Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/2b5374-d405-4ff1-8563-026a7b654f88/1/qBjHDY2sXPfYcFMAdrqZb0wk3qo.roa
File:                     qBjHDY2sXPfYcFMAdrqZb0wk3qo.roa (raw, json)
Hash identifier:          YJdVl/jAdNP388MpdOeTC60bm9oxrdjXPgN1Q6k8CnU=
Subject key identifier:   A8:18:C7:0D:8D:AC:5C:F7:D8:70:53:00:76:BA:99:6F:4C:24:DE:AA
Certificate issuer:       /CN=3a07318a1314233f5623c0f835fae18f9126412f
Certificate serial:       0198A867AFF57A7368365959AD2ADCCFD326
Authority key identifier: 3A:07:31:8A:13:14:23:3F:56:23:C0:F8:35:FA:E1:8F:91:26:41:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgcxihMUIz9WI8D4Nfrhj5EmQS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/2b5374-d405-4ff1-8563-026a7b654f88/1/qBjHDY2sXPfYcFMAdrqZb0wk3qo.roa
Signing time:             Thu 14 Aug 2025 11:47:04 +0000
ROA not before:           Thu 14 Aug 2025 11:47:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        185.172.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/2b5374-d405-4ff1-8563-026a7b654f88/1/OgcxihMUIz9WI8D4Nfrhj5EmQS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/2b5374-d405-4ff1-8563-026a7b654f88/1/OgcxihMUIz9WI8D4Nfrhj5EmQS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgcxihMUIz9WI8D4Nfrhj5EmQS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:67:af:f5:7a:73:68:36:59:59:ad:2a:dc:cf:d3:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a07318a1314233f5623c0f835fae18f9126412f
        Validity
            Not Before: Aug 14 11:47:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a818c70d8dac5cf7d870530076ba996f4c24deaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:99:a1:70:6c:b3:79:bd:a5:65:e3:31:fb:20:
                    23:25:31:e4:36:75:e5:6a:c1:b6:a3:83:2f:c0:e4:
                    3d:6c:0c:5c:11:1a:e1:8f:b7:82:f5:da:01:bf:46:
                    18:a9:a5:5b:19:c9:48:f7:0c:91:0a:d6:48:77:02:
                    60:b8:0e:9c:11:85:38:00:07:03:30:be:b5:4f:77:
                    f7:8e:20:3e:9a:4e:85:ff:8f:e5:b5:b8:06:e2:b1:
                    f3:2f:b4:5a:7d:8a:df:ae:70:ab:96:bc:e0:0c:3c:
                    69:f6:5a:90:89:aa:5e:89:67:93:f4:9e:4b:ff:11:
                    a6:90:0a:eb:13:9d:54:aa:8b:12:c3:4c:82:82:8e:
                    5d:86:c4:bc:21:69:9a:88:44:7b:52:91:89:de:87:
                    4e:0e:41:45:a1:54:72:0e:f0:33:1b:61:73:6c:ef:
                    b6:1d:eb:ac:1a:93:d4:61:5d:db:20:4a:00:c5:b8:
                    ee:7a:d0:db:fe:d3:ea:7f:61:37:b2:ad:71:15:cb:
                    19:7f:05:70:9b:f6:fa:86:eb:42:67:df:10:4c:00:
                    68:16:10:0a:c4:7a:ea:a8:58:0c:a4:df:72:aa:67:
                    d2:74:da:63:92:cc:69:87:93:48:b9:28:c5:56:0b:
                    cc:a0:d1:c1:82:19:44:68:7a:e4:68:7b:a7:5e:54:
                    b9:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:18:C7:0D:8D:AC:5C:F7:D8:70:53:00:76:BA:99:6F:4C:24:DE:AA
            X509v3 Authority Key Identifier:
                keyid:3A:07:31:8A:13:14:23:3F:56:23:C0:F8:35:FA:E1:8F:91:26:41:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgcxihMUIz9WI8D4Nfrhj5EmQS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2b5374-d405-4ff1-8563-026a7b654f88/1/qBjHDY2sXPfYcFMAdrqZb0wk3qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2b5374-d405-4ff1-8563-026a7b654f88/1/OgcxihMUIz9WI8D4Nfrhj5EmQS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:e2:a3:d8:89:b3:22:b5:4c:9c:7e:c1:1b:f8:06:c5:f0:99:
         f6:34:32:9c:91:ec:aa:d9:66:40:22:cb:d2:85:70:18:9e:99:
         b0:cd:a7:da:41:35:c7:dd:55:a9:0b:7e:b4:d7:1c:de:a4:df:
         92:17:06:9d:88:91:33:76:8c:e4:e3:23:9e:bb:5c:ce:01:1c:
         19:99:68:db:67:69:b8:d1:fd:64:d6:6e:28:a0:d3:3d:ee:6d:
         6c:5b:cc:02:40:87:34:00:3e:73:8a:eb:6d:a4:ee:d7:f3:af:
         6c:b9:41:51:ab:47:71:58:01:8d:fb:17:72:53:94:02:26:9f:
         e9:b2:79:24:03:2b:63:d1:a4:b0:45:7f:97:94:89:53:4a:3a:
         3b:1f:df:bb:f8:81:1b:45:f7:70:9c:2a:2d:74:60:da:28:4c:
         5e:64:f1:f3:7a:d9:19:c4:92:52:c9:b3:4a:19:c9:22:f0:1c:
         5d:cb:3b:ac:e7:3d:4f:39:8d:67:bf:30:7e:27:e6:9e:00:06:
         9b:c9:77:05:73:74:be:e0:88:f9:1a:5b:25:ea:11:fe:fb:c5:
         20:fb:51:9b:0a:ac:c7:e4:a6:46:35:59:ee:da:3d:c5:7b:58:
         ea:66:f3:75:ce:d1:a6:a4:91:8a:62:b0:ac:3b:86:70:b0:88:
         30:6f:77:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZioZ6/1enNoNllZrSrcz9MmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDczMThhMTMxNDIzM2Y1NjIzYzBmODM1ZmFlMThmOTEy
NjQxMmYwHhcNMjUwODE0MTE0NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODE4YzcwZDhkYWM1Y2Y3ZDg3MDUzMDA3NmJhOTk2ZjRjMjRkZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZmhcGyzeb2lZeMx+yAjJTHkNnXl
asG2o4MvwOQ9bAxcERrhj7eC9doBv0YYqaVbGclI9wyRCtZIdwJguA6cEYU4AAcD
ML61T3f3jiA+mk6F/4/ltbgG4rHzL7RafYrfrnCrlrzgDDxp9lqQiapeiWeT9J5L
/xGmkArrE51UqosSw0yCgo5dhsS8IWmaiER7UpGJ3odODkFFoVRyDvAzG2FzbO+2
HeusGpPUYV3bIEoAxbjuetDb/tPqf2E3sq1xFcsZfwVwm/b6hutCZ98QTABoFhAK
xHrqqFgMpN9yqmfSdNpjksxph5NIuSjFVgvMoNHBghlEaHrkaHunXlS5JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgYxw2NrFz32HBTAHa6mW9MJN6qMB8GA1UdIwQY
MBaAFDoHMYoTFCM/ViPA+DX64Y+RJkEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2djeGloTVVJejlXSThENE5mcmhqNUVtUVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yYjUzNzQtZDQwNS00ZmYxLTg1NjMt
MDI2YTdiNjU0Zjg4LzEvcUJqSERZMnNYUGZZY0ZNQWRycVpiMHdrM3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8yYjUzNzQtZDQwNS00ZmYxLTg1NjMtMDI2YTdiNjU0Zjg4
LzEvT2djeGloTVVJejlXSThENE5mcmhqNUVtUVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuawEMA0G
CSqGSIb3DQEBCwUAA4IBAQAS4qPYibMitUycfsEb+AbF8Jn2NDKckeyq2WZAIsvS
hXAYnpmwzafaQTXH3VWpC3601xzepN+SFwadiJEzdozk4yOeu1zOARwZmWjbZ2m4
0f1k1m4ooNM97m1sW8wCQIc0AD5ziuttpO7X869suUFRq0dxWAGN+xdyU5QCJp/p
snkkAytj0aSwRX+XlIlTSjo7H9+7+IEbRfdwnCotdGDaKExeZPHzetkZxJJSybNK
Gcki8Bxdyzus5z1POY1nvzB+J+aeAAabyXcFc3S+4Ij5Glsl6hH++8Ug+1GbCqzH
5KZGNVnu2j3Fe1jqZvN1ztGmpJGKYrCsO4ZwsIgwb3fI
-----END CERTIFICATE-----