Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/19E3jN9KFypjK-Gx4sQgyjqSqsY.roa
File:                     19E3jN9KFypjK-Gx4sQgyjqSqsY.roa (raw, json)
Hash identifier:          Vn+LOGs/PWNflKe0jQpj/lrEwqgidlKO4hNa6m9pqhw=
Subject key identifier:   D7:D1:37:8C:DF:4A:17:2A:63:2B:E1:B1:E2:C4:20:CA:3A:92:AA:C6
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       0198D829A47F70E8FC556D8546C179434DB5
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/19E3jN9KFypjK-Gx4sQgyjqSqsY.roa
Signing time:             Sat 23 Aug 2025 18:21:04 +0000
ROA not before:           Sat 23 Aug 2025 18:21:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        212.116.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 18:22:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d8:29:a4:7f:70:e8:fc:55:6d:85:46:c1:79:43:4d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Aug 23 18:21:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7d1378cdf4a172a632be1b1e2c420ca3a92aac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7f:ca:1c:74:cb:e7:b6:5b:45:10:88:7b:91:
                    c2:41:c7:a9:2d:b1:bf:c7:d9:2c:de:e7:50:d1:59:
                    4d:4b:58:ce:d4:07:f8:70:e0:32:42:12:c7:06:9b:
                    b4:4f:f1:cb:44:21:ff:1a:f1:66:12:da:79:5f:58:
                    64:20:32:a2:34:f7:63:a7:77:3b:0e:4f:56:12:af:
                    64:13:81:1d:e4:6d:47:97:5e:9a:f8:3c:d2:e0:0f:
                    11:f6:d5:35:3a:aa:b4:01:24:50:9b:2e:9c:d8:8b:
                    f6:df:da:f4:44:83:07:f7:0a:a1:73:7a:7f:bc:44:
                    b9:97:b9:3d:55:9c:3e:5f:ea:40:55:3e:54:ef:60:
                    68:57:27:70:e6:5a:23:aa:88:f6:ba:ff:c8:42:4f:
                    43:49:02:47:cf:84:ae:ac:6a:52:78:6c:a3:f3:d6:
                    5c:91:3f:7d:a4:f3:00:d8:b2:89:4a:bb:de:80:42:
                    f7:e5:b5:f5:2a:a1:0e:e0:7c:d4:08:a1:3f:32:59:
                    96:f6:7f:5b:2a:85:c0:97:f7:fb:29:ba:d1:27:8f:
                    0d:5a:30:91:30:23:3d:de:b2:dc:fe:66:8d:7f:10:
                    e6:a5:33:4b:37:8a:bc:c6:6b:45:01:5d:cd:ae:84:
                    2a:34:c3:83:1c:d9:27:ab:13:2e:e7:82:39:e6:da:
                    da:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:D1:37:8C:DF:4A:17:2A:63:2B:E1:B1:E2:C4:20:CA:3A:92:AA:C6
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/19E3jN9KFypjK-Gx4sQgyjqSqsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:75:ab:00:70:5e:78:70:ee:b3:86:fa:ef:3a:d9:e2:ea:fb:
         7f:11:68:0b:04:f1:47:39:bd:95:da:fd:3e:bf:46:10:e9:86:
         5c:93:62:0d:66:2b:f4:de:37:0f:72:76:2a:1a:3e:bb:f4:a3:
         53:6f:7c:74:c1:cc:c1:8c:6b:78:41:ad:7e:88:f4:a7:df:6f:
         a6:60:de:d5:0f:fc:14:77:df:d9:9f:ad:5b:a3:ea:f9:b2:56:
         31:af:5f:99:83:c9:b9:36:69:0c:cb:7d:84:12:e4:dd:90:6d:
         2f:2c:ca:97:ff:ce:95:a3:17:5e:d3:28:90:27:20:bf:34:b5:
         a7:4d:bf:ef:02:c3:0f:97:b1:5f:33:85:45:2c:95:18:69:f6:
         02:b5:a9:b3:81:a0:36:3d:59:a9:38:99:aa:72:c0:30:2e:98:
         ba:86:fc:e4:1a:11:a5:46:7a:6d:68:73:57:d9:66:9d:f0:ed:
         bf:9b:82:a7:b3:60:14:49:b8:b9:19:49:1f:80:c2:cc:e9:51:
         46:88:66:a4:0b:00:31:45:c1:36:e6:ce:09:7e:38:b0:c4:90:
         8b:36:ea:ca:38:b3:6d:91:58:e8:51:f2:1c:fc:be:87:ac:d7:
         00:88:8e:04:b3:5a:14:26:b6:af:63:1c:6d:8f:7b:cb:22:89:
         78:1e:11:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjYKaR/cOj8VW2FRsF5Q021MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwODIzMTgyMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2QxMzc4Y2RmNGExNzJhNjMyYmUxYjFlMmM0MjBjYTNhOTJhYWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0n/KHHTL57ZbRRCIe5HCQcepLbG/
x9ks3udQ0VlNS1jO1Af4cOAyQhLHBpu0T/HLRCH/GvFmEtp5X1hkIDKiNPdjp3c7
Dk9WEq9kE4Ed5G1Hl16a+DzS4A8R9tU1Oqq0ASRQmy6c2Iv239r0RIMH9wqhc3p/
vES5l7k9VZw+X+pAVT5U72BoVydw5lojqoj2uv/IQk9DSQJHz4SurGpSeGyj89Zc
kT99pPMA2LKJSrvegEL35bX1KqEO4HzUCKE/MlmW9n9bKoXAl/f7KbrRJ48NWjCR
MCM93rLc/maNfxDmpTNLN4q8xmtFAV3NroQqNMODHNknqxMu54I55traywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfRN4zfShcqYyvhseLEIMo6kqrGMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvMTlFM2pOOUtGeXBqSy1HeDRzUWd5anFTcXNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HTjMA0G
CSqGSIb3DQEBCwUAA4IBAQC2dasAcF54cO6zhvrvOtni6vt/EWgLBPFHOb2V2v0+
v0YQ6YZck2INZiv03jcPcnYqGj679KNTb3x0wczBjGt4Qa1+iPSn32+mYN7VD/wU
d9/Zn61bo+r5slYxr1+Zg8m5NmkMy32EEuTdkG0vLMqX/86Voxde0yiQJyC/NLWn
Tb/vAsMPl7FfM4VFLJUYafYCtamzgaA2PVmpOJmqcsAwLpi6hvzkGhGlRnptaHNX
2Wad8O2/m4Kns2AUSbi5GUkfgMLM6VFGiGakCwAxRcE25s4JfjiwxJCLNurKOLNt
kVjoUfIc/L6HrNcAiI4Es1oUJravYxxtj3vLIol4HhGP
-----END CERTIFICATE-----