Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ILTYsVMgUEYQjMg-mignIQ88Mx8.roa
File:                     ILTYsVMgUEYQjMg-mignIQ88Mx8.roa (raw, json)
Hash identifier:          RXiquxafeu/Dhm9xTz86zv1CPUjAud260ycyu38uy3U=
Subject key identifier:   20:B4:D8:B1:53:20:50:46:10:8C:C8:3E:9A:28:27:21:0F:3C:33:1F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0199FC24E1074D12D9C86DC87573B5507E25
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ILTYsVMgUEYQjMg-mignIQ88Mx8.roa
Signing time:             Sun 19 Oct 2025 11:04:59 +0000
ROA not before:           Sun 19 Oct 2025 11:04:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34927
IP address blocks:        45.90.18.0/24 maxlen: 24
                          185.225.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fc:24:e1:07:4d:12:d9:c8:6d:c8:75:73:b5:50:7e:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct 19 11:04:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20b4d8b153205046108cc83e9a2827210f3c331f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ef:74:ec:bd:1d:a4:33:5d:da:90:33:d7:77:
                    eb:6f:89:72:1d:b0:56:cf:c8:54:1a:be:4d:76:37:
                    f6:56:ee:ac:6f:35:db:80:ac:1d:11:72:c5:a5:bf:
                    82:85:dd:2a:e1:12:20:6f:0a:6e:cf:3d:12:4e:72:
                    0d:55:33:d8:53:9a:8b:ac:5f:69:c9:1a:d0:a6:fb:
                    1c:70:de:5a:2c:95:4a:d4:1d:76:8b:d7:7a:d5:fa:
                    e3:75:38:c2:14:25:83:72:57:25:6f:3f:0c:51:6a:
                    60:a6:72:ef:2a:0d:fc:7d:0d:df:24:44:6c:c7:44:
                    9d:48:09:fd:18:8b:4b:cb:5e:04:7b:07:00:4b:b8:
                    69:98:e6:40:50:ce:26:b9:ac:d5:fe:d2:bf:d7:a8:
                    22:b7:4f:55:ec:9d:8b:9d:93:26:51:e6:f0:dd:14:
                    12:cf:21:01:5c:65:33:c3:47:1e:b4:24:60:93:ab:
                    12:e9:74:04:92:38:58:a2:9c:71:90:42:eb:8d:15:
                    c5:7a:2a:f6:ab:c8:f2:25:ee:15:32:52:08:c6:cb:
                    70:30:7e:7d:67:ef:78:09:7e:37:8e:45:11:10:de:
                    b6:53:62:06:36:fc:60:e5:d8:b0:f4:4e:68:8f:51:
                    24:26:2d:63:d2:8b:82:e7:2d:86:21:2c:3d:91:89:
                    a5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B4:D8:B1:53:20:50:46:10:8C:C8:3E:9A:28:27:21:0F:3C:33:1F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ILTYsVMgUEYQjMg-mignIQ88Mx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.18.0/24
                  185.225.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:f7:be:d5:d7:9b:b6:fd:63:b0:ad:ca:1c:9a:6d:e2:ae:9e:
         9b:ec:12:48:f6:d9:24:82:fd:bf:fb:43:92:f0:d3:f8:56:2c:
         ea:04:d6:3d:b9:f5:6e:34:e1:95:ab:34:77:5f:fd:5b:06:63:
         df:4a:76:c8:39:e6:03:a4:b5:09:65:da:67:03:f9:a9:8f:e8:
         4d:76:d8:bd:72:25:d1:e7:27:40:77:b1:0c:8b:5c:ab:aa:57:
         65:ec:a7:ef:4c:83:98:61:2c:fd:a2:5a:6a:ce:a1:da:7b:f1:
         95:d5:b8:0c:5f:47:f1:3b:c4:2a:1f:4b:90:10:c3:08:38:46:
         b7:70:a8:4e:85:f8:ac:14:f4:25:77:7c:80:ea:2d:a6:df:05:
         ef:24:b4:96:39:56:4c:bc:b6:c4:e9:80:dd:e0:71:3c:62:e9:
         e9:38:ba:e4:c5:74:64:fb:b5:56:e7:7d:bb:fc:a0:ba:cb:82:
         d4:56:be:8e:b1:23:e2:e1:68:e5:10:50:94:7c:ce:ce:97:c3:
         2a:7a:31:33:00:e0:7e:42:a5:83:54:0c:42:bb:15:7f:ab:df:
         03:63:63:ef:80:42:9c:20:ab:ff:24:de:1f:3b:e0:a8:27:8f:
         7c:00:11:27:cd:4b:2e:97:ea:ff:b3:d7:42:f2:ee:fb:78:99:
         cc:2e:29:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZn8JOEHTRLZyG3IdXO1UH4lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUxMDE5MTEwNDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGI0ZDhiMTUzMjA1MDQ2MTA4Y2M4M2U5YTI4MjcyMTBmM2MzMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5e907L0dpDNd2pAz13frb4lyHbBW
z8hUGr5Ndjf2Vu6sbzXbgKwdEXLFpb+Chd0q4RIgbwpuzz0STnINVTPYU5qLrF9p
yRrQpvsccN5aLJVK1B12i9d61frjdTjCFCWDclclbz8MUWpgpnLvKg38fQ3fJERs
x0SdSAn9GItLy14EewcAS7hpmOZAUM4muazV/tK/16git09V7J2LnZMmUebw3RQS
zyEBXGUzw0cetCRgk6sS6XQEkjhYopxxkELrjRXFeir2q8jyJe4VMlIIxstwMH59
Z+94CX43jkUREN62U2IGNvxg5diw9E5oj1EkJi1j0ouC5y2GISw9kYmlSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCC02LFTIFBGEIzIPpooJyEPPDMfMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSUxUWXNWTWdVRVlRak1nLW1pZ25JUTg4TXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVoSAwQA
ueEDMA0GCSqGSIb3DQEBCwUAA4IBAQAH977V15u2/WOwrcocmm3irp6b7BJI9tkk
gv2/+0OS8NP4VizqBNY9ufVuNOGVqzR3X/1bBmPfSnbIOeYDpLUJZdpnA/mpj+hN
dti9ciXR5ydAd7EMi1yrqldl7KfvTIOYYSz9olpqzqHae/GV1bgMX0fxO8QqH0uQ
EMMIOEa3cKhOhfisFPQld3yA6i2m3wXvJLSWOVZMvLbE6YDd4HE8YunpOLrkxXRk
+7VW5327/KC6y4LUVr6OsSPi4WjlEFCUfM7Ol8MqejEzAOB+QqWDVAxCuxV/q98D
Y2PvgEKcIKv/JN4fO+CoJ498ABEnzUsul+r/s9dC8u77eJnMLing
-----END CERTIFICATE-----