eTdNZnlvdHdubnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsv3iAwQA
vP/9MA0GCSqGSIb3DQEBCwUAA4IBAQAET3R6scLCqAs7FTM55vFHj2R2uWJAhg43
MhMLv1TED6j+tIA5A6p+UPx872i4CFVqWE7QC5m7aTqXWT62RV4+agBjoGvbuPAx
rV88Pdi+CvtqXQVMuCjV21lqhBuDUSd8LIOUezG1p0M6py59M64S5RZmaF3RheIH
lngx01GiA3hILlIXru4Bu2/4gCALyrTB+41jpbUPiyeDpJdafTGWHnn5G1ESvpP6
1SY/HDzd36TCTBF6DDHxtEfkeascwlkO2dKmJifQOGMViTtRtDXpWdMGsWJ5lrcA
5ILd53XKM8ElM12iLmLCJ198wOkYQPMZPeIQbjcGYRxAnBKRg5Xq
-----END CERTIFICATE-----