Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/y4dgfgK0YN3on054IFQr9p8swu4.roa
File:                     y4dgfgK0YN3on054IFQr9p8swu4.roa (raw, json)
Hash identifier:          FsABpIZNNujhWP2+GBEAC+0Tw89tdFiPpJK6iIaTfh8=
Subject key identifier:   CB:87:60:7E:02:B4:60:DD:E8:9F:4E:78:20:54:2B:F6:9F:2C:C2:EE
Certificate issuer:       /CN=6ddd42ffdb7e8277023f1019b554feb19f5c3f23
Certificate serial:       0197EE89F79AC98BCA4DA24FC2F94312B2B7
Authority key identifier: 6D:DD:42:FF:DB:7E:82:77:02:3F:10:19:B5:54:FE:B1:9F:5C:3F:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bd1C_9t-gncCPxAZtVT-sZ9cPyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/y4dgfgK0YN3on054IFQr9p8swu4.roa
Signing time:             Wed 09 Jul 2025 09:35:08 +0000
ROA not before:           Wed 09 Jul 2025 09:35:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10753
IP address blocks:        46.245.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/bd1C_9t-gncCPxAZtVT-sZ9cPyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/bd1C_9t-gncCPxAZtVT-sZ9cPyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bd1C_9t-gncCPxAZtVT-sZ9cPyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 03:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:89:f7:9a:c9:8b:ca:4d:a2:4f:c2:f9:43:12:b2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddd42ffdb7e8277023f1019b554feb19f5c3f23
        Validity
            Not Before: Jul  9 09:35:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb87607e02b460dde89f4e7820542bf69f2cc2ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ad:87:15:ac:92:37:65:36:58:84:b3:5a:78:
                    01:af:7c:19:10:6e:37:fe:ea:53:8f:1f:aa:35:67:
                    12:38:9d:fc:de:62:cf:b3:07:0b:43:0b:e0:a4:51:
                    af:61:9b:17:d9:17:32:b6:71:a2:38:11:58:39:2b:
                    d0:a3:73:4f:1d:9f:79:39:ab:67:b2:68:e0:73:ea:
                    06:75:ff:86:7b:37:ba:66:06:87:33:fb:ab:51:88:
                    78:28:9c:f0:23:26:f7:57:a7:d9:0a:88:58:9a:57:
                    96:d0:68:47:24:e2:df:ea:80:e6:09:a2:43:90:b3:
                    cf:ac:56:d6:b1:d2:f1:61:cf:74:2e:8d:c4:28:a5:
                    e0:af:71:f2:e8:17:8f:55:08:ff:27:de:cc:9f:b0:
                    0b:e1:ea:8e:88:d3:4e:b7:b3:0b:5e:cc:ce:d1:ea:
                    19:d5:77:3e:56:20:8b:aa:10:05:5b:19:38:18:62:
                    47:58:2a:81:e1:f5:51:92:ba:c5:e4:4e:d3:b9:65:
                    fa:4d:ae:ff:3a:6d:98:1e:89:8c:7b:df:3f:1c:ce:
                    5b:1a:3e:18:a8:a3:ea:ad:60:c6:e9:da:45:4c:a1:
                    e4:03:87:bd:f1:8e:50:6f:09:b3:43:13:51:d2:76:
                    3e:ad:30:20:e2:99:2b:ba:69:28:ec:18:57:35:d0:
                    b9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:87:60:7E:02:B4:60:DD:E8:9F:4E:78:20:54:2B:F6:9F:2C:C2:EE
            X509v3 Authority Key Identifier:
                keyid:6D:DD:42:FF:DB:7E:82:77:02:3F:10:19:B5:54:FE:B1:9F:5C:3F:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd1C_9t-gncCPxAZtVT-sZ9cPyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/y4dgfgK0YN3on054IFQr9p8swu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/f1c375-41da-4ea6-acd1-09bc92d4ed96/1/bd1C_9t-gncCPxAZtVT-sZ9cPyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.245.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:7a:7a:bb:20:1a:68:a7:96:a0:74:bb:88:2f:c2:ce:fa:cc:
         b1:13:4a:d7:ea:be:04:f6:4b:b0:d8:74:e8:6d:5e:b8:b1:04:
         ba:a9:19:bd:d7:eb:72:e9:2d:7a:61:8d:30:2a:74:49:15:b7:
         a6:4b:0b:f3:87:9c:13:b3:7e:0c:c1:bf:39:bb:8f:80:13:0d:
         81:4f:83:04:62:c8:2c:52:ee:27:87:d5:45:cd:05:b2:46:b8:
         57:70:5d:31:98:59:4c:2a:24:c4:a9:61:a0:a9:e9:79:7e:a4:
         c0:cd:a4:8b:d6:34:20:5e:09:7a:56:86:cc:1e:e4:78:6d:82:
         d3:6a:d3:17:35:71:a8:11:14:56:e0:47:f0:44:87:d0:31:8d:
         73:e9:37:ab:66:f6:fa:f7:07:b7:60:82:48:c2:b0:3b:60:22:
         9a:3f:af:4c:ac:b8:92:f2:fa:55:1b:ec:ca:36:a4:ca:75:16:
         e1:37:f7:51:c8:3d:5f:90:26:27:bf:ca:61:e2:62:2a:44:0e:
         9e:fd:8b:ad:62:70:bb:75:b5:df:f1:ff:22:10:48:79:7d:24:
         e4:95:16:7a:2b:9b:dd:64:17:4e:c1:bc:8e:71:b6:ce:5a:6b:
         94:2c:64:16:71:e9:8a:19:28:d3:05:52:a8:47:c2:72:5a:47:
         8c:a6:89:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfuifeayYvKTaJPwvlDErK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGQ0MmZmZGI3ZTgyNzcwMjNmMTAxOWI1NTRmZWIxOWY1
YzNmMjMwHhcNMjUwNzA5MDkzNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjg3NjA3ZTAyYjQ2MGRkZTg5ZjRlNzgyMDU0MmJmNjlmMmNjMmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAma2HFaySN2U2WISzWngBr3wZEG43
/upTjx+qNWcSOJ383mLPswcLQwvgpFGvYZsX2RcytnGiOBFYOSvQo3NPHZ95Oatn
smjgc+oGdf+Geze6ZgaHM/urUYh4KJzwIyb3V6fZCohYmleW0GhHJOLf6oDmCaJD
kLPPrFbWsdLxYc90Lo3EKKXgr3Hy6BePVQj/J97Mn7AL4eqOiNNOt7MLXszO0eoZ
1Xc+ViCLqhAFWxk4GGJHWCqB4fVRkrrF5E7TuWX6Ta7/Om2YHomMe98/HM5bGj4Y
qKPqrWDG6dpFTKHkA4e98Y5QbwmzQxNR0nY+rTAg4pkrumko7BhXNdC5IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuHYH4CtGDd6J9OeCBUK/afLMLuMB8GA1UdIwQY
MBaAFG3dQv/bfoJ3Aj8QGbVU/rGfXD8jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmQxQ185dC1nbmNDUHhBWnRWVC1zWjljUHlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9mMWMzNzUtNDFkYS00ZWE2LWFjZDEt
MDliYzkyZDRlZDk2LzEveTRkZ2ZnSzBZTjNvbjA1NElGUXI5cDhzd3U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9mMWMzNzUtNDFkYS00ZWE2LWFjZDEtMDliYzkyZDRlZDk2
LzEvYmQxQ185dC1nbmNDUHhBWnRWVC1zWjljUHlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvXvMA0G
CSqGSIb3DQEBCwUAA4IBAQCJenq7IBpop5agdLuIL8LO+syxE0rX6r4E9kuw2HTo
bV64sQS6qRm91+ty6S16YY0wKnRJFbemSwvzh5wTs34Mwb85u4+AEw2BT4MEYsgs
Uu4nh9VFzQWyRrhXcF0xmFlMKiTEqWGgqel5fqTAzaSL1jQgXgl6VobMHuR4bYLT
atMXNXGoERRW4EfwRIfQMY1z6TerZvb69we3YIJIwrA7YCKaP69MrLiS8vpVG+zK
NqTKdRbhN/dRyD1fkCYnv8ph4mIqRA6e/YutYnC7dbXf8f8iEEh5fSTklRZ6K5vd
ZBdOwbyOcbbOWmuULGQWcemKGSjTBVKoR8JyWkeMpomX
-----END CERTIFICATE-----