Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xy46TwggnFDGpoudl5__2LORVcc.roa
File:                     Xy46TwggnFDGpoudl5__2LORVcc.roa (raw, json)
Hash identifier:          1GMnSzV4xy+04X7B6wk/M/QRksEax5u+UNIRLCP14Ms=
Subject key identifier:   5F:2E:3A:4F:08:20:9C:50:C6:A6:8B:9D:97:9F:FF:D8:B3:91:55:C7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019A49A297B53802419336CB197B671F7AC8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xy46TwggnFDGpoudl5__2LORVcc.roa
Signing time:             Mon 03 Nov 2025 12:13:03 +0000
ROA not before:           Mon 03 Nov 2025 12:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211674
IP address blocks:        193.37.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 07:19:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:a2:97:b5:38:02:41:93:36:cb:19:7b:67:1f:7a:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov  3 12:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f2e3a4f08209c50c6a68b9d979fffd8b39155c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:08:85:a9:26:f0:4b:3e:8e:11:4d:ad:f1:38:
                    22:3a:5b:10:15:b7:3d:95:57:ff:55:73:fb:e4:75:
                    0d:a3:6d:03:57:a1:8e:d7:d8:d1:71:74:55:60:7e:
                    5e:21:34:07:75:f5:3f:f5:1f:9c:90:a3:25:da:58:
                    ae:b8:44:40:78:07:71:d7:73:49:42:9d:42:cf:92:
                    6b:b3:f6:87:1f:78:6b:e0:71:14:4f:36:b1:81:b7:
                    fd:09:a3:a3:d9:d9:f3:31:b6:0c:5e:5b:c0:2a:6d:
                    4a:6d:e3:72:66:5a:87:9b:2a:09:0b:ba:2a:8c:20:
                    a9:3a:3e:36:c2:b7:70:87:b5:0f:eb:ba:14:94:da:
                    23:41:27:3b:c7:ba:c8:93:1f:50:93:a9:0c:c4:ba:
                    86:7f:da:f3:8d:9c:b5:67:90:af:71:93:12:dd:1d:
                    58:da:ae:7a:07:82:a9:85:1a:77:61:23:c2:43:1f:
                    d7:72:78:80:47:ff:c9:49:1e:55:3d:1d:89:36:55:
                    1a:f2:ff:11:ae:28:bf:5c:7c:7a:34:f9:b8:8b:4e:
                    56:89:f1:a7:98:67:1b:01:0c:a0:02:b9:6a:f8:0b:
                    62:dc:dd:6e:13:29:ac:51:db:0f:a1:76:12:b4:d2:
                    e9:6c:bf:6c:bf:14:e5:51:83:42:19:e3:99:ca:72:
                    7f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:2E:3A:4F:08:20:9C:50:C6:A6:8B:9D:97:9F:FF:D8:B3:91:55:C7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xy46TwggnFDGpoudl5__2LORVcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:d2:9a:04:06:48:f9:d3:e4:ef:b6:22:2e:84:11:37:af:24:
         63:b7:af:53:5e:3c:12:10:85:0f:8d:99:fd:ef:23:d9:26:92:
         8f:18:d5:79:d0:ba:1f:cf:2c:8f:2a:d0:94:34:34:27:27:1b:
         7e:af:33:c4:22:c3:38:04:80:62:ff:8b:ea:a1:2c:38:37:c5:
         09:54:8f:02:c4:d8:9b:4e:e2:5a:bc:4d:71:bd:17:aa:52:1d:
         13:ad:8e:91:e5:2f:0e:d6:b2:4a:04:59:77:77:54:de:d7:a2:
         ea:5a:81:3d:8a:87:2b:32:1c:05:bf:1a:d1:09:21:f8:f5:49:
         ee:0e:f2:2e:2c:86:33:87:4f:7a:03:c8:40:53:b1:50:cb:74:
         52:1b:4b:89:68:08:71:24:9b:60:e6:d1:9d:ce:b2:05:c7:2a:
         c2:68:e8:ff:b9:a7:16:db:84:3b:9c:9a:78:80:98:d5:e8:28:
         81:a3:ec:9b:46:92:57:3d:1a:5c:ba:92:a7:d3:6a:48:79:ec:
         80:bc:35:f4:4b:52:74:97:4f:43:b8:8d:a0:e6:24:84:26:69:
         6d:0d:7b:b9:fc:19:c4:c1:eb:1a:ab:12:e9:e0:41:f8:12:17:
         6f:c3:e4:a0:13:f3:3c:09:35:33:79:50:73:3d:53:35:e3:37:
         15:06:aa:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpJope1OAJBkzbLGXtnH3rIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUxMTAzMTIxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjJlM2E0ZjA4MjA5YzUwYzZhNjhiOWQ5NzlmZmZkOGIzOTE1NWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgiFqSbwSz6OEU2t8TgiOlsQFbc9
lVf/VXP75HUNo20DV6GO19jRcXRVYH5eITQHdfU/9R+ckKMl2liuuERAeAdx13NJ
Qp1Cz5Jrs/aHH3hr4HEUTzaxgbf9CaOj2dnzMbYMXlvAKm1KbeNyZlqHmyoJC7oq
jCCpOj42wrdwh7UP67oUlNojQSc7x7rIkx9Qk6kMxLqGf9rzjZy1Z5CvcZMS3R1Y
2q56B4KphRp3YSPCQx/XcniAR//JSR5VPR2JNlUa8v8Rrii/XHx6NPm4i05WifGn
mGcbAQygArlq+Ati3N1uEymsUdsPoXYStNLpbL9svxTlUYNCGeOZynJ/fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8uOk8IIJxQxqaLnZef/9izkVXHMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWHk0NlR3Z2duRkRHcG91ZGw1X18yTE9SVmNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSUoMA0G
CSqGSIb3DQEBCwUAA4IBAQCW0poEBkj50+TvtiIuhBE3ryRjt69TXjwSEIUPjZn9
7yPZJpKPGNV50LofzyyPKtCUNDQnJxt+rzPEIsM4BIBi/4vqoSw4N8UJVI8CxNib
TuJavE1xvReqUh0TrY6R5S8O1rJKBFl3d1Te16LqWoE9iocrMhwFvxrRCSH49Unu
DvIuLIYzh096A8hAU7FQy3RSG0uJaAhxJJtg5tGdzrIFxyrCaOj/uacW24Q7nJp4
gJjV6CiBo+ybRpJXPRpcupKn02pIeeyAvDX0S1J0l09DuI2g5iSEJmltDXu5/BnE
wesaqxLp4EH4Ehdvw+SgE/M8CTUzeVBzPVM14zcVBqqe
-----END CERTIFICATE-----