Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/7NecV3hk_50oLBFkJbK3vteD-qA.roa
File:                     7NecV3hk_50oLBFkJbK3vteD-qA.roa (raw, json)
Hash identifier:          esVUDfxWLVtx2sOyGs4iIs+SNwohNxbWk7iaAi9T/1Y=
Subject key identifier:   EC:D7:9C:57:78:64:FF:9D:28:2C:11:64:25:B2:B7:BE:D7:83:FA:A0
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       0198C4265A16E97AFD1D298B689CF250E5B4
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/7NecV3hk_50oLBFkJbK3vteD-qA.roa
Signing time:             Tue 19 Aug 2025 21:05:04 +0000
ROA not before:           Tue 19 Aug 2025 21:05:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        91.234.22.0/24 maxlen: 24
                          194.59.6.0/24 maxlen: 24
                          194.116.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c4:26:5a:16:e9:7a:fd:1d:29:8b:68:9c:f2:50:e5:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Aug 19 21:05:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecd79c577864ff9d282c116425b2b7bed783faa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:df:27:31:ab:20:4e:42:18:3f:7f:8f:61:
                    29:e8:14:16:ab:3f:1a:e5:f8:b3:8d:26:eb:50:f3:
                    3c:2a:fd:af:19:f3:31:1e:8d:d9:3e:b7:b9:fb:d0:
                    56:da:78:fc:e3:13:3f:5d:b2:4d:fa:16:59:0c:e4:
                    e6:c9:2b:da:93:df:57:65:0b:86:25:49:1a:7d:de:
                    27:80:2d:2d:ed:f0:d9:eb:14:3f:52:96:1d:74:52:
                    05:e5:fa:77:c8:1b:d6:82:10:2c:14:9e:a9:ca:b4:
                    67:c3:f2:ba:d2:37:ab:90:4c:65:6e:99:fd:40:24:
                    d8:72:a9:d5:77:fc:8f:da:04:de:39:8c:b1:da:5f:
                    36:7e:34:e4:95:7a:88:64:ba:ad:9b:9a:ea:fe:f0:
                    cf:ca:37:b9:c8:96:a7:9c:99:88:42:f9:24:21:a2:
                    e9:08:6d:08:76:d1:d5:db:f0:db:75:af:69:2f:35:
                    56:55:70:5f:56:a9:dd:7f:e1:2c:8f:20:77:75:e0:
                    53:f2:37:85:45:62:90:52:66:79:95:de:cc:a6:f6:
                    3e:a9:22:fd:f5:02:66:90:33:3e:bc:ae:87:ff:ef:
                    f4:ea:21:21:79:79:70:73:cf:ec:40:cc:a9:7b:ab:
                    fe:76:8c:b9:9a:00:77:1d:ab:59:26:54:40:dd:6a:
                    40:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:D7:9C:57:78:64:FF:9D:28:2C:11:64:25:B2:B7:BE:D7:83:FA:A0
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/7NecV3hk_50oLBFkJbK3vteD-qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.22.0/24
                  194.59.6.0/24
                  194.116.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:f2:66:aa:67:dc:ff:68:7e:06:79:63:71:99:88:68:c2:2b:
         c0:10:c3:ca:d3:2f:60:78:68:0a:cf:43:a6:c9:c7:8e:d8:4c:
         20:c4:b4:b5:a7:e6:a5:bd:6a:bc:ba:d9:a2:27:b1:80:bd:8d:
         32:16:fa:22:f7:a3:80:f1:53:ec:69:a0:6a:bd:d6:57:2a:ea:
         f1:6d:f3:fb:56:88:71:83:a8:75:2a:d0:6b:6b:09:aa:26:f9:
         0b:19:b0:9c:cf:3f:47:ea:82:3d:3c:c0:8b:d4:f3:39:93:e7:
         2d:39:86:b0:9b:05:51:8a:5a:f9:bf:fe:4a:25:17:e3:14:8b:
         75:50:1f:3a:fc:cc:e7:9c:19:b9:24:21:4a:ca:ee:e8:8d:cb:
         1d:2b:c6:ae:07:0c:53:18:85:4a:59:e0:ec:6f:2f:94:35:1f:
         d2:a6:ef:b6:4f:23:1b:25:02:ed:38:d9:f0:f0:c8:0d:59:cf:
         3c:62:8a:e2:be:43:4e:15:9a:2b:a4:bd:c6:9d:22:b3:22:38:
         af:5b:36:95:09:ee:78:58:30:47:de:4d:6b:2c:a9:db:d7:d7:
         21:6a:da:c2:f9:25:7b:4d:08:61:fb:4f:0d:ed:0d:93:14:c1:
         85:14:df:43:fa:af:20:ff:0e:ce:ee:44:ea:b4:4b:9e:03:a3:
         a2:2d:b0:d3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZjEJloW6Xr9HSmLaJzyUOW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwODE5MjEwNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Q3OWM1Nzc4NjRmZjlkMjgyYzExNjQyNWIyYjdiZWQ3ODNmYWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCnfJzGrIE5CGD9/j2Ep6BQWqz8a
5fizjSbrUPM8Kv2vGfMxHo3ZPre5+9BW2nj84xM/XbJN+hZZDOTmySvak99XZQuG
JUkafd4ngC0t7fDZ6xQ/UpYddFIF5fp3yBvWghAsFJ6pyrRnw/K60jerkExlbpn9
QCTYcqnVd/yP2gTeOYyx2l82fjTklXqIZLqtm5rq/vDPyje5yJannJmIQvkkIaLp
CG0IdtHV2/Dbda9pLzVWVXBfVqndf+EsjyB3deBT8jeFRWKQUmZ5ld7MpvY+qSL9
9QJmkDM+vK6H/+/06iEheXlwc8/sQMype6v+doy5mgB3HatZJlRA3WpABwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOzXnFd4ZP+dKCwRZCWyt77Xg/qgMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvN05lY1YzaGtfNTBvTEJGa0piSzN2dGVELXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+oWAwQA
wjsGAwQAwnTrMA0GCSqGSIb3DQEBCwUAA4IBAQBR8maqZ9z/aH4GeWNxmYhowivA
EMPK0y9geGgKz0OmyceO2EwgxLS1p+alvWq8utmiJ7GAvY0yFvoi96OA8VPsaaBq
vdZXKurxbfP7Vohxg6h1KtBrawmqJvkLGbCczz9H6oI9PMCL1PM5k+ctOYawmwVR
ilr5v/5KJRfjFIt1UB86/MznnBm5JCFKyu7ojcsdK8auBwxTGIVKWeDsby+UNR/S
pu+2TyMbJQLtONnw8MgNWc88YorivkNOFZorpL3GnSKzIjivWzaVCe54WDBH3k1r
LKnb19chatrC+SV7TQhh+08N7Q2TFMGFFN9D+q8g/w7O7kTqtEueA6OiLbDT
-----END CERTIFICATE-----