Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/EXTeJ0xnJWTRkgHDu_AxpeIu9iA.roa
File:                     EXTeJ0xnJWTRkgHDu_AxpeIu9iA.roa (raw, json)
Hash identifier:          qrWsqJSnf72iIeO/vT24niegliGNcW4B28Wyc7Pg4x4=
Subject key identifier:   11:74:DE:27:4C:67:25:64:D1:92:01:C3:BB:F0:31:A5:E2:2E:F6:20
Certificate issuer:       /CN=cbc83c392c5421c595cd5fb79428e8275bdb594c
Certificate serial:       01986F3609A66B3CBD4C81CE1FBF8F3DEECB
Authority key identifier: CB:C8:3C:39:2C:54:21:C5:95:CD:5F:B7:94:28:E8:27:5B:DB:59:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/EXTeJ0xnJWTRkgHDu_AxpeIu9iA.roa
Signing time:             Sun 03 Aug 2025 09:14:28 +0000
ROA not before:           Sun 03 Aug 2025 09:14:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        146.19.177.0/24 maxlen: 24
                          2a13:88c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6f:36:09:a6:6b:3c:bd:4c:81:ce:1f:bf:8f:3d:ee:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbc83c392c5421c595cd5fb79428e8275bdb594c
        Validity
            Not Before: Aug  3 09:14:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1174de274c672564d19201c3bbf031a5e22ef620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c0:b0:0d:04:97:1e:86:6c:3a:75:e4:51:b0:
                    20:51:62:93:16:5e:a5:8a:c7:98:79:b2:3f:18:ff:
                    e6:ca:97:86:b8:b8:dc:d5:25:ba:52:f8:d3:92:37:
                    f1:0d:28:c1:eb:2f:2f:da:27:d8:51:9a:d2:47:66:
                    19:e2:ea:7b:8f:27:18:bc:0f:bf:3f:17:ae:c3:b6:
                    50:be:b4:74:8e:58:3f:55:7f:5a:34:ec:f0:2c:32:
                    c7:0c:dc:c3:31:53:e2:88:de:9e:4d:78:60:ba:a6:
                    8a:6b:bd:be:a8:cf:fb:6d:c8:b7:1a:b7:a8:bf:43:
                    5b:b3:8b:ad:c0:54:e3:5a:96:8c:fa:d4:af:4f:56:
                    7b:90:d2:5c:d2:90:8e:24:2a:dc:d2:09:c8:87:3b:
                    a6:28:eb:b0:fb:44:30:03:48:e1:b3:86:74:7e:a2:
                    16:af:3e:4c:39:6a:0a:bf:58:d5:2a:b9:8d:95:3d:
                    93:72:de:3d:cc:49:3c:fa:31:46:61:96:ee:fb:1e:
                    c7:1b:31:21:e6:af:8a:51:cd:a5:3b:8b:6e:21:d4:
                    0b:aa:3a:58:37:53:3c:20:1d:5e:78:5e:6b:37:2a:
                    d4:94:cb:4f:d6:44:ea:00:21:ed:26:fd:d8:d5:cf:
                    08:5f:1a:78:37:db:d7:61:9c:32:6c:21:6c:a2:5b:
                    e1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:74:DE:27:4C:67:25:64:D1:92:01:C3:BB:F0:31:A5:E2:2E:F6:20
            X509v3 Authority Key Identifier:
                keyid:CB:C8:3C:39:2C:54:21:C5:95:CD:5F:B7:94:28:E8:27:5B:DB:59:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/EXTeJ0xnJWTRkgHDu_AxpeIu9iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/3052de-558b-4334-8a70-9ad33ae653ad/1/y8g8OSxUIcWVzV-3lCjoJ1vbWUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.177.0/24
                IPv6:
                  2a13:88c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:c6:ac:b0:45:5b:08:c6:ee:dd:50:06:f5:7a:28:c8:b2:44:
         3c:00:3d:90:57:d3:65:6c:cc:50:14:95:6f:e9:8c:d4:7d:8a:
         ad:fa:d5:de:2e:7a:c1:fa:83:77:74:78:30:be:3b:fd:a1:8f:
         80:42:83:03:e9:8d:1d:82:60:a7:77:16:fb:aa:34:41:b7:1f:
         b0:38:3c:77:de:e8:cb:f0:54:78:64:88:ce:85:68:98:1d:d2:
         85:62:f6:b0:76:7d:c9:a3:fb:4c:cd:97:05:37:24:d8:46:56:
         fe:0a:fd:fe:34:46:b9:2a:86:13:3e:a1:a6:09:cf:2d:e7:a1:
         f8:86:cb:af:09:f5:80:4d:df:31:5f:c0:5a:cf:6b:32:71:8f:
         3d:13:c6:7c:03:0a:05:ea:25:0b:c7:d5:d5:9e:57:cc:7e:a0:
         65:5e:d4:98:3d:eb:78:25:fe:fd:b3:fe:8c:1f:05:fc:a0:57:
         74:84:05:3b:d9:36:88:bc:e0:35:e5:9f:58:3d:6c:8c:cb:8a:
         5e:bd:81:e6:a5:c1:f2:42:c8:b6:12:de:12:4c:9a:39:09:d2:
         cf:0f:88:6e:5a:a4:3b:79:2e:c8:67:31:50:26:d7:a0:b7:a9:
         ca:d8:07:55:6b:ac:54:a7:c2:23:6d:3e:08:96:ec:be:3e:5c:
         3a:05:11:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhvNgmmazy9TIHOH7+PPe7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYzgzYzM5MmM1NDIxYzU5NWNkNWZiNzk0MjhlODI3NWJk
YjU5NGMwHhcNMjUwODAzMDkxNDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTc0ZGUyNzRjNjcyNTY0ZDE5MjAxYzNiYmYwMzFhNWUyMmVmNjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8CwDQSXHoZsOnXkUbAgUWKTFl6l
iseYebI/GP/mypeGuLjc1SW6UvjTkjfxDSjB6y8v2ifYUZrSR2YZ4up7jycYvA+/
Pxeuw7ZQvrR0jlg/VX9aNOzwLDLHDNzDMVPiiN6eTXhguqaKa72+qM/7bci3Greo
v0Nbs4utwFTjWpaM+tSvT1Z7kNJc0pCOJCrc0gnIhzumKOuw+0QwA0jhs4Z0fqIW
rz5MOWoKv1jVKrmNlT2Tct49zEk8+jFGYZbu+x7HGzEh5q+KUc2lO4tuIdQLqjpY
N1M8IB1eeF5rNyrUlMtP1kTqACHtJv3Y1c8IXxp4N9vXYZwybCFsolvhowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBF03idMZyVk0ZIBw7vwMaXiLvYgMB8GA1UdIwQY
MBaAFMvIPDksVCHFlc1ft5Qo6Cdb21lMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveThnOE9TeFVJY1dWelYtM2xDam9KMXZiV1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zMDUyZGUtNTU4Yi00MzM0LThhNzAt
OWFkMzNhZTY1M2FkLzEvRVhUZUoweG5KV1RSa2dIRHVfQXhwZUl1OWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zMDUyZGUtNTU4Yi00MzM0LThhNzAtOWFkMzNhZTY1M2Fk
LzEveThnOE9TeFVJY1dWelYtM2xDam9KMXZiV1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAkhOxMA0E
AgACMAcDBQMqE4jAMA0GCSqGSIb3DQEBCwUAA4IBAQBbxqywRVsIxu7dUAb1eijI
skQ8AD2QV9NlbMxQFJVv6YzUfYqt+tXeLnrB+oN3dHgwvjv9oY+AQoMD6Y0dgmCn
dxb7qjRBtx+wODx33ujL8FR4ZIjOhWiYHdKFYvawdn3Jo/tMzZcFNyTYRlb+Cv3+
NEa5KoYTPqGmCc8t56H4hsuvCfWATd8xX8Baz2sycY89E8Z8AwoF6iULx9XVnlfM
fqBlXtSYPet4Jf79s/6MHwX8oFd0hAU72TaIvOA15Z9YPWyMy4pevYHmpcHyQsi2
Et4STJo5CdLPD4huWqQ7eS7IZzFQJtegt6nK2AdVa6xUp8IjbT4Iluy+Plw6BRHh
-----END CERTIFICATE-----