Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/N5R3FQ63GQmSIl4R26nJNZZPcYU.roa
File:                     N5R3FQ63GQmSIl4R26nJNZZPcYU.roa (raw, json)
Hash identifier:          sXJtqf33ycrBVOgt6uVM8TIns1KdPF9wf5n7lQ+CYoo=
Subject key identifier:   37:94:77:15:0E:B7:19:09:92:22:5E:11:DB:A9:C9:35:96:4F:71:85
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019864FF4B7CE665F2D774E2F3BF227B27F2
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/N5R3FQ63GQmSIl4R26nJNZZPcYU.roa
Signing time:             Fri 01 Aug 2025 09:38:29 +0000
ROA not before:           Fri 01 Aug 2025 09:38:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215081
IP address blocks:        82.115.0.0/24 maxlen: 24
                          178.173.240.0/24 maxlen: 24
                          193.36.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:ff:4b:7c:e6:65:f2:d7:74:e2:f3:bf:22:7b:27:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Aug  1 09:38:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=379477150eb7190992225e11dba9c935964f7185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:43:50:a0:9c:aa:8c:14:9d:af:6f:52:95:77:
                    23:67:ed:a1:c3:12:94:b0:69:95:ad:a9:2c:a6:d7:
                    12:3e:72:ea:1e:13:b8:25:8f:c6:e1:a4:d2:1e:2c:
                    b3:ba:21:60:b4:40:29:49:ae:17:b5:6a:c2:db:a2:
                    a5:77:44:b5:8f:d3:e0:eb:fb:74:07:41:86:03:d3:
                    69:4d:46:46:1c:ab:cd:c5:d4:87:2d:db:cc:21:08:
                    4f:c9:63:5c:5f:20:73:90:57:64:46:76:9b:eb:dd:
                    20:31:90:95:79:94:54:9b:7c:5c:15:4c:91:5b:13:
                    93:48:41:5d:65:58:49:98:f7:15:a3:92:5c:fe:71:
                    e5:6e:8d:e7:d7:95:e1:c2:52:91:dc:6c:6b:c2:be:
                    9f:0b:52:cb:70:54:6c:e9:e3:0b:e7:51:58:cc:87:
                    94:0e:e7:46:81:01:a0:88:93:e4:08:e9:9f:65:4d:
                    d9:92:6c:54:ab:e8:80:03:fc:85:44:27:a5:31:0d:
                    f1:f8:57:67:c9:d0:61:5a:ab:3a:f6:4c:16:69:b3:
                    67:02:92:b0:f8:82:86:7e:f0:82:3c:79:3f:5e:f7:
                    f4:6d:84:95:ba:8b:e7:f8:b6:0b:fc:87:ae:b7:ab:
                    d5:e0:4c:9d:54:50:03:28:f8:cc:30:0a:46:0c:a3:
                    f9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:94:77:15:0E:B7:19:09:92:22:5E:11:DB:A9:C9:35:96:4F:71:85
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/N5R3FQ63GQmSIl4R26nJNZZPcYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.0.0/24
                  178.173.240.0/24
                  193.36.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:f2:e6:1c:ee:5e:05:8d:64:08:42:0f:59:67:d1:a6:a5:ab:
         a9:06:c6:0a:d7:57:2a:33:79:a5:71:da:51:ae:0b:fd:35:35:
         82:1b:b6:fe:50:71:40:c8:ce:67:b7:66:32:be:d7:9d:55:6b:
         8d:93:33:99:95:e5:62:58:b0:b8:38:65:c3:8c:69:6d:03:3e:
         81:31:25:b5:bb:6c:b5:8e:fe:b1:fb:07:05:10:8a:23:bf:74:
         69:cc:48:70:fd:b3:19:4b:41:cc:a1:33:2f:38:2a:a4:4d:1d:
         75:ee:07:c2:92:d4:fd:c5:77:01:d5:bf:a7:fe:f8:94:a7:68:
         fe:64:ea:9f:7c:05:3d:fd:81:a0:56:39:94:76:64:6b:82:ed:
         4c:11:31:70:a4:79:4a:7f:23:95:73:a0:a7:44:80:09:28:5a:
         1f:8e:32:0f:28:52:92:a0:ae:6b:c5:e6:ff:f6:1d:90:43:fc:
         f6:e2:aa:8c:30:7e:74:86:9d:da:09:a7:ee:3e:e3:95:16:bc:
         49:b1:83:5c:ae:16:e0:f7:61:af:ce:3b:5a:78:c2:7d:89:44:
         b7:b7:12:b9:48:2b:a9:5e:74:5b:a5:2e:73:32:94:36:e9:bb:
         83:f1:2a:08:22:e6:8e:06:d3:9d:53:4c:6d:97:bd:e0:53:d3:
         5a:45:58:53
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhk/0t85mXy13Ti878ieyfyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwODAxMDkzODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk0NzcxNTBlYjcxOTA5OTIyMjVlMTFkYmE5YzkzNTk2NGY3MTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArENQoJyqjBSdr29SlXcjZ+2hwxKU
sGmVraksptcSPnLqHhO4JY/G4aTSHiyzuiFgtEApSa4XtWrC26Kld0S1j9Pg6/t0
B0GGA9NpTUZGHKvNxdSHLdvMIQhPyWNcXyBzkFdkRnab690gMZCVeZRUm3xcFUyR
WxOTSEFdZVhJmPcVo5Jc/nHlbo3n15XhwlKR3Gxrwr6fC1LLcFRs6eML51FYzIeU
DudGgQGgiJPkCOmfZU3ZkmxUq+iAA/yFRCelMQ3x+FdnydBhWqs69kwWabNnApKw
+IKGfvCCPHk/Xvf0bYSVuovn+LYL/Ieut6vV4EydVFADKPjMMApGDKP5LwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDeUdxUOtxkJkiJeEdupyTWWT3GFMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvTjVSM0ZRNjNHUW1TSWw0UjI2bkpOWlpQY1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUnMAAwQA
sq3wAwQAwSRJMA0GCSqGSIb3DQEBCwUAA4IBAQDD8uYc7l4FjWQIQg9ZZ9Gmpaup
BsYK11cqM3mlcdpRrgv9NTWCG7b+UHFAyM5nt2YyvtedVWuNkzOZleViWLC4OGXD
jGltAz6BMSW1u2y1jv6x+wcFEIojv3RpzEhw/bMZS0HMoTMvOCqkTR117gfCktT9
xXcB1b+n/viUp2j+ZOqffAU9/YGgVjmUdmRrgu1METFwpHlKfyOVc6CnRIAJKFof
jjIPKFKSoK5rxeb/9h2QQ/z24qqMMH50hp3aCafuPuOVFrxJsYNcrhbg92Gvzjta
eMJ9iUS3txK5SCupXnRbpS5zMpQ26buD8SoIIuaOBtOdU0xtl73gU9NaRVhT
-----END CERTIFICATE-----