Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/dCfw3siXArkTGLHoDyVXC2auKAA.roa
File:                     dCfw3siXArkTGLHoDyVXC2auKAA.roa (raw, json)
Hash identifier:          SQrCEBJEirqiW+cvXfiwSLmWhEoZRiFeCKfkOofqd38=
Subject key identifier:   74:27:F0:DE:C8:97:02:B9:13:18:B1:E8:0F:25:57:0B:66:AE:28:00
Certificate issuer:       /CN=509df728d1b46634054972d2945fda58073b5762
Certificate serial:       019A52D8FC39DE85E03CF004917D531C2DC5
Authority key identifier: 50:9D:F7:28:D1:B4:66:34:05:49:72:D2:94:5F:DA:58:07:3B:57:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/dCfw3siXArkTGLHoDyVXC2auKAA.roa
Signing time:             Wed 05 Nov 2025 07:09:03 +0000
ROA not before:           Wed 05 Nov 2025 07:09:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213812
IP address blocks:        185.146.138.0/24 maxlen: 24
                          185.146.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 07:09:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:52:d8:fc:39:de:85:e0:3c:f0:04:91:7d:53:1c:2d:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509df728d1b46634054972d2945fda58073b5762
        Validity
            Not Before: Nov  5 07:09:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7427f0dec89702b91318b1e80f25570b66ae2800
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b3:72:b4:e7:dc:ee:f5:8c:2c:c5:9e:a6:f1:
                    60:cc:6b:2d:7c:4a:92:59:a5:d8:7e:cb:32:1c:78:
                    21:38:a1:46:f8:79:25:a2:81:cd:cd:41:aa:85:08:
                    a4:04:eb:9b:0a:e5:38:16:eb:e8:2c:5e:b7:5b:17:
                    46:2a:9d:75:1d:4f:59:20:d5:bc:03:8c:0e:c0:1b:
                    be:e3:f6:0b:1d:96:b0:65:5d:d5:a8:e1:a5:91:f9:
                    08:99:c6:25:9f:f4:3a:8b:6c:f5:a8:cd:e6:10:66:
                    08:2f:69:65:5b:eb:5e:6e:c3:79:d4:df:da:6d:ea:
                    ed:56:f7:b9:ee:99:1a:ef:37:73:8d:63:c1:85:b5:
                    ef:16:f3:8d:de:9b:41:20:15:94:57:3c:4b:f7:95:
                    48:73:9e:4b:98:68:2c:20:e3:89:88:f0:01:64:f9:
                    13:6d:f5:29:59:c4:41:a6:c2:97:5c:36:81:60:ce:
                    48:ad:ef:54:24:a2:40:e9:61:69:48:3d:14:75:c5:
                    df:5c:6e:ab:34:08:fd:f5:b8:70:3d:f7:e1:5b:14:
                    ce:75:06:9f:4d:ba:0f:ab:44:20:b2:55:67:97:9f:
                    3f:45:7a:47:fe:90:66:5c:82:fc:ff:8d:05:50:fc:
                    d8:8e:c1:a4:86:32:8f:25:08:7c:6b:d0:2f:30:ce:
                    18:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:27:F0:DE:C8:97:02:B9:13:18:B1:E8:0F:25:57:0B:66:AE:28:00
            X509v3 Authority Key Identifier:
