Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/mIgyZPNQz_V8Vv1YV4Vlevkp8d4.roa
File:                     mIgyZPNQz_V8Vv1YV4Vlevkp8d4.roa (raw, json)
Hash identifier:          aX/qCseJBqwQ/FBxq2G9wm2PFYIjPFa1FTgA6vKJk5c=
Subject key identifier:   98:88:32:64:F3:50:CF:F5:7C:56:FD:58:57:85:65:7A:F9:29:F1:DE
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019956B5BFE01E46B03CC61E962170304940
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/mIgyZPNQz_V8Vv1YV4Vlevkp8d4.roa
Signing time:             Wed 17 Sep 2025 08:06:15 +0000
ROA not before:           Wed 17 Sep 2025 08:06:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142433
IP address blocks:        178.219.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:56:b5:bf:e0:1e:46:b0:3c:c6:1e:96:21:70:30:49:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Sep 17 08:06:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98883264f350cff57c56fd585785657af929f1de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:05:3c:a1:c1:b4:77:80:61:0a:19:20:40:e4:
                    4a:14:1a:10:ec:fc:27:06:67:ef:04:22:66:77:9e:
                    9f:4a:7e:41:35:ad:5f:d6:d6:4a:9e:07:b4:32:85:
                    11:62:e2:d1:82:17:63:60:0f:2d:f9:e7:34:8c:08:
                    fa:20:8c:f8:a2:f2:03:c3:36:fc:d6:0d:23:63:b2:
                    6e:70:d3:1a:cc:c6:6f:f9:4e:e5:67:ba:c4:71:1c:
                    8c:53:94:44:fe:00:4b:b2:3a:45:a9:8a:a5:89:27:
                    75:d7:f8:43:3b:c8:73:39:c6:dd:d3:d8:11:5c:68:
                    dd:a7:7c:fc:64:72:74:55:1f:fe:32:b3:f6:19:5f:
                    f3:ab:3a:81:30:01:39:5d:dd:78:71:d1:5b:62:e1:
                    0a:db:07:b3:01:f9:c6:e5:0f:35:0b:12:44:6c:7d:
                    3a:a1:2f:33:79:7d:bc:0b:8a:c3:ca:92:fe:1d:04:
                    62:1e:3f:28:15:2c:68:a5:73:e3:fa:a4:1b:f0:23:
                    48:2c:70:dc:73:73:13:78:64:9a:55:d2:87:3b:18:
                    1b:82:46:34:e6:2b:ff:13:88:c1:f6:50:fc:86:9e:
                    fc:0f:1a:25:de:54:54:e6:9d:97:cb:d2:df:63:b8:
                    a7:c3:4b:9f:ad:d5:b4:3d:49:f8:fa:da:65:9a:30:
                    92:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:88:32:64:F3:50:CF:F5:7C:56:FD:58:57:85:65:7A:F9:29:F1:DE
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/mIgyZPNQz_V8Vv1YV4Vlevkp8d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:35:82:c6:6a:d7:a6:d5:08:bd:22:32:07:b9:82:78:3c:12:
         3d:b6:73:18:9c:49:a0:80:6d:8c:53:47:48:56:55:29:31:1f:
         8f:23:8e:c9:5f:4c:5f:e3:7b:ac:30:30:32:bf:f0:8f:a0:84:
         c5:30:13:6e:e8:48:68:c0:63:dc:b5:8a:e2:87:31:a1:74:36:
         97:26:58:cc:a4:68:f5:f7:27:e3:00:3e:be:29:dc:5b:80:36:
         b8:56:a5:55:e2:ec:b1:d0:1b:a3:f7:d9:a7:0c:1e:bd:cf:ae:
         b8:57:ac:1b:cc:66:38:de:46:a7:5c:6f:34:11:66:43:dd:6e:
         6c:5a:05:cb:2f:60:20:af:11:93:aa:0a:2c:8a:74:8c:1a:85:
         3e:a9:ee:7c:8f:a6:ad:59:0d:85:da:c5:30:b2:e6:c5:e9:7e:
         14:02:19:04:da:57:b6:1f:aa:e3:a0:67:1d:dc:ca:58:ef:de:
         74:14:cd:f7:66:73:cf:2c:f4:ca:87:5a:48:35:83:11:a8:37:
         fc:24:f9:f1:73:4e:33:5f:49:4e:3d:3a:4f:0d:2f:df:07:d3:
         5b:5d:b6:92:2f:f6:c1:fb:6c:e2:32:b5:fd:b6:0c:c9:ec:90:
         de:d3:be:ff:d6:0c:23:b5:88:70:27:2e:98:13:e9:ed:aa:b3:
         29:a7:ec:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlWtb/gHkawPMYeliFwMElAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwOTE3MDgwNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODg4MzI2NGYzNTBjZmY1N2M1NmZkNTg1Nzg1NjU3YWY5MjlmMWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAU8ocG0d4BhChkgQORKFBoQ7Pwn
BmfvBCJmd56fSn5BNa1f1tZKnge0MoURYuLRghdjYA8t+ec0jAj6IIz4ovIDwzb8
1g0jY7JucNMazMZv+U7lZ7rEcRyMU5RE/gBLsjpFqYqliSd11/hDO8hzOcbd09gR
XGjdp3z8ZHJ0VR/+MrP2GV/zqzqBMAE5Xd14cdFbYuEK2wezAfnG5Q81CxJEbH06
oS8zeX28C4rDypL+HQRiHj8oFSxopXPj+qQb8CNILHDcc3MTeGSaVdKHOxgbgkY0
5iv/E4jB9lD8hp78Dxol3lRU5p2Xy9LfY7inw0ufrdW0PUn4+tplmjCS/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiIMmTzUM/1fFb9WFeFZXr5KfHeMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvbUlneVpQTlF6X1Y4VnYxWVY0VmxldmtwOGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstsFMA0G
CSqGSIb3DQEBCwUAA4IBAQCCNYLGatem1Qi9IjIHuYJ4PBI9tnMYnEmggG2MU0dI
VlUpMR+PI47JX0xf43usMDAyv/CPoITFMBNu6EhowGPctYrihzGhdDaXJljMpGj1
9yfjAD6+KdxbgDa4VqVV4uyx0Buj99mnDB69z664V6wbzGY43kanXG80EWZD3W5s
WgXLL2AgrxGTqgosinSMGoU+qe58j6atWQ2F2sUwsubF6X4UAhkE2le2H6rjoGcd
3MpY7950FM33ZnPPLPTKh1pINYMRqDf8JPnxc04zX0lOPTpPDS/fB9NbXbaSL/bB
+2ziMrX9tgzJ7JDe077/1gwjtYhwJy6YE+ntqrMpp+xX
-----END CERTIFICATE-----