Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/yQOovkVgBPdQUYWIP8s5JEl_do0.roa
File:                     yQOovkVgBPdQUYWIP8s5JEl_do0.roa (raw, json)
Hash identifier:          teGG3Giw/XqatuTMOZRs13KC4GUJoaqGETNz76LPhGY=
Subject key identifier:   C9:03:A8:BE:45:60:04:F7:50:51:85:88:3F:CB:39:24:49:7F:76:8D
Certificate issuer:       /CN=246f9be783d73d95ab8aa54619e60f9011c04d67
Certificate serial:       01997D8098813F224D599E7110C6957DE829
Authority key identifier: 24:6F:9B:E7:83:D7:3D:95:AB:8A:A5:46:19:E6:0F:90:11:C0:4D:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JG-b54PXPZWriqVGGeYPkBHATWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/yQOovkVgBPdQUYWIP8s5JEl_do0.roa
Signing time:             Wed 24 Sep 2025 20:53:23 +0000
ROA not before:           Wed 24 Sep 2025 20:53:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197937
IP address blocks:        185.7.172.0/24 maxlen: 24
                          2a13:83c0::/29 maxlen: 29
                          2a13:83c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/JG-b54PXPZWriqVGGeYPkBHATWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/JG-b54PXPZWriqVGGeYPkBHATWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JG-b54PXPZWriqVGGeYPkBHATWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7d:80:98:81:3f:22:4d:59:9e:71:10:c6:95:7d:e8:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=246f9be783d73d95ab8aa54619e60f9011c04d67
        Validity
            Not Before: Sep 24 20:53:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c903a8be456004f7505185883fcb3924497f768d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:30:5f:01:ef:d6:16:7a:73:7b:79:67:4c:b7:
                    81:94:7f:d7:b4:b4:f7:32:0e:77:14:5e:23:6d:bf:
                    40:45:c6:57:41:97:dc:f1:c0:3f:3e:95:ef:dc:a3:
                    eb:dc:4e:be:05:da:92:53:0b:17:33:b5:9a:04:c3:
                    8d:3a:78:c4:cc:90:b1:d4:69:6e:ff:fc:5c:09:46:
                    5d:66:26:92:12:a7:87:70:e0:48:05:33:1c:54:df:
                    14:6b:d5:a3:6a:e3:76:19:cf:26:2a:e0:c8:60:16:
                    44:87:bd:e7:bf:67:4f:78:4f:75:a1:4f:a3:47:fa:
                    47:cf:ac:0b:62:41:75:cc:5c:fe:b0:67:26:c9:b6:
                    71:a9:c0:55:a0:55:19:11:dd:df:78:e8:73:18:1d:
                    c4:08:16:ce:67:1b:8e:0f:eb:65:6b:00:19:af:38:
                    49:36:55:ce:b3:e0:dd:42:07:70:72:77:3c:4f:19:
                    85:f1:98:81:ec:41:55:dc:49:ce:18:e6:fb:b4:8d:
                    49:bf:2f:46:df:e0:39:de:25:2b:93:d7:ad:2d:cc:
                    04:5a:2b:72:fd:da:29:1a:37:af:fe:7a:a0:6b:f5:
                    56:e9:17:a4:0d:9a:2e:10:9b:26:d3:50:0d:df:57:
                    6b:9c:82:de:36:64:0f:3d:87:16:cd:6e:75:a7:2f:
                    36:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:03:A8:BE:45:60:04:F7:50:51:85:88:3F:CB:39:24:49:7F:76:8D
            X509v3 Authority Key Identifier:
