Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/trkC6qQSk77TPFKX6X9CAC7tUeU.roa
File:                     trkC6qQSk77TPFKX6X9CAC7tUeU.roa (raw, json)
Hash identifier:          BZ7fG33ii+VuOwfzIdVCtRnmy+ELUdo3nBVSufiJPWU=
Subject key identifier:   B6:B9:02:EA:A4:12:93:BE:D3:3C:52:97:E9:7F:42:00:2E:ED:51:E5
Certificate issuer:       /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial:       019855A2DB64D850554681515EEA45C6061E
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/trkC6qQSk77TPFKX6X9CAC7tUeU.roa
Signing time:             Tue 29 Jul 2025 10:03:13 +0000
ROA not before:           Tue 29 Jul 2025 10:03:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        140.150.17.0/24 maxlen: 24
                          146.103.69.0/24 maxlen: 24
                          146.103.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:a2:db:64:d8:50:55:46:81:51:5e:ea:45:c6:06:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
        Validity
            Not Before: Jul 29 10:03:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6b902eaa41293bed33c5297e97f42002eed51e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:75:51:a3:d0:a9:47:ca:4c:3c:4b:ca:3b:71:
                    7b:07:49:90:8f:6c:bc:d0:8c:6c:e7:cf:ea:61:6f:
                    36:cf:10:4d:5e:6e:d2:6b:6b:69:77:4a:4a:70:f9:
                    03:a7:c8:7f:55:1c:7b:c5:0b:d3:78:cf:eb:dd:85:
                    36:b4:eb:d2:eb:5e:7f:b2:40:4b:e2:c4:92:70:9f:
                    1d:4f:ae:1e:e9:cf:4d:9f:da:51:d9:af:03:2e:aa:
                    a4:87:01:4c:fd:47:4b:9e:00:7d:15:cd:ec:ab:59:
                    c8:85:63:56:83:b4:1a:b3:a9:6e:23:a3:82:75:51:
                    05:52:bf:d5:ac:5c:e2:ef:51:fa:04:fa:fc:94:6f:
                    65:02:7a:81:c1:ff:a3:bf:f1:28:a5:be:17:26:6c:
                    9d:87:45:bd:58:07:b7:7e:79:21:04:49:71:fa:75:
                    e0:81:c9:72:24:44:4e:2a:ef:69:9e:7d:87:90:cd:
                    64:c8:71:08:65:46:3a:5e:4e:4a:bb:dc:b7:f7:ab:
                    75:a3:5e:38:3d:e4:ca:7f:2a:bd:94:bf:49:42:28:
                    b1:6a:ce:f1:a9:0f:ee:0f:48:80:d0:b7:4d:46:9c:
                    00:57:95:be:3b:80:8a:b3:83:cf:91:f6:52:5b:85:
                    60:6b:f6:e9:9f:53:0c:e1:3c:0d:57:a2:99:9a:de:
                    60:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B9:02:EA:A4:12:93:BE:D3:3C:52:97:E9:7F:42:00:2E:ED:51:E5
            X509v3 Authority Key Identifier:
                keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/trkC6qQSk77TPFKX6X9CAC7tUeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.17.0/24
                  146.103.69.0-146.103.70.255

    Signature Algorithm: sha256WithRSAEncryption
         af:57:7c:af:c1:73:c4:56:03:98:cb:64:ef:d2:41:b6:4f:e7:
         5d:9e:b2:db:a0:34:5a:cd:d2:9e:01:8f:85:b4:65:18:dc:54:
         cd:6f:f4:ef:17:0a:68:7c:fe:98:80:c2:db:b0:99:49:34:ae:
         9f:74:61:8e:4a:29:14:dd:10:6c:4f:4c:6b:44:2d:3c:78:a0:
         bf:4b:8b:8e:69:fe:e7:76:d0:7b:12:0f:3f:36:bd:ae:89:55:
         b3:99:a3:8a:17:18:e2:e6:01:d1:6a:04:1f:11:1f:3d:00:50:
         e3:36:76:04:1c:3b:48:05:0d:09:bf:c7:93:e1:ea:1c:f0:bc:
         d2:fd:c8:3d:3f:16:ee:d6:1c:33:d7:69:4d:a9:00:42:80:4f:
         b4:99:3c:f5:8e:be:29:e3:d4:b6:30:81:21:ea:13:e3:70:45:
         b6:94:7d:e4:43:6e:b0:49:21:7b:47:d6:09:7e:db:32:5e:9d:
         a2:0f:33:dd:00:83:be:12:18:95:18:f5:98:6d:19:78:0c:73:
         cf:b7:5a:4c:ec:d8:62:e1:e6:e2:a3:fc:24:d8:d9:1e:8b:9a:
         87:95:0d:3e:05:15:16:f2:7b:e8:53:f5:46:16:66:6b:6c:14:
         7f:4b:40:f5:8b:2c:29:5a:d5:3c:bb:d2:89:0d:a1:1f:ca:5b:
         fe:70:09:17
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZhVottk2FBVRoFRXupFxgYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjUwNzI5MTAwMzEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmI5MDJlYWE0MTI5M2JlZDMzYzUyOTdlOTdmNDIwMDJlZWQ1MWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3HVRo9CpR8pMPEvKO3F7B0mQj2y8
0Ixs58/qYW82zxBNXm7Sa2tpd0pKcPkDp8h/VRx7xQvTeM/r3YU2tOvS615/skBL
4sSScJ8dT64e6c9Nn9pR2a8DLqqkhwFM/UdLngB9Fc3sq1nIhWNWg7Qas6luI6OC
dVEFUr/VrFzi71H6BPr8lG9lAnqBwf+jv/Eopb4XJmydh0W9WAe3fnkhBElx+nXg
gclyJEROKu9pnn2HkM1kyHEIZUY6Xk5Ku9y396t1o144PeTKfyq9lL9JQiixas7x
qQ/uD0iA0LdNRpwAV5W+O4CKs4PPkfZSW4Vga/bpn1MM4TwNV6KZmt5gxQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLa5AuqkEpO+0zxSl+l/QgAu7VHlMB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvdHJrQzZxUVNrNzdUUEZLWDZYOUNBQzd0VWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAjJYRMAwD
BACSZ0UDBACSZ0YwDQYJKoZIhvcNAQELBQADggEBAK9XfK/Bc8RWA5jLZO/SQbZP
512estugNFrN0p4Bj4W0ZRjcVM1v9O8XCmh8/piAwtuwmUk0rp90YY5KKRTdEGxP
TGtELTx4oL9Li45p/ud20HsSDz82va6JVbOZo4oXGOLmAdFqBB8RHz0AUOM2dgQc
O0gFDQm/x5Ph6hzwvNL9yD0/Fu7WHDPXaU2pAEKAT7SZPPWOvinj1LYwgSHqE+Nw
RbaUfeRDbrBJIXtH1gl+2zJenaIPM90Ag74SGJUY9ZhtGXgMc8+3Wkzs2GLh5uKj
/CTY2R6LmoeVDT4FFRbye+hT9UYWZmtsFH9LQPWLLCla1Ty70okNoR/KW/5wCRc=
-----END CERTIFICATE-----