Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/55ac67-9c76-4893-89a5-b1d38b13fda9/1/c3OL94EDPQLb4CRqP5cj8oMrCsw.roa
File:                     c3OL94EDPQLb4CRqP5cj8oMrCsw.roa (raw, json)
Hash identifier:          34I7V6n7QXJwJzSLeOXd+BiYE6TrztMTe0wu1SMTuxY=
Subject key identifier:   73:73:8B:F7:81:03:3D:02:DB:E0:24:6A:3F:97:23:F2:83:2B:0A:CC
Certificate issuer:       /CN=1d8e8df5c031107118da61f29ab4f419d29d5a8a
Certificate serial:       0198C69A871DF899772C683567D643ABF3A0
Authority key identifier: 1D:8E:8D:F5:C0:31:10:71:18:DA:61:F2:9A:B4:F4:19:D2:9D:5A:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HY6N9cAxEHEY2mHymrT0GdKdWoo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/55ac67-9c76-4893-89a5-b1d38b13fda9/1/c3OL94EDPQLb4CRqP5cj8oMrCsw.roa
Signing time:             Wed 20 Aug 2025 08:31:12 +0000
ROA not before:           Wed 20 Aug 2025 08:31:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5386
IP address blocks:        195.170.224.0/20 maxlen: 20
                          195.170.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/55ac67-9c76-4893-89a5-b1d38b13fda9/1/HY6N9cAxEHEY2mHymrT0GdKdWoo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/55ac67-9c76-4893-89a5-b1d38b13fda9/1/HY6N9cAxEHEY2mHymrT0GdKdWoo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HY6N9cAxEHEY2mHymrT0GdKdWoo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c6:9a:87:1d:f8:99:77:2c:68:35:67:d6:43:ab:f3:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8e8df5c031107118da61f29ab4f419d29d5a8a
        Validity
            Not Before: Aug 20 08:31:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73738bf781033d02dbe0246a3f9723f2832b0acc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2e:a4:a2:cd:fe:b3:b3:c4:9d:e6:74:10:1b:
                    7a:93:c0:a2:b0:0f:61:75:1e:c4:49:58:37:e3:9c:
                    ba:36:37:22:ad:93:39:b6:70:e0:66:71:6b:56:88:
                    0c:de:77:6a:c4:6c:04:f0:4b:a4:73:c1:4f:a1:2d:
                    eb:b2:dd:50:a4:11:c0:42:59:b3:86:2f:7e:ea:6e:
                    29:00:da:dd:77:3c:c9:f6:7a:0a:29:f9:43:c5:09:
                    e6:68:5a:8c:88:de:4a:e5:b3:50:bc:e6:61:b2:9e:
                    b3:5c:bc:b6:75:d6:90:23:f5:a3:30:b0:5d:82:bf:
                    aa:fc:58:5d:db:c2:19:f3:8b:a8:62:cb:20:b0:4b:
                    70:00:01:98:f7:6f:c4:58:1c:ca:8e:53:bb:1e:5a:
                    cf:56:1a:26:b2:14:29:ee:ff:34:53:54:e1:e8:a6:
                    3c:77:1b:82:fd:2d:ed:8d:58:e4:4c:ef:c3:2c:2c:
                    90:a1:58:54:88:a7:c4:36:42:9e:d1:1a:38:0a:32:
                    f5:23:e4:1b:7d:19:ed:71:5d:22:26:e2:29:77:f1:
                    1b:b3:7e:19:41:b7:17:2a:5b:62:d6:92:ed:1b:91:
                    82:c3:30:cb:8d:36:ff:38:b0:91:33:e5:f1:7f:49:
                    fa:7a:74:c3:ba:92:dd:bb:24:90:29:9a:34:fa:9d:
                    5d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:73:8B:F7:81:03:3D:02:DB:E0:24:6A:3F:97:23:F2:83:2B:0A:CC
            X509v3 Authority Key Identifier:
                keyid:1D:8E:8D:F5:C0:31:10:71:18:DA:61:F2:9A:B4:F4:19:D2:9D:5A:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HY6N9cAxEHEY2mHymrT0GdKdWoo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/55ac67-9c76-4893-89a5-b1d38b13fda9/1/c3OL94EDPQLb4CRqP5cj8oMrCsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/55ac67-9c76-4893-89a5-b1d38b13fda9/1/HY6N9cAxEHEY2mHymrT0GdKdWoo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         92:ea:b0:89:61:0b:c0:98:95:32:12:72:ea:fe:31:72:e0:88:
         26:2e:f1:6c:1c:9e:54:a5:54:81:33:d0:d7:eb:64:8c:eb:1a:
         47:e3:bf:80:98:f9:69:c5:cc:7a:a3:04:89:52:65:1f:59:5f:
         a5:e7:bd:12:30:ea:2f:e7:a6:5d:0f:ae:c1:9e:a6:dd:fa:3e:
         6c:c4:39:1c:4f:4a:e5:91:93:43:63:39:52:35:f8:98:b2:d9:
         7e:57:bd:bf:82:5f:e7:19:b6:f7:48:69:97:e4:8d:76:fd:ad:
         eb:15:9b:e7:10:c2:eb:a5:db:0e:ca:55:ab:34:ef:00:97:9f:
         00:29:85:88:dc:3a:28:97:17:1c:df:96:b4:59:63:ce:bf:68:
         49:e9:59:d5:ab:eb:ec:7d:b7:48:39:dd:be:e7:00:53:f0:08:
         d8:0f:f6:03:ff:a3:ee:e9:a3:10:10:f9:72:03:db:66:cd:36:
         9c:3c:a3:f8:2c:10:94:dc:bf:59:10:ed:a5:ee:5a:d1:f3:c8:
         49:f9:a7:34:c1:15:fd:58:50:9d:b8:d9:93:a1:85:1d:71:e1:
         b3:7b:ba:87:86:95:02:92:fb:30:d3:df:3c:4d:cd:3d:53:da:
         82:dc:ba:a9:f6:da:24:51:c9:e8:4a:8d:49:3d:36:1f:2b:66:
         29:e8:47:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjGmocd+Jl3LGg1Z9ZDq/OgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkOGU4ZGY1YzAzMTEwNzExOGRhNjFmMjlhYjRmNDE5ZDI5
ZDVhOGEwHhcNMjUwODIwMDgzMTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzczOGJmNzgxMDMzZDAyZGJlMDI0NmEzZjk3MjNmMjgzMmIwYWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3y6kos3+s7PEneZ0EBt6k8CisA9h
dR7ESVg345y6NjcirZM5tnDgZnFrVogM3ndqxGwE8Eukc8FPoS3rst1QpBHAQlmz
hi9+6m4pANrddzzJ9noKKflDxQnmaFqMiN5K5bNQvOZhsp6zXLy2ddaQI/WjMLBd
gr+q/Fhd28IZ84uoYssgsEtwAAGY92/EWBzKjlO7HlrPVhomshQp7v80U1Th6KY8
dxuC/S3tjVjkTO/DLCyQoVhUiKfENkKe0Ro4CjL1I+QbfRntcV0iJuIpd/Ebs34Z
QbcXKlti1pLtG5GCwzDLjTb/OLCRM+Xxf0n6enTDupLduySQKZo0+p1dTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNzi/eBAz0C2+Akaj+XI/KDKwrMMB8GA1UdIwQY
MBaAFB2OjfXAMRBxGNph8pq09BnSnVqKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFk2TjljQXhFSEVZMm1IeW1yVDBHZEtkV29vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS81NWFjNjctOWM3Ni00ODkzLTg5YTUt
YjFkMzhiMTNmZGE5LzEvYzNPTDk0RURQUUxiNENScVA1Y2o4b01yQ3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS81NWFjNjctOWM3Ni00ODkzLTg5YTUtYjFkMzhiMTNmZGE5
LzEvSFk2TjljQXhFSEVZMm1IeW1yVDBHZEtkV29vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFw6rgMA0G
CSqGSIb3DQEBCwUAA4IBAQCS6rCJYQvAmJUyEnLq/jFy4IgmLvFsHJ5UpVSBM9DX
62SM6xpH47+AmPlpxcx6owSJUmUfWV+l570SMOov56ZdD67Bnqbd+j5sxDkcT0rl
kZNDYzlSNfiYstl+V72/gl/nGbb3SGmX5I12/a3rFZvnEMLrpdsOylWrNO8Al58A
KYWI3Doolxcc35a0WWPOv2hJ6VnVq+vsfbdIOd2+5wBT8AjYD/YD/6Pu6aMQEPly
A9tmzTacPKP4LBCU3L9ZEO2l7lrR88hJ+ac0wRX9WFCduNmToYUdceGze7qHhpUC
kvsw0988Tc09U9qC3Lqp9tokUcnoSo1JPTYfK2Yp6Ecn
-----END CERTIFICATE-----