                keyid:24:6F:9B:E7:83:D7:3D:95:AB:8A:A5:46:19:E6:0F:90:11:C0:4D:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JG-b54PXPZWriqVGGeYPkBHATWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/yQOovkVgBPdQUYWIP8s5JEl_do0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/baa372-823b-4b07-9aab-cbbd01f2b91c/1/JG-b54PXPZWriqVGGeYPkBHATWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.172.0/24
                IPv6:
                  2a13:83c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9e:f9:6e:e7:68:53:de:90:f8:eb:92:e1:36:24:23:f2:3e:d2:
         9c:93:3b:c5:a3:95:11:99:7c:cc:97:9f:75:57:92:ec:c1:33:
         d5:21:98:8c:8d:9a:ef:d3:dd:1a:94:79:b2:f6:47:34:9b:1d:
         b4:7a:ce:97:8b:28:ea:9c:95:b7:4f:7f:54:a8:df:ba:3a:d4:
         03:2e:20:c4:53:5d:e7:81:4c:58:ee:69:ea:89:66:c7:42:12:
         0e:49:4d:4c:48:bf:15:b9:92:64:90:a0:d3:7b:64:db:50:0e:
         4f:a7:db:7c:a0:32:8a:6e:a4:dc:f1:40:6d:4b:64:d6:8f:b8:
         ff:a7:b8:f1:9f:06:a2:fb:f4:88:2f:10:5e:7a:67:ee:02:ba:
         39:aa:2e:5e:9b:56:26:07:b1:4f:1e:03:34:d1:d5:4b:6e:83:
         8d:59:96:60:d9:a8:10:3d:e3:a5:a9:c5:a3:c4:4d:13:a0:b1:
         af:f8:48:e7:30:36:e0:70:10:cb:6f:b6:1a:be:e4:78:49:5d:
         7f:90:a0:71:45:b5:f9:5c:e5:0d:c7:2c:2d:47:92:72:8c:c8:
         5b:23:73:ee:99:e2:50:ab:29:92:c8:19:f3:a9:f3:ba:79:03:
         2b:71:c2:b9:74:20:65:1a:0d:6b:a6:2e:e1:8a:a0:84:68:11:
         7a:cf:51:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZl9gJiBPyJNWZ5xEMaVfegpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NmY5YmU3ODNkNzNkOTVhYjhhYTU0NjE5ZTYwZjkwMTFj
MDRkNjcwHhcNMjUwOTI0MjA1MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTAzYThiZTQ1NjAwNGY3NTA1MTg1ODgzZmNiMzkyNDQ5N2Y3NjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDBfAe/WFnpze3lnTLeBlH/XtLT3
Mg53FF4jbb9ARcZXQZfc8cA/PpXv3KPr3E6+BdqSUwsXM7WaBMONOnjEzJCx1Glu
//xcCUZdZiaSEqeHcOBIBTMcVN8Ua9WjauN2Gc8mKuDIYBZEh73nv2dPeE91oU+j
R/pHz6wLYkF1zFz+sGcmybZxqcBVoFUZEd3feOhzGB3ECBbOZxuOD+tlawAZrzhJ
NlXOs+DdQgdwcnc8TxmF8ZiB7EFV3EnOGOb7tI1Jvy9G3+A53iUrk9etLcwEWity
/dopGjev/nqga/VW6RekDZouEJsm01AN31drnILeNmQPPYcWzW51py82jQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMkDqL5FYAT3UFGFiD/LOSRJf3aNMB8GA1UdIwQY
MBaAFCRvm+eD1z2Vq4qlRhnmD5ARwE1nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkctYjU0UFhQWldyaXFWR0dlWVBrQkhBVFdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iYWEzNzItODIzYi00YjA3LTlhYWIt
Y2JiZDAxZjJiOTFjLzEveVFPb3ZrVmdCUGRRVVlXSVA4czVKRWxfZG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iYWEzNzItODIzYi00YjA3LTlhYWItY2JiZDAxZjJiOTFj
LzEvSkctYjU0UFhQWldyaXFWR0dlWVBrQkhBVFdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuQesMA0E
AgACMAcDBQMqE4PAMA0GCSqGSIb3DQEBCwUAA4IBAQCe+W7naFPekPjrkuE2JCPy
PtKckzvFo5URmXzMl591V5LswTPVIZiMjZrv090alHmy9kc0mx20es6XiyjqnJW3
T39UqN+6OtQDLiDEU13ngUxY7mnqiWbHQhIOSU1MSL8VuZJkkKDTe2TbUA5Pp9t8
oDKKbqTc8UBtS2TWj7j/p7jxnwai+/SILxBeemfuAro5qi5em1YmB7FPHgM00dVL
boONWZZg2agQPeOlqcWjxE0ToLGv+EjnMDbgcBDLb7YavuR4SV1/kKBxRbX5XOUN
xywtR5JyjMhbI3PumeJQqymSyBnzqfO6eQMrccK5dCBlGg1rpi7hiqCEaBF6z1FB
-----END CERTIFICATE-----