Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/45JkWDxR5fUqLNSe5lQL_9cedVE.roa
File:                     45JkWDxR5fUqLNSe5lQL_9cedVE.roa (raw, json)
Hash identifier:          9POiY5D1z/tZud9uWBNIH5N9GB3K31py8YZ3lDPWtyQ=
Subject key identifier:   E3:92:64:58:3C:51:E5:F5:2A:2C:D4:9E:E6:54:0B:FF:D7:1E:75:51
Certificate issuer:       /CN=07077969a8b6a55c461adde106c006486a26359f
Certificate serial:       0197FD67D02F7B1C9EC6BBE52D7E5D0FD201
Authority key identifier: 07:07:79:69:A8:B6:A5:5C:46:1A:DD:E1:06:C0:06:48:6A:26:35:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bwd5aai2pVxGGt3hBsAGSGomNZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/45JkWDxR5fUqLNSe5lQL_9cedVE.roa
Signing time:             Sat 12 Jul 2025 06:52:08 +0000
ROA not before:           Sat 12 Jul 2025 06:52:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215679
IP address blocks:        164.138.206.0/24 maxlen: 24
                          185.219.112.0/22 maxlen: 24
                          2a14:7780::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/Bwd5aai2pVxGGt3hBsAGSGomNZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/Bwd5aai2pVxGGt3hBsAGSGomNZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bwd5aai2pVxGGt3hBsAGSGomNZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 15:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fd:67:d0:2f:7b:1c:9e:c6:bb:e5:2d:7e:5d:0f:d2:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07077969a8b6a55c461adde106c006486a26359f
        Validity
            Not Before: Jul 12 06:52:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e39264583c51e5f52a2cd49ee6540bffd71e7551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:84:39:a3:97:f9:06:3e:2e:a9:9e:12:35:0a:
                    6d:5a:ac:dc:e9:43:81:d6:32:88:13:33:46:53:3d:
                    1b:8e:2c:37:11:e7:c9:e7:c2:58:f4:a7:0c:8e:7a:
                    1b:57:4e:8c:91:c4:a4:ee:f9:ae:cb:c1:3e:b0:91:
                    67:20:5f:02:9b:c8:4f:70:2f:68:2b:9d:27:32:6c:
                    16:b1:db:1e:d1:e9:83:11:fa:c5:15:89:9b:b9:12:
                    95:2c:3b:ee:15:07:b3:02:56:46:a0:27:ae:b3:a2:
                    a5:3e:a8:47:1e:d3:01:50:4e:bb:60:81:d0:0d:00:
                    ca:99:af:b5:70:72:99:d4:97:9b:06:8c:0c:87:83:
                    77:20:17:09:25:a3:05:ef:fe:12:5a:5d:02:d2:3b:
                    ff:b9:ab:5d:6f:23:9b:72:0b:83:e4:d6:c4:17:9d:
                    ee:f6:04:a7:33:a9:38:8f:fe:4a:92:d5:34:45:53:
                    b9:43:79:30:4f:5a:b8:2e:11:a6:42:1f:c0:70:15:
                    fc:25:8d:23:b0:47:53:a0:d6:21:70:0b:be:f1:ae:
                    e5:86:ba:97:ee:5b:c9:6f:e7:10:e8:8c:dd:94:98:
                    05:ed:2d:f9:7b:05:6f:07:a6:f6:9d:32:e6:c7:9a:
                    e2:dc:3b:5f:5b:ba:87:ac:ba:f1:7d:05:23:cc:9f:
                    1c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:92:64:58:3C:51:E5:F5:2A:2C:D4:9E:E6:54:0B:FF:D7:1E:75:51
            X509v3 Authority Key Identifier:
                keyid:07:07:79:69:A8:B6:A5:5C:46:1A:DD:E1:06:C0:06:48:6A:26:35:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bwd5aai2pVxGGt3hBsAGSGomNZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/45JkWDxR5fUqLNSe5lQL_9cedVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/Bwd5aai2pVxGGt3hBsAGSGomNZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.206.0/24
                  185.219.112.0/22
                IPv6:
                  2a14:7780::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:2a:82:11:56:38:15:91:0a:0b:5e:57:d9:ce:bf:8a:4d:b8:
         f0:1f:f2:6c:0a:61:af:49:ba:7a:0c:c4:c6:8d:14:f5:1c:9c:
         54:eb:06:78:77:64:56:2c:76:65:b7:22:26:d8:9c:03:cc:1d:
         30:79:71:9f:8d:f5:ac:21:60:00:1d:db:32:03:42:84:67:03:
         e7:47:62:c9:63:52:fa:15:57:ab:36:64:4b:9d:6c:d1:8f:33:
         f9:85:82:cd:4a:61:ad:b9:0a:82:cb:e8:52:e3:73:d8:32:96:
         fb:7d:c6:1e:c0:ac:72:f4:6d:38:a0:6d:f5:b6:3a:b4:a4:46:
         98:05:1a:59:3d:18:26:e6:25:9d:17:08:ba:75:38:eb:a1:aa:
         a4:ed:02:42:33:ca:21:c1:fa:8b:7c:d0:aa:5e:5d:69:a6:79:
         6b:2b:55:38:fb:b0:3f:f7:5f:e7:dd:1f:eb:ce:cb:55:95:35:
         85:26:b9:6e:06:0f:0a:a3:87:f6:7d:f0:4c:33:02:0e:c0:48:
         86:38:82:7a:9a:75:58:ee:0e:3a:7e:30:a5:2a:1e:13:73:85:
         9b:25:e3:22:67:a3:45:6d:75:02:d7:99:87:ce:11:92:74:a4:
         5c:f2:f8:47:44:36:6a:b0:7c:5b:08:f1:99:23:fa:7c:ef:db:
         e8:03:2f:be
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZf9Z9AvexyexrvlLX5dD9IBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDc3OTY5YThiNmE1NWM0NjFhZGRlMTA2YzAwNjQ4NmEy
NjM1OWYwHhcNMjUwNzEyMDY1MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzkyNjQ1ODNjNTFlNWY1MmEyY2Q0OWVlNjU0MGJmZmQ3MWU3NTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oQ5o5f5Bj4uqZ4SNQptWqzc6UOB
1jKIEzNGUz0bjiw3EefJ58JY9KcMjnobV06MkcSk7vmuy8E+sJFnIF8Cm8hPcC9o
K50nMmwWsdse0emDEfrFFYmbuRKVLDvuFQezAlZGoCeus6KlPqhHHtMBUE67YIHQ
DQDKma+1cHKZ1JebBowMh4N3IBcJJaMF7/4SWl0C0jv/uatdbyObcguD5NbEF53u
9gSnM6k4j/5KktU0RVO5Q3kwT1q4LhGmQh/AcBX8JY0jsEdToNYhcAu+8a7lhrqX
7lvJb+cQ6IzdlJgF7S35ewVvB6b2nTLmx5ri3DtfW7qHrLrxfQUjzJ8c4QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOOSZFg8UeX1KizUnuZUC//XHnVRMB8GA1UdIwQY
MBaAFAcHeWmotqVcRhrd4QbABkhqJjWfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndkNWFhaTJwVnhHR3QzaEJzQUdTR29tTlo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8yMzIwNDctYjJlOC00ZmJhLWJkZDUt
YzNmZWM0NWVkMDU2LzEvNDVKa1dEeFI1ZlVxTE5TZTVsUUxfOWNlZFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8yMzIwNDctYjJlOC00ZmJhLWJkZDUtYzNmZWM0NWVkMDU2
LzEvQndkNWFhaTJwVnhHR3QzaEJzQUdTR29tTlo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQApIrOAwQC
udtwMA0EAgACMAcDBQMqFHeAMA0GCSqGSIb3DQEBCwUAA4IBAQBcKoIRVjgVkQoL
XlfZzr+KTbjwH/JsCmGvSbp6DMTGjRT1HJxU6wZ4d2RWLHZltyIm2JwDzB0weXGf
jfWsIWAAHdsyA0KEZwPnR2LJY1L6FVerNmRLnWzRjzP5hYLNSmGtuQqCy+hS43PY
Mpb7fcYewKxy9G04oG31tjq0pEaYBRpZPRgm5iWdFwi6dTjroaqk7QJCM8ohwfqL
fNCqXl1ppnlrK1U4+7A/91/n3R/rzstVlTWFJrluBg8Ko4f2ffBMMwIOwEiGOIJ6
mnVY7g46fjClKh4Tc4WbJeMiZ6NFbXUC15mHzhGSdKRc8vhHRDZqsHxbCPGZI/p8
79voAy++
-----END CERTIFICATE-----