Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b5d955-c7f8-463f-815a-4eb9922860cd/1/aMimPGKaT2G8XuuZ7-2O1Nh1hh8.roa
File:                     aMimPGKaT2G8XuuZ7-2O1Nh1hh8.roa (raw, json)
Hash identifier:          k/8LZ3MzLnclzjgMcW5jgVcEL+c+Ow+osyP79ShIXpk=
Subject key identifier:   68:C8:A6:3C:62:9A:4F:61:BC:5E:EB:99:EF:ED:8E:D4:D8:75:86:1F
Certificate issuer:       /CN=b551bba9829fe7592b1b02e8d71c8fd7cce21ab1
Certificate serial:       01987F5A1DD5BE2253D456FDF4B229580382
Authority key identifier: B5:51:BB:A9:82:9F:E7:59:2B:1B:02:E8:D7:1C:8F:D7:CC:E2:1A:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVG7qYKf51krGwLo1xyP18ziGrE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b5d955-c7f8-463f-815a-4eb9922860cd/1/aMimPGKaT2G8XuuZ7-2O1Nh1hh8.roa
Signing time:             Wed 06 Aug 2025 12:27:49 +0000
ROA not before:           Wed 06 Aug 2025 12:27:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202561
IP address blocks:        176.117.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b5d955-c7f8-463f-815a-4eb9922860cd/1/tVG7qYKf51krGwLo1xyP18ziGrE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b5d955-c7f8-463f-815a-4eb9922860cd/1/tVG7qYKf51krGwLo1xyP18ziGrE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVG7qYKf51krGwLo1xyP18ziGrE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 23:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:5a:1d:d5:be:22:53:d4:56:fd:f4:b2:29:58:03:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b551bba9829fe7592b1b02e8d71c8fd7cce21ab1
        Validity
            Not Before: Aug  6 12:27:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68c8a63c629a4f61bc5eeb99efed8ed4d875861f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ff:bf:5e:7f:ed:29:be:a8:5e:88:24:2c:02:
                    66:68:95:28:bf:ef:c7:58:c2:c6:53:02:53:c2:de:
                    4a:fa:f4:7a:86:63:f0:28:fc:3d:00:a2:f8:1d:94:
                    a1:86:36:17:b3:d7:4b:04:59:c8:7c:0b:1c:cf:6c:
                    50:f2:f2:9f:4a:96:e6:9a:cd:1e:bf:cf:d1:ad:61:
                    8d:15:95:99:65:86:1b:0f:f0:25:e7:0f:fc:f0:6c:
                    04:5f:5e:69:27:ad:12:a8:2b:33:24:84:a6:7f:7f:
                    9e:e6:d2:df:61:76:27:4f:50:c0:74:63:c6:fc:ff:
                    b4:34:c1:7d:72:44:66:1a:97:5e:5b:3f:7c:70:52:
                    8d:e8:46:0f:a5:e4:d8:37:59:78:c8:4e:17:aa:6d:
                    23:1b:95:31:bf:df:6f:60:51:b9:ee:30:5e:d1:90:
                    03:4a:73:1f:7a:24:f3:81:79:6a:3d:5a:7c:19:24:
                    82:fd:80:0e:67:e4:4d:6b:11:4c:e5:08:33:2d:78:
                    14:38:58:08:f7:5f:32:d9:02:18:75:29:0c:b8:3f:
                    a2:a8:d6:d4:31:fc:3a:26:13:da:51:6a:9f:a2:ce:
                    bc:a7:dc:bc:7d:8a:cb:d1:a9:e6:c1:79:49:35:29:
                    b6:ac:55:f4:bb:60:4b:07:cb:15:a0:37:11:31:03:
                    ca:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C8:A6:3C:62:9A:4F:61:BC:5E:EB:99:EF:ED:8E:D4:D8:75:86:1F
            X509v3 Authority Key Identifier:
                keyid:B5:51:BB:A9:82:9F:E7:59:2B:1B:02:E8:D7:1C:8F:D7:CC:E2:1A:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVG7qYKf51krGwLo1xyP18ziGrE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b5d955-c7f8-463f-815a-4eb9922860cd/1/aMimPGKaT2G8XuuZ7-2O1Nh1hh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b5d955-c7f8-463f-815a-4eb9922860cd/1/tVG7qYKf51krGwLo1xyP18ziGrE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:76:97:79:39:89:b7:2e:1a:56:79:35:e5:50:33:07:13:c0:
         cc:db:41:45:2d:d7:67:9a:f7:17:94:cb:99:5c:99:a8:e5:cf:
         98:ca:91:f3:d8:51:4a:a6:67:0d:f8:a7:1f:6d:53:f8:ed:60:
         53:32:51:0a:68:9c:6b:e9:f4:aa:29:3c:13:80:7c:ae:d0:d7:
         a7:83:79:fc:b8:7d:9b:66:7e:a0:45:ef:4d:9c:54:87:0b:73:
         19:45:f8:aa:f6:b2:65:d9:d8:ed:c3:87:1e:01:bf:56:c0:83:
         4f:7b:16:92:6f:b5:39:c9:0b:47:49:d4:5d:41:b6:15:b0:8d:
         98:fd:f8:1b:92:87:e9:89:ba:e1:e4:6d:e5:54:ed:38:42:3f:
         e4:37:89:20:28:57:10:3d:7c:ac:4f:cb:3b:48:18:23:32:62:
         3d:89:1d:8c:61:04:2a:a2:6f:b4:3d:3a:19:dd:32:18:55:b6:
         1c:c0:03:14:87:cc:ac:7e:1f:0a:c6:c4:a6:c3:85:45:d4:76:
         49:f2:31:5a:a6:96:e5:99:7f:2f:5d:89:e4:5d:bf:a5:4a:c0:
         6a:3e:ed:25:c5:58:ca:63:08:ab:dd:aa:20:f3:a2:18:ec:8b:
         d7:e9:de:87:c2:de:13:93:42:4f:e7:bb:24:48:b4:6d:1d:3f:
         a6:af:bd:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh/Wh3VviJT1Fb99LIpWAOCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTFiYmE5ODI5ZmU3NTkyYjFiMDJlOGQ3MWM4ZmQ3Y2Nl
MjFhYjEwHhcNMjUwODA2MTIyNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM4YTYzYzYyOWE0ZjYxYmM1ZWViOTllZmVkOGVkNGQ4NzU4NjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/+/Xn/tKb6oXogkLAJmaJUov+/H
WMLGUwJTwt5K+vR6hmPwKPw9AKL4HZShhjYXs9dLBFnIfAscz2xQ8vKfSpbmms0e
v8/RrWGNFZWZZYYbD/Al5w/88GwEX15pJ60SqCszJISmf3+e5tLfYXYnT1DAdGPG
/P+0NMF9ckRmGpdeWz98cFKN6EYPpeTYN1l4yE4Xqm0jG5Uxv99vYFG57jBe0ZAD
SnMfeiTzgXlqPVp8GSSC/YAOZ+RNaxFM5QgzLXgUOFgI918y2QIYdSkMuD+iqNbU
Mfw6JhPaUWqfos68p9y8fYrL0anmwXlJNSm2rFX0u2BLB8sVoDcRMQPKPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjIpjximk9hvF7rme/tjtTYdYYfMB8GA1UdIwQY
MBaAFLVRu6mCn+dZKxsC6Nccj9fM4hqxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZHN3FZS2Y1MWtyR3dMbzF4eVAxOHppR3JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9iNWQ5NTUtYzdmOC00NjNmLTgxNWEt
NGViOTkyMjg2MGNkLzEvYU1pbVBHS2FUMkc4WHV1WjctMk8xTmgxaGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9iNWQ5NTUtYzdmOC00NjNmLTgxNWEtNGViOTkyMjg2MGNk
LzEvdFZHN3FZS2Y1MWtyR3dMbzF4eVAxOHppR3JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVoMA0G
CSqGSIb3DQEBCwUAA4IBAQC0dpd5OYm3LhpWeTXlUDMHE8DM20FFLddnmvcXlMuZ
XJmo5c+YypHz2FFKpmcN+KcfbVP47WBTMlEKaJxr6fSqKTwTgHyu0Neng3n8uH2b
Zn6gRe9NnFSHC3MZRfiq9rJl2djtw4ceAb9WwINPexaSb7U5yQtHSdRdQbYVsI2Y
/fgbkofpibrh5G3lVO04Qj/kN4kgKFcQPXysT8s7SBgjMmI9iR2MYQQqom+0PToZ
3TIYVbYcwAMUh8ysfh8KxsSmw4VF1HZJ8jFappblmX8vXYnkXb+lSsBqPu0lxVjK
Ywir3aog86IY7IvX6d6Hwt4Tk0JP57skSLRtHT+mr71d
-----END CERTIFICATE-----