Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/795ed9-8fad-4c44-8583-06ca709a3c59/1/Ay7JoslT6EAyHRaULsBRtIZWwog.roa
File:                     Ay7JoslT6EAyHRaULsBRtIZWwog.roa (raw, json)
Hash identifier:          gTv3k9NPlg2vVpHAiGMl3DtLPA9ZFxKifPWXSsGIZk8=
Subject key identifier:   03:2E:C9:A2:C9:53:E8:40:32:1D:16:94:2E:C0:51:B4:86:56:C2:88
Certificate issuer:       /CN=b5cb2b5eaf3cc15dd4b3b23ad8b9472a5240c03b
Certificate serial:       0198854FEFC1183E83B2AB53406864750852
Authority key identifier: B5:CB:2B:5E:AF:3C:C1:5D:D4:B3:B2:3A:D8:B9:47:2A:52:40:C0:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcsrXq88wV3Us7I62LlHKlJAwDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/795ed9-8fad-4c44-8583-06ca709a3c59/1/Ay7JoslT6EAyHRaULsBRtIZWwog.roa
Signing time:             Thu 07 Aug 2025 16:14:24 +0000
ROA not before:           Thu 07 Aug 2025 16:14:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60476
IP address blocks:        185.30.176.0/22 maxlen: 22
                          2a14:25c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/795ed9-8fad-4c44-8583-06ca709a3c59/1/tcsrXq88wV3Us7I62LlHKlJAwDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/795ed9-8fad-4c44-8583-06ca709a3c59/1/tcsrXq88wV3Us7I62LlHKlJAwDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcsrXq88wV3Us7I62LlHKlJAwDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:85:4f:ef:c1:18:3e:83:b2:ab:53:40:68:64:75:08:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5cb2b5eaf3cc15dd4b3b23ad8b9472a5240c03b
        Validity
            Not Before: Aug  7 16:14:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=032ec9a2c953e840321d16942ec051b48656c288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e4:d1:3a:6e:d2:85:5d:55:93:90:76:4e:e1:
                    3b:03:77:61:0a:52:90:c6:a1:5e:22:f5:7b:5b:3b:
                    e2:aa:a9:fb:15:db:f5:1c:2a:5f:3b:08:9c:12:5c:
                    f2:32:d6:aa:75:6f:07:58:ab:8c:c7:14:6e:b2:11:
                    75:f6:d0:d2:2e:cc:69:5b:30:f0:7a:5a:02:74:fb:
                    d3:eb:36:e5:70:22:4f:49:f6:9d:eb:40:90:91:ca:
                    94:74:44:9e:a5:17:9d:48:ec:20:56:22:ef:96:b8:
                    64:e9:0d:72:94:43:97:3e:92:49:73:ac:8f:2d:53:
                    49:e6:dc:d1:c9:b3:17:1e:b2:9d:0d:0e:62:ef:d2:
                    f8:d4:ed:18:b3:2d:d1:2b:69:72:3d:37:27:5b:bc:
                    d5:81:39:d4:7c:63:6e:16:5a:b6:28:68:e9:11:3b:
                    8f:19:02:f5:24:84:93:1d:f5:b7:f4:04:ea:3a:ca:
                    91:9d:0a:e1:01:51:8d:56:d4:ec:a1:81:c0:d8:99:
                    07:62:31:ac:5c:ea:e3:4c:42:a7:43:20:0a:d4:29:
                    00:2b:8f:5e:36:7d:ad:e8:fd:d0:22:70:e9:48:1e:
                    7f:4c:64:0f:71:ad:7d:30:ad:8f:c4:b0:64:09:e8:
                    18:96:91:7d:fe:28:12:cd:97:3a:4c:3f:84:86:80:
                    d6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:2E:C9:A2:C9:53:E8:40:32:1D:16:94:2E:C0:51:B4:86:56:C2:88
            X509v3 Authority Key Identifier:
                keyid:B5:CB:2B:5E:AF:3C:C1:5D:D4:B3:B2:3A:D8:B9:47:2A:52:40:C0:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcsrXq88wV3Us7I62LlHKlJAwDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/795ed9-8fad-4c44-8583-06ca709a3c59/1/Ay7JoslT6EAyHRaULsBRtIZWwog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/795ed9-8fad-4c44-8583-06ca709a3c59/1/tcsrXq88wV3Us7I62LlHKlJAwDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.176.0/22
                IPv6:
                  2a14:25c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:d2:5b:67:2f:5c:37:ed:0d:70:3b:70:65:0f:ef:c1:ea:6e:
         c2:8d:99:63:6d:83:8e:60:0b:7f:23:ec:ca:a1:b6:9c:c4:2f:
         4c:c6:d6:17:15:cb:39:6e:18:62:1c:3c:65:5b:6a:54:ad:57:
         79:6a:8a:ec:16:8d:d5:74:37:98:49:5c:01:9e:dc:e1:dc:fd:
         f8:ca:1d:22:90:48:65:75:79:24:30:89:92:64:80:76:d6:99:
         38:d9:ad:93:a7:e3:f1:db:5f:f7:91:ff:63:82:82:a4:42:a9:
         50:20:55:f5:61:af:02:1a:a9:86:b9:ec:88:0e:5e:fb:64:e1:
         73:fe:79:95:ba:17:3c:25:1d:ae:23:a0:b0:9b:41:5f:ab:1f:
         bf:71:d2:29:0a:23:7e:05:0b:d4:eb:a2:3e:30:7d:28:96:1e:
         4c:0e:9a:98:39:1c:b2:cb:50:05:9c:71:ca:5b:c7:02:17:8f:
         f6:ac:2e:8e:a6:ba:9b:a1:47:5c:66:34:87:4e:4e:41:aa:87:
         08:da:38:f0:d5:d0:5e:b8:98:2f:94:8d:77:a3:d4:db:f4:95:
         2e:6b:c0:3e:9f:a7:5d:83:41:fc:9f:c6:08:1d:d3:57:ec:b9:
         ea:4b:f4:d4:d0:b6:09:1c:a8:39:b5:e1:54:7e:5e:4f:8a:85:
         d8:89:5c:9a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZiFT+/BGD6DsqtTQGhkdQhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1Y2IyYjVlYWYzY2MxNWRkNGIzYjIzYWQ4Yjk0NzJhNTI0
MGMwM2IwHhcNMjUwODA3MTYxNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzJlYzlhMmM5NTNlODQwMzIxZDE2OTQyZWMwNTFiNDg2NTZjMjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuTROm7ShV1Vk5B2TuE7A3dhClKQ
xqFeIvV7Wzviqqn7Fdv1HCpfOwicElzyMtaqdW8HWKuMxxRushF19tDSLsxpWzDw
eloCdPvT6zblcCJPSfad60CQkcqUdESepRedSOwgViLvlrhk6Q1ylEOXPpJJc6yP
LVNJ5tzRybMXHrKdDQ5i79L41O0Ysy3RK2lyPTcnW7zVgTnUfGNuFlq2KGjpETuP
GQL1JISTHfW39ATqOsqRnQrhAVGNVtTsoYHA2JkHYjGsXOrjTEKnQyAK1CkAK49e
Nn2t6P3QInDpSB5/TGQPca19MK2PxLBkCegYlpF9/igSzZc6TD+EhoDWdwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAMuyaLJU+hAMh0WlC7AUbSGVsKIMB8GA1UdIwQY
MBaAFLXLK16vPMFd1LOyOti5RypSQMA7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNzclhxODh3VjNVczdJNjJMbEhLbEpBd0RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS83OTVlZDktOGZhZC00YzQ0LTg1ODMt
MDZjYTcwOWEzYzU5LzEvQXk3Sm9zbFQ2RUF5SFJhVUxzQlJ0SVpXd29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS83OTVlZDktOGZhZC00YzQ0LTg1ODMtMDZjYTcwOWEzYzU5
LzEvdGNzclhxODh3VjNVczdJNjJMbEhLbEpBd0RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR6wMA0E
AgACMAcDBQAqFCXBMA0GCSqGSIb3DQEBCwUAA4IBAQCY0ltnL1w37Q1wO3BlD+/B
6m7CjZljbYOOYAt/I+zKobacxC9MxtYXFcs5bhhiHDxlW2pUrVd5aorsFo3VdDeY
SVwBntzh3P34yh0ikEhldXkkMImSZIB21pk42a2Tp+Px21/3kf9jgoKkQqlQIFX1
Ya8CGqmGueyIDl77ZOFz/nmVuhc8JR2uI6Cwm0Ffqx+/cdIpCiN+BQvU66I+MH0o
lh5MDpqYORyyy1AFnHHKW8cCF4/2rC6OprqboUdcZjSHTk5BqocI2jjw1dBeuJgv
lI13o9Tb9JUua8A+n6ddg0H8n8YIHdNX7LnqS/TU0LYJHKg5teFUfl5PioXYiVya
-----END CERTIFICATE-----