Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/z98VbFhhtrsppgBDCBBTlF7BgCs.roa
File:                     z98VbFhhtrsppgBDCBBTlF7BgCs.roa (raw, json)
Hash identifier:          VYrqnhsISaUc0EGr8J3bVX+m9jndPwar8EqDGjXw5HE=
Subject key identifier:   CF:DF:15:6C:58:61:B6:BB:29:A6:00:43:08:10:53:94:5E:C1:80:2B
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0197B01D0A43C1234C1AF3ACCC286ACEFFCA
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/z98VbFhhtrsppgBDCBBTlF7BgCs.roa
Signing time:             Fri 27 Jun 2025 06:39:42 +0000
ROA not before:           Fri 27 Jun 2025 06:39:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200436
IP address blocks:        185.3.200.0/24 maxlen: 24
                          188.240.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 22:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b0:1d:0a:43:c1:23:4c:1a:f3:ac:cc:28:6a:ce:ff:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jun 27 06:39:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfdf156c5861b6bb29a60043081053945ec1802b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:81:96:31:ce:aa:9d:f0:7e:6c:e0:4f:3a:de:
                    f7:5c:ed:d2:b4:04:18:07:a0:45:bb:0b:97:d2:4f:
                    c6:a1:d0:99:20:ae:7a:6c:e0:4d:2d:ba:05:5f:84:
                    86:0c:26:a9:c1:77:6f:34:93:c7:a5:80:ab:21:87:
                    bc:13:45:5f:00:1c:a5:ba:e0:b9:e8:c0:f3:0e:91:
                    6d:5b:b4:68:97:34:a0:b6:51:4b:8b:c5:60:f0:a8:
                    98:a4:bd:5c:10:d2:b4:b9:74:be:a1:bb:31:28:09:
                    ae:5f:05:1f:2d:7e:df:ec:2f:33:51:7c:b9:b6:ce:
                    86:6e:1d:70:af:70:fd:87:a6:dd:81:9b:7a:9b:b1:
                    78:5d:1f:99:88:c8:f4:4a:87:80:b9:be:65:4c:85:
                    bd:92:3c:37:45:0a:ba:41:ca:01:62:38:14:ca:26:
                    a4:92:08:04:ab:67:ae:bb:63:e5:c5:53:24:77:ed:
                    34:71:e9:19:43:5c:2f:88:89:17:8b:67:76:f7:0d:
                    29:9e:31:9b:c6:9b:01:91:9b:8a:86:05:f5:e0:50:
                    3b:c4:41:08:ff:f1:27:a0:2a:8e:e8:cc:64:9d:30:
                    ff:dc:45:d6:73:1a:e3:79:fc:d2:cd:79:8d:3f:ef:
                    dd:27:34:a4:07:b8:33:cb:8d:7d:27:f4:53:05:2a:
                    63:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:DF:15:6C:58:61:B6:BB:29:A6:00:43:08:10:53:94:5E:C1:80:2B
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/z98VbFhhtrsppgBDCBBTlF7BgCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.200.0/24
                  188.240.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:b9:79:03:a1:e9:7c:32:ac:8f:70:3f:08:47:76:6e:2c:4b:
         53:26:28:ea:5f:a1:22:72:ab:2b:76:c0:85:35:dd:2d:8d:71:
         a1:91:b3:30:c8:94:b1:41:47:77:ae:31:bf:48:2c:a3:bf:3f:
         70:cc:28:9b:bd:98:b0:61:4a:00:a7:b5:a2:b0:86:20:1c:bc:
         b9:3e:b2:30:fd:0b:bb:9b:48:07:34:85:eb:a4:a1:10:02:23:
         47:e7:66:d1:ba:33:ba:69:79:b1:fd:76:0e:8f:7c:56:1a:5e:
         c8:e2:67:aa:13:7b:94:51:37:5e:17:3e:37:f9:2d:77:ff:2f:
         d6:3c:77:b1:fb:7d:e2:75:0d:11:45:3f:8d:b9:1c:ef:41:0d:
         8d:61:c8:34:ed:09:d3:38:7b:43:73:ce:89:d4:fb:a1:7d:59:
         c7:d5:86:98:a0:d6:d5:51:c0:c5:dd:8c:28:1e:6a:5c:46:10:
         9c:07:98:41:86:68:e8:df:fc:f7:7d:6f:5e:67:cf:ee:14:24:
         f8:ad:23:2c:d1:05:13:17:5b:a1:94:5e:76:55:80:6c:93:48:
         c3:ff:99:cd:f2:d1:51:a7:5d:57:ad:da:c1:17:a2:e6:c3:b0:
         e8:bf:c5:85:15:34:b5:9b:6f:19:12:6b:15:fa:c0:0f:94:c9:
         cb:6a:f7:d3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZewHQpDwSNMGvOszChqzv/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNjI3MDYzOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmRmMTU2YzU4NjFiNmJiMjlhNjAwNDMwODEwNTM5NDVlYzE4MDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4GWMc6qnfB+bOBPOt73XO3StAQY
B6BFuwuX0k/GodCZIK56bOBNLboFX4SGDCapwXdvNJPHpYCrIYe8E0VfAByluuC5
6MDzDpFtW7RolzSgtlFLi8Vg8KiYpL1cENK0uXS+obsxKAmuXwUfLX7f7C8zUXy5
ts6Gbh1wr3D9h6bdgZt6m7F4XR+ZiMj0SoeAub5lTIW9kjw3RQq6QcoBYjgUyiak
kggEq2euu2PlxVMkd+00cekZQ1wviIkXi2d29w0pnjGbxpsBkZuKhgX14FA7xEEI
//EnoCqO6MxknTD/3EXWcxrjefzSzXmNP+/dJzSkB7gzy419J/RTBSpjZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM/fFWxYYba7KaYAQwgQU5RewYArMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvejk4VmJGaGh0cnNwcGdCRENCQlRsRjdCZ0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuQPIAwQA
vPDEMA0GCSqGSIb3DQEBCwUAA4IBAQCRuXkDoel8MqyPcD8IR3ZuLEtTJijqX6Ei
cqsrdsCFNd0tjXGhkbMwyJSxQUd3rjG/SCyjvz9wzCibvZiwYUoAp7WisIYgHLy5
PrIw/Qu7m0gHNIXrpKEQAiNH52bRujO6aXmx/XYOj3xWGl7I4meqE3uUUTdeFz43
+S13/y/WPHex+33idQ0RRT+NuRzvQQ2NYcg07QnTOHtDc86J1PuhfVnH1YaYoNbV
UcDF3YwoHmpcRhCcB5hBhmjo3/z3fW9eZ8/uFCT4rSMs0QUTF1uhlF52VYBsk0jD
/5nN8tFRp11XrdrBF6Lmw7Dov8WFFTS1m28ZEmsV+sAPlMnLavfT
-----END CERTIFICATE-----