Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/wGyHk9gYeskzcCKJ7x0BfiaBGzc.roa
File:                     wGyHk9gYeskzcCKJ7x0BfiaBGzc.roa (raw, json)
Hash identifier:          pHjY0bV1PHR8z6NZPRJLMGDMEG7YK9lmXi37Gy7o7wA=
Subject key identifier:   C0:6C:87:93:D8:18:7A:C9:33:70:22:89:EF:1D:01:7E:26:81:1B:37
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019869C0076BCCEF96FF429A676AFEA1E7A6
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/wGyHk9gYeskzcCKJ7x0BfiaBGzc.roa
Signing time:             Sat 02 Aug 2025 07:47:29 +0000
ROA not before:           Sat 02 Aug 2025 07:47:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.141.168.0/23 maxlen: 24
                          148.222.240.0/22 maxlen: 24
                          185.81.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:69:c0:07:6b:cc:ef:96:ff:42:9a:67:6a:fe:a1:e7:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Aug  2 07:47:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c06c8793d8187ac933702289ef1d017e26811b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:27:76:39:39:e9:84:17:26:a9:ef:be:25:ed:
                    dc:ef:a6:20:f2:53:cc:bb:60:07:12:86:68:50:33:
                    bb:c0:62:49:19:de:76:f9:27:de:cb:9d:b5:23:23:
                    72:36:84:2f:78:eb:b3:55:95:72:ce:fa:d7:87:48:
                    fd:50:26:ce:bf:80:3a:97:37:25:07:f7:2c:d1:85:
                    85:d6:2a:40:3f:07:f2:a5:66:40:08:c0:5d:b4:06:
                    40:9d:44:d4:8a:e8:1d:22:41:6e:f6:5b:19:ee:ea:
                    f5:18:8a:2e:79:8f:ee:d8:03:cd:35:65:ae:4b:f3:
                    85:4a:27:ca:57:87:ba:c3:e4:51:0f:d2:54:cc:3b:
                    50:ea:a7:b9:29:56:8e:97:ef:72:e4:10:72:8c:86:
                    f1:b1:c5:45:61:90:a2:c8:3b:db:14:58:8d:73:0b:
                    a3:4a:05:93:29:85:61:b1:32:75:fd:05:ab:4c:c1:
                    c2:1d:26:54:53:c3:8b:ca:9d:ba:3c:c1:06:b1:6b:
                    ac:71:5b:94:4c:4b:46:d2:0d:e2:fa:8c:df:b8:e1:
                    c2:36:d0:4a:ae:74:fa:d4:de:aa:39:f3:2b:a3:7f:
                    d8:72:a9:4a:16:67:72:f4:18:c2:75:88:cc:8e:98:
                    02:ef:15:cf:bb:c5:93:85:50:b5:1e:58:44:c3:53:
                    23:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:6C:87:93:D8:18:7A:C9:33:70:22:89:EF:1D:01:7E:26:81:1B:37
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/wGyHk9gYeskzcCKJ7x0BfiaBGzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.168.0/23
                  148.222.240.0/22
                  185.81.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:2d:31:00:81:11:26:fd:5e:ca:58:15:6e:b1:50:1e:8f:7d:
         13:7b:07:82:e2:c9:a6:83:e5:f5:77:9c:e8:1b:8d:56:b6:ca:
         b5:4a:ae:91:66:d5:ff:c2:48:ca:57:82:c4:d5:34:05:3c:1c:
         69:ca:84:91:5b:c9:d3:b7:45:6e:00:d2:31:47:48:ef:ae:40:
         78:f5:7f:6c:1e:44:71:29:eb:19:dd:d4:af:b5:8e:b1:95:f9:
         f8:4f:f5:32:65:ae:82:e3:58:da:4f:6e:9f:ce:00:89:7b:ed:
         6f:83:32:7d:bc:88:23:b7:8d:f1:76:9a:51:63:c0:9f:fb:89:
         9d:5f:59:11:00:e9:52:3c:b5:33:f5:5d:78:c6:39:f6:80:1d:
         ab:c2:51:20:d9:1c:c5:79:65:1a:14:78:58:aa:6f:38:da:f3:
         88:73:1f:2d:01:9f:e1:5b:22:a2:0a:ba:25:67:cf:83:31:1e:
         e3:21:52:e4:b8:52:63:21:9a:00:f3:1f:d6:e6:30:58:9f:d5:
         60:62:65:96:ac:f2:7f:55:69:4d:92:f4:e3:41:ed:d8:bd:12:
         1c:74:ce:48:b9:d0:63:a9:03:fc:5c:a4:da:eb:07:d4:8d:4d:
         a1:3b:10:ef:cc:1c:ba:c8:2e:54:2f:b9:12:57:25:84:90:0c:
         7f:ae:49:a9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhpwAdrzO+W/0KaZ2r+oeemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwODAyMDc0NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDZjODc5M2Q4MTg3YWM5MzM3MDIyODllZjFkMDE3ZTI2ODExYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Cd2OTnphBcmqe++Je3c76Yg8lPM
u2AHEoZoUDO7wGJJGd52+Sfey521IyNyNoQveOuzVZVyzvrXh0j9UCbOv4A6lzcl
B/cs0YWF1ipAPwfypWZACMBdtAZAnUTUiugdIkFu9lsZ7ur1GIoueY/u2APNNWWu
S/OFSifKV4e6w+RRD9JUzDtQ6qe5KVaOl+9y5BByjIbxscVFYZCiyDvbFFiNcwuj
SgWTKYVhsTJ1/QWrTMHCHSZUU8OLyp26PMEGsWuscVuUTEtG0g3i+ozfuOHCNtBK
rnT61N6qOfMro3/YcqlKFmdy9BjCdYjMjpgC7xXPu8WThVC1HlhEw1MjZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMBsh5PYGHrJM3Aiie8dAX4mgRs3MB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvd0d5SGs5Z1llc2t6Y0NLSjd4MEJmaWFCR3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLY2oAwQC
lN7wAwQCuVEcMA0GCSqGSIb3DQEBCwUAA4IBAQCKLTEAgREm/V7KWBVusVAej30T
eweC4smmg+X1d5zoG41Wtsq1Sq6RZtX/wkjKV4LE1TQFPBxpyoSRW8nTt0VuANIx
R0jvrkB49X9sHkRxKesZ3dSvtY6xlfn4T/UyZa6C41jaT26fzgCJe+1vgzJ9vIgj
t43xdppRY8Cf+4mdX1kRAOlSPLUz9V14xjn2gB2rwlEg2RzFeWUaFHhYqm842vOI
cx8tAZ/hWyKiCrolZ8+DMR7jIVLkuFJjIZoA8x/W5jBYn9VgYmWWrPJ/VWlNkvTj
Qe3YvRIcdM5IudBjqQP8XKTa6wfUjU2hOxDvzBy6yC5UL7kSVyWEkAx/rkmp
-----END CERTIFICATE-----