Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/hJ2Q_kNZVtX9DYCp6pRdbULfToU.roa
File:                     hJ2Q_kNZVtX9DYCp6pRdbULfToU.roa (raw, json)
Hash identifier:          Bj3orwiHHH0lwtlViSgWz8igoGg/S7618D6XjO8Tllo=
Subject key identifier:   84:9D:90:FE:43:59:56:D5:FD:0D:80:A9:EA:94:5D:6D:42:DF:4E:85
Certificate issuer:       /CN=abbad3de831da94222c1add104caf4c3247689ac
Certificate serial:       01989F6C325112726E01520042C0CCA8126B
Authority key identifier: AB:BA:D3:DE:83:1D:A9:42:22:C1:AD:D1:04:CA:F4:C3:24:76:89:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/hJ2Q_kNZVtX9DYCp6pRdbULfToU.roa
Signing time:             Tue 12 Aug 2025 17:55:24 +0000
ROA not before:           Tue 12 Aug 2025 17:55:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57844
IP address blocks:        212.68.188.0/22 maxlen: 22
                          212.68.188.0/24 maxlen: 24
                          212.68.189.0/24 maxlen: 24
                          212.68.190.0/24 maxlen: 24
                          212.68.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9f:6c:32:51:12:72:6e:01:52:00:42:c0:cc:a8:12:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abbad3de831da94222c1add104caf4c3247689ac
        Validity
            Not Before: Aug 12 17:55:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=849d90fe435956d5fd0d80a9ea945d6d42df4e85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:8f:6b:86:d5:81:51:b9:19:1c:f9:78:5b:b3:
                    5c:8e:d1:57:94:91:c2:e2:9f:4b:09:be:2a:bd:94:
                    c5:02:64:a7:c2:a1:07:d8:37:f4:62:1c:51:b0:4c:
                    f2:5a:1b:0a:69:03:f8:32:7f:48:fd:a0:cb:aa:c2:
                    ca:e2:fc:24:f9:78:75:fc:33:86:65:90:ac:fe:6f:
                    61:38:0f:07:8d:bc:a2:0f:4b:0e:66:6d:04:1e:dc:
                    14:86:44:49:14:1b:65:42:8b:4f:8e:c4:04:ea:00:
                    bf:fc:a1:ab:4a:30:bf:7a:92:34:25:2e:60:2d:81:
                    9a:56:0e:fc:4c:c5:87:f9:ac:91:77:ad:6c:66:b1:
                    2d:46:f7:e5:c6:95:c0:ee:2c:53:01:c1:57:68:6c:
                    2e:c8:4d:d6:92:00:33:18:42:b8:90:0f:82:4b:37:
                    53:fa:1b:a3:5e:02:bf:af:88:52:71:4b:95:8a:d6:
                    74:b8:c6:04:f7:54:04:d3:66:fe:b3:43:06:ca:61:
                    11:0a:91:6a:dc:d5:13:bc:aa:44:57:63:42:a6:73:
                    98:a9:ba:d8:b1:5c:aa:97:6e:6e:c9:a6:91:bc:ca:
                    e6:e5:45:66:6e:54:74:cb:03:ab:48:65:ac:e4:31:
                    90:eb:64:42:58:32:7a:3b:86:82:e2:f2:8e:66:c7:
                    2f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:9D:90:FE:43:59:56:D5:FD:0D:80:A9:EA:94:5D:6D:42:DF:4E:85
            X509v3 Authority Key Identifier:
                keyid:AB:BA:D3:DE:83:1D:A9:42:22:C1:AD:D1:04:CA:F4:C3:24:76:89:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q7rT3oMdqUIiwa3RBMr0wyR2iaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/hJ2Q_kNZVtX9DYCp6pRdbULfToU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8e8149-d53c-4992-bd07-55c434eec96c/1/q7rT3oMdqUIiwa3RBMr0wyR2iaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.68.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:b8:a8:71:0b:f0:63:65:bf:90:a1:70:16:52:d5:3b:47:f2:
         aa:00:d3:4f:f6:42:da:de:1a:75:ce:5f:55:b7:de:5c:91:bf:
         69:57:85:4d:8f:d8:44:18:98:67:0e:43:9e:b5:56:88:6c:81:
         94:a1:7a:2b:fe:cb:ce:bd:7f:a6:22:66:34:13:1c:11:01:6a:
         d6:46:13:4d:50:6b:5b:ef:39:83:31:49:18:0b:6f:25:9b:42:
         02:1f:05:f1:8c:66:de:1d:0f:e8:a7:71:b3:41:8f:01:6b:c6:
         96:cb:f2:33:ea:43:ff:e6:d4:78:23:c8:79:44:74:ba:f3:6c:
         6a:6b:f6:dc:5f:4f:89:d5:8a:69:af:ca:1d:c5:cf:b7:ac:f8:
         1f:64:09:2e:01:8f:c4:90:7a:4b:18:fe:27:bc:93:5e:04:f1:
         02:60:b1:4a:78:63:f9:73:a9:aa:5f:f4:1c:19:5f:e3:40:43:
         6c:9e:22:a1:67:0f:52:c1:40:d8:2c:98:28:7b:a1:3b:24:a0:
         f0:f3:32:07:7d:27:87:a0:9c:fb:64:f9:0d:2a:6c:03:1d:5f:
         6f:44:ee:0e:8c:5e:f7:87:5e:45:8f:c2:6c:23:26:67:b3:2e:
         18:9c:5e:d4:b7:5e:1f:3f:54:50:39:6f:e4:85:b9:44:87:3c:
         13:ea:dd:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZifbDJREnJuAVIAQsDMqBJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYmFkM2RlODMxZGE5NDIyMmMxYWRkMTA0Y2FmNGMzMjQ3
Njg5YWMwHhcNMjUwODEyMTc1NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDlkOTBmZTQzNTk1NmQ1ZmQwZDgwYTllYTk0NWQ2ZDQyZGY0ZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA549rhtWBUbkZHPl4W7NcjtFXlJHC
4p9LCb4qvZTFAmSnwqEH2Df0YhxRsEzyWhsKaQP4Mn9I/aDLqsLK4vwk+Xh1/DOG
ZZCs/m9hOA8HjbyiD0sOZm0EHtwUhkRJFBtlQotPjsQE6gC//KGrSjC/epI0JS5g
LYGaVg78TMWH+ayRd61sZrEtRvflxpXA7ixTAcFXaGwuyE3WkgAzGEK4kA+CSzdT
+hujXgK/r4hScUuVitZ0uMYE91QE02b+s0MGymERCpFq3NUTvKpEV2NCpnOYqbrY
sVyql25uyaaRvMrm5UVmblR0ywOrSGWs5DGQ62RCWDJ6O4aC4vKOZscvKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISdkP5DWVbV/Q2AqeqUXW1C306FMB8GA1UdIwQY
MBaAFKu6096DHalCIsGt0QTK9MMkdomsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTdyVDNvTWRxVUlpd2EzUkJNcjB3eVIyaWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZTgxNDktZDUzYy00OTkyLWJkMDct
NTVjNDM0ZWVjOTZjLzEvaEoyUV9rTlpWdFg5RFlDcDZwUmRiVUxmVG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZTgxNDktZDUzYy00OTkyLWJkMDctNTVjNDM0ZWVjOTZj
LzEvcTdyVDNvTWRxVUlpd2EzUkJNcjB3eVIyaWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ES8MA0G
CSqGSIb3DQEBCwUAA4IBAQBpuKhxC/BjZb+QoXAWUtU7R/KqANNP9kLa3hp1zl9V
t95ckb9pV4VNj9hEGJhnDkOetVaIbIGUoXor/svOvX+mImY0ExwRAWrWRhNNUGtb
7zmDMUkYC28lm0ICHwXxjGbeHQ/op3GzQY8Ba8aWy/Iz6kP/5tR4I8h5RHS682xq
a/bcX0+J1Yppr8odxc+3rPgfZAkuAY/EkHpLGP4nvJNeBPECYLFKeGP5c6mqX/Qc
GV/jQENsniKhZw9SwUDYLJgoe6E7JKDw8zIHfSeHoJz7ZPkNKmwDHV9vRO4OjF73
h15Fj8JsIyZnsy4YnF7Ut14fP1RQOW/khblEhzwT6t3Y
-----END CERTIFICATE-----