Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/CnHjgZKNSNMP8dJ_BtYZ7Xo4ZrM.roa
File:                     CnHjgZKNSNMP8dJ_BtYZ7Xo4ZrM.roa (raw, json)
Hash identifier:          FqQbIRpVOThM0L1uy/AMjORSqSUsS/5+snA6mZqlQAA=
Subject key identifier:   0A:71:E3:81:92:8D:48:D3:0F:F1:D2:7F:06:D6:19:ED:7A:38:66:B3
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       01966C319513F6D5FDEEC70DEACEBFDB12B2
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/CnHjgZKNSNMP8dJ_BtYZ7Xo4ZrM.roa
Signing time:             Fri 25 Apr 2025 09:05:10 +0000
ROA not before:           Fri 25 Apr 2025 09:05:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        81.22.135.0/24 maxlen: 24
                          81.22.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:31:95:13:f6:d5:fd:ee:c7:0d:ea:ce:bf:db:12:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Apr 25 09:05:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a71e381928d48d30ff1d27f06d619ed7a3866b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fc:f4:e7:65:be:1f:20:e8:d4:83:63:82:8a:
                    08:27:57:8e:36:73:19:06:b8:98:4b:36:5c:b4:be:
                    0f:6a:77:fc:bf:fe:74:85:c2:3e:20:d7:27:82:60:
                    e4:b7:03:e4:af:c8:31:7a:e1:96:52:5f:5d:bb:d3:
                    cf:b8:b2:5d:d5:ea:4b:e6:bc:89:44:a8:4a:70:85:
                    47:b