Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/jSJQSQmK6OCmMpfkIvfuFMwXqBw.roa
File:                     jSJQSQmK6OCmMpfkIvfuFMwXqBw.roa (raw, json)
Hash identifier:          gHpAU9/XCfY4BU4/j9JcKIH3Em7CoHTJDpBe7CHrKoo=
Subject key identifier:   8D:22:50:49:09:8A:E8:E0:A6:32:97:E4:22:F7:EE:14:CC:17:A8:1C
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01999F3A9EE531A70516A67FD4930936E17D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/jSJQSQmK6OCmMpfkIvfuFMwXqBw.roa
Signing time:             Wed 01 Oct 2025 10:04:03 +0000
ROA not before:           Wed 01 Oct 2025 10:04:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214669
IP address blocks:        188.255.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9f:3a:9e:e5:31:a7:05:16:a6:7f:d4:93:09:36:e1:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct  1 10:04:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d225049098ae8e0a63297e422f7ee14cc17a81c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2a:e0:97:9c:70:c9:66:09:1a:06:c6:5a:65:
                    49:5a:df:98:a8:6b:63:c2:55:4b:86:a6:dc:b9:ad:
                    71:b4:f5:b5:89:52:93:28:3c:be:b4:f5:ea:81:06:
                    5d:94:fe:82:b1:9e:30:a6:f9:67:2e:b5:71:d9:85:
                    6b:84:e0:6c:9e:bf:bc:16:c2:91:e4:34:83:1f:a0:
                    ce:f1:10:9a:4f:c4:f1:af:62:54:aa:8c:b4:af:b6:
                    8e:23:2a:4c:95:05:cc:2e:21:a5:0b:b7:1d:6b:76:
                    3a:d7:bc:bc:93:dd:15:5d:e1:de:f6:f1:12:a6:b1:
                    dd:4b:8c:8e:77:9c:d8:f5:4a:7d:3f:d1:6d:a8:c5:
                    46:8b:e2:9c:ff:f8:d9:16:31:95:ca:3b:3b:e8:06:
                    d1:f7:64:61:8f:4d:d8:5d:ff:49:69:93:3f:bf:9a:
                    09:87:66:aa:23:d0:28:b3:89:ee:bf:6a:25:da:6a:
                    25:2f:cf:a1:42:d8:40:0b:96:6b:7c:3f:33:b6:f0:
                    20:7d:ff:25:d2:ca:8b:6f:b0:9c:1e:4e:fc:8d:9b:
                    ab:f1:a3:5e:35:8b:86:1e:12:0e:1f:38:b8:60:64:
                    24:bc:4e:b3:e7:20:ea:c6:77:dd:0c:29:c2:85:17:
                    58:76:68:9f:4d:1b:89:34:f8:5f:f9:f2:fe:68:85:
                    93:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:22:50:49:09:8A:E8:E0:A6:32:97:E4:22:F7:EE:14:CC:17:A8:1C
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/jSJQSQmK6OCmMpfkIvfuFMwXqBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a7:42:83:b6:40:02:06:95:68:cf:3f:8d:32:fe:9a:d4:59:
         aa:b7:7f:7d:b7:eb:06:c3:4e:f0:78:d6:e4:2b:02:cd:40:c1:
         4d:2c:65:14:62:d4:54:44:91:25:1f:e4:7c:f2:ce:da:b4:ff:
         13:3f:ce:f8:2b:b9:37:2a:11:2a:67:26:01:82:4b:f0:5f:bc:
         4f:d2:26:37:80:94:fc:26:a0:40:b6:32:89:ef:b5:f4:7b:26:
         66:f1:12:c1:0f:68:c5:aa:82:5a:62:99:3e:e3:d0:e1:fd:d5:
         0c:12:ce:46:4f:64:7e:e4:a9:d3:48:11:49:e2:e5:66:fc:1e:
         c4:57:51:60:f8:be:d2:32:33:c0:4b:af:0e:97:5a:7a:16:f6:
         a1:38:48:96:6f:9c:94:39:30:59:ba:89:a3:3d:33:9c:a5:9c:
         35:cd:a4:dd:a3:b5:29:2d:28:b2:bd:d5:9f:92:23:f2:47:a4:
         49:d0:98:e3:b8:db:87:80:77:67:ab:69:fd:9a:70:25:70:b1:
         3c:52:38:c2:e6:45:ef:42:31:73:38:cf:f7:d6:d5:ba:76:fb:
         05:da:37:df:a0:9a:5d:1d:10:11:40:3e:c5:aa:35:35:da:fd:
         27:a5:95:48:2b:53:f6:12:69:65:81:ef:61:06:a5:b3:39:4e:
         f6:b3:3a:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmfOp7lMacFFqZ/1JMJNuF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDAxMTAwNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDIyNTA0OTA5OGFlOGUwYTYzMjk3ZTQyMmY3ZWUxNGNjMTdhODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyrgl5xwyWYJGgbGWmVJWt+YqGtj
wlVLhqbcua1xtPW1iVKTKDy+tPXqgQZdlP6CsZ4wpvlnLrVx2YVrhOBsnr+8FsKR
5DSDH6DO8RCaT8Txr2JUqoy0r7aOIypMlQXMLiGlC7cda3Y617y8k90VXeHe9vES
prHdS4yOd5zY9Up9P9FtqMVGi+Kc//jZFjGVyjs76AbR92Rhj03YXf9JaZM/v5oJ
h2aqI9Aos4nuv2ol2molL8+hQthAC5ZrfD8ztvAgff8l0sqLb7CcHk78jZur8aNe
NYuGHhIOHzi4YGQkvE6z5yDqxnfdDCnChRdYdmifTRuJNPhf+fL+aIWTiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0iUEkJiujgpjKX5CL37hTMF6gcMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvalNKUVNRbUs2T0NtTXBma0l2ZnVGTXdYcUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+MMA0G
CSqGSIb3DQEBCwUAA4IBAQBOp0KDtkACBpVozz+NMv6a1Fmqt399t+sGw07weNbk
KwLNQMFNLGUUYtRURJElH+R88s7atP8TP874K7k3KhEqZyYBgkvwX7xP0iY3gJT8
JqBAtjKJ77X0eyZm8RLBD2jFqoJaYpk+49Dh/dUMEs5GT2R+5KnTSBFJ4uVm/B7E
V1Fg+L7SMjPAS68Ol1p6FvahOEiWb5yUOTBZuomjPTOcpZw1zaTdo7UpLSiyvdWf
kiPyR6RJ0JjjuNuHgHdnq2n9mnAlcLE8UjjC5kXvQjFzOM/31tW6dvsF2jffoJpd
HRARQD7FqjU12v0npZVIK1P2Emllge9hBqWzOU72szpK
-----END CERTIFICATE-----