                keyid:50:9D:F7:28:D1:B4:66:34:05:49:72:D2:94:5F:DA:58:07:3B:57:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/dCfw3siXArkTGLHoDyVXC2auKAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/acfcb6-d78a-448a-a761-dd3b4f8381c4/1/UJ33KNG0ZjQFSXLSlF_aWAc7V2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:28:17:9c:55:2e:50:23:e0:1b:d9:13:37:f4:0e:1f:6b:41:
         43:99:6b:7d:b6:7a:57:a4:81:4a:9d:59:c2:62:ad:d3:d0:b0:
         41:23:59:19:03:f5:a5:44:f5:43:43:30:95:da:77:88:aa:38:
         00:62:7a:e4:03:4b:eb:55:2c:cb:ee:f9:f5:bd:33:25:26:bf:
         39:4b:0a:be:17:2f:c2:f3:61:2c:3e:9f:d6:67:29:a5:4b:9f:
         eb:02:9b:83:44:3e:d5:cc:f6:66:3e:d9:44:67:37:6b:ca:c9:
         37:7b:ca:6a:cb:e0:64:00:e0:2a:c7:57:5b:89:14:0f:85:e3:
         60:fe:53:4e:c8:4f:d9:b6:66:41:0d:0b:0d:c2:1b:7f:c1:98:
         f1:fd:84:f0:91:92:55:8d:df:34:39:1a:72:65:26:a1:43:30:
         fa:8a:9f:e0:95:63:80:b8:ed:fb:de:8b:46:e5:31:b1:a9:43:
         f4:33:5b:e7:f9:c2:04:09:05:01:04:43:b3:cb:8e:52:8e:1c:
         29:b1:eb:f0:75:64:46:e0:e2:09:b8:97:21:bb:92:fe:7e:fe:
         49:a6:01:12:dc:81:52:2c:0b:32:ba:46:ab:49:58:c0:7c:81:
         d9:b1:7d:89:fe:5b:ea:53:8c:14:32:04:5a:07:1a:3d:02:27:
         d1:3c:a9:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpS2Pw53oXgPPAEkX1THC3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWRmNzI4ZDFiNDY2MzQwNTQ5NzJkMjk0NWZkYTU4MDcz
YjU3NjIwHhcNMjUxMTA1MDcwOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDI3ZjBkZWM4OTcwMmI5MTMxOGIxZTgwZjI1NTcwYjY2YWUyODAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubNytOfc7vWMLMWepvFgzGstfEqS
WaXYfssyHHghOKFG+HklooHNzUGqhQikBOubCuU4FuvoLF63WxdGKp11HU9ZINW8
A4wOwBu+4/YLHZawZV3VqOGlkfkImcYln/Q6i2z1qM3mEGYIL2llW+tebsN51N/a
bertVve57pka7zdzjWPBhbXvFvON3ptBIBWUVzxL95VIc55LmGgsIOOJiPABZPkT
bfUpWcRBpsKXXDaBYM5Ire9UJKJA6WFpSD0UdcXfXG6rNAj99bhwPffhWxTOdQaf
TboPq0QgslVnl58/RXpH/pBmXIL8/40FUPzYjsGkhjKPJQh8a9AvMM4YJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQn8N7IlwK5Exix6A8lVwtmrigAMB8GA1UdIwQY
MBaAFFCd9yjRtGY0BUly0pRf2lgHO1diMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUozM0tORzBaalFGU1hMU2xGX2FXQWM3VjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9hY2ZjYjYtZDc4YS00NDhhLWE3NjEt
ZGQzYjRmODM4MWM0LzEvZENmdzNzaVhBcmtUR0xIb0R5VlhDMmF1S0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9hY2ZjYjYtZDc4YS00NDhhLWE3NjEtZGQzYjRmODM4MWM0
LzEvVUozM0tORzBaalFGU1hMU2xGX2FXQWM3VjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZKKMA0G
CSqGSIb3DQEBCwUAA4IBAQCTKBecVS5QI+Ab2RM39A4fa0FDmWt9tnpXpIFKnVnC
Yq3T0LBBI1kZA/WlRPVDQzCV2neIqjgAYnrkA0vrVSzL7vn1vTMlJr85Swq+Fy/C
82EsPp/WZymlS5/rApuDRD7VzPZmPtlEZzdrysk3e8pqy+BkAOAqx1dbiRQPheNg
/lNOyE/ZtmZBDQsNwht/wZjx/YTwkZJVjd80ORpyZSahQzD6ip/glWOAuO373otG
5TGxqUP0M1vn+cIECQUBBEOzy45SjhwpsevwdWRG4OIJuJchu5L+fv5JpgES3IFS
LAsyukarSVjAfIHZsX2J/lvqU4wUMgRaBxo9AifRPKly
-----END CERTIFICATE-----