Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/pghJNCWH2c3hSWAmOWfyoPTaVCo.roa
File:                     pghJNCWH2c3hSWAmOWfyoPTaVCo.roa (raw, json)
Hash identifier:          3MgIR2t5YYsTlUp3+6FJ07pdXvIG9/iFEZ56WzoCufA=
Subject key identifier:   A6:08:49:34:25:87:D9:CD:E1:49:60:26:39:67:F2:A0:F4:DA:54:2A
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       01989ED8CBA835FDB91EA0557AC199404A23
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/pghJNCWH2c3hSWAmOWfyoPTaVCo.roa
Signing time:             Tue 12 Aug 2025 15:14:24 +0000
ROA not before:           Tue 12 Aug 2025 15:14:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207459
IP address blocks:        212.64.223.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:d8:cb:a8:35:fd:b9:1e:a0:55:7a:c1:99:40:4a:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Aug 12 15:14:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a60849342587d9cde14960263967f2a0f4da542a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:bc:de:c8:59:59:9a:78:35:24:de:aa:5d:65:
                    ee:b6:b1:15:63:17:91:6b:70:cc:49:ac:9e:cb:d4:
                    d8:96:3a:2e:91:d6:6f:63:df:75:f7:06:17:77:ad:
                    87:25:db:5c:f5:5b:41:83:d4:da:80:65:e2:1f:12:
                    20:b0:df:45:74:25:36:4e:45:29:73:af:31:02:2b:
                    bb:85:8d:22:34:1d:9b:c6:e6:58:69:99:e0:a0:da:
                    a7:49:f3:60:30:26:d2:9a:c6:c8:8f:8a:a5:c9:6a:
                    da:4b:c0:8b:d7:9b:f2:24:f4:94:fa:64:c0:0d:c8:
                    6e:a0:4f:7f:83:81:87:33:ca:3e:52:2d:44:25:f2:
                    9c:1a:94:0f:90:ef:0d:19:69:69:27:f4:37:f2:74:
                    2e:7b:13:36:2a:26:50:1c:84:6d:b2:b0:55:3b:2d:
                    8d:6b:00:f0:92:d7:eb:83:54:48:04:2e:34:c1:58:
                    40:8f:9f:d5:45:ac:cd:d0:46:94:26:8c:3a:49:1c:
                    70:d6:18:9b:20:40:01:c0:5f:8f:af:38:4f:1c:97:
                    3d:56:81:21:62:b4:13:2d:80:ea:bf:05:c5:5c:05:
                    d9:03:21:2b:8f:67:06:50:05:a8:7c:0b:4e:34:b7:
                    b1:28:9d:c2:92:4a:11:4e:e6:a1:da:65:b9:53:f1:
                    65:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:08:49:34:25:87:D9:CD:E1:49:60:26:39:67:F2:A0:F4:DA:54:2A
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/pghJNCWH2c3hSWAmOWfyoPTaVCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:d0:4a:56:c5:b3:f3:82:9d:aa:3f:fa:d7:dc:64:a5:39:9c:
         e8:ea:27:65:da:8c:1d:d4:2d:2c:d9:60:8a:5e:a2:4c:14:84:
         e7:59:c3:d0:c8:d5:c8:9b:8a:0e:46:2e:dd:69:ac:b3:f0:a9:
         55:68:94:4d:cc:f7:0d:e2:c6:13:1c:b4:4c:3b:40:dc:7f:56:
         07:4e:ea:8a:0b:43:7b:a0:53:c3:b4:83:83:63:b7:70:14:1d:
         6a:3d:2d:1b:10:f9:eb:d0:b3:e9:f6:24:4f:b6:6b:c9:b3:f4:
         5d:b5:54:f9:60:e2:3f:ad:16:e0:aa:87:1e:77:ac:b9:13:cc:
         2c:24:4b:1d:7d:9e:43:62:b7:50:70:0c:1c:17:5b:2f:c9:a2:
         b7:ba:1e:91:66:87:69:9d:0a:c7:29:b7:18:48:5b:a5:79:f5:
         47:d7:b8:48:92:db:60:53:86:e4:ef:59:73:27:f9:18:77:0b:
         6d:05:64:5e:c4:54:42:55:d6:61:9c:8c:fc:b1:5c:4f:da:2b:
         20:64:aa:69:f1:bf:d7:0a:db:1e:44:82:96:05:48:cd:33:ca:
         ce:0d:19:65:1f:5e:51:37:e3:3a:a2:9e:b3:c4:ed:a0:29:71:
         28:83:64:11:ee:93:7c:2c:09:e6:00:b1:9b:7f:41:f7:ac:0f:
         7f:0f:66:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZie2MuoNf25HqBVesGZQEojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjUwODEyMTUxNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjA4NDkzNDI1ODdkOWNkZTE0OTYwMjYzOTY3ZjJhMGY0ZGE1NDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7zeyFlZmng1JN6qXWXutrEVYxeR
a3DMSayey9TYljoukdZvY9919wYXd62HJdtc9VtBg9TagGXiHxIgsN9FdCU2TkUp
c68xAiu7hY0iNB2bxuZYaZngoNqnSfNgMCbSmsbIj4qlyWraS8CL15vyJPSU+mTA
DchuoE9/g4GHM8o+Ui1EJfKcGpQPkO8NGWlpJ/Q38nQuexM2KiZQHIRtsrBVOy2N
awDwktfrg1RIBC40wVhAj5/VRazN0EaUJow6SRxw1hibIEABwF+PrzhPHJc9VoEh
YrQTLYDqvwXFXAXZAyErj2cGUAWofAtONLexKJ3CkkoRTuah2mW5U/FlswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYISTQlh9nN4UlgJjln8qD02lQqMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvcGdoSk5DV0gyYzNoU1dBbU9XZnlvUFRhVkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EDfMA0G
CSqGSIb3DQEBCwUAA4IBAQAi0EpWxbPzgp2qP/rX3GSlOZzo6idl2owd1C0s2WCK
XqJMFITnWcPQyNXIm4oORi7daayz8KlVaJRNzPcN4sYTHLRMO0Dcf1YHTuqKC0N7
oFPDtIODY7dwFB1qPS0bEPnr0LPp9iRPtmvJs/RdtVT5YOI/rRbgqoced6y5E8ws
JEsdfZ5DYrdQcAwcF1svyaK3uh6RZodpnQrHKbcYSFulefVH17hIkttgU4bk71lz
J/kYdwttBWRexFRCVdZhnIz8sVxP2isgZKpp8b/XCtseRIKWBUjNM8rODRllH15R
N+M6op6zxO2gKXEog2QR7pN8LAnmALGbf0H3rA9/D2ZF
-----END CERTIFICATE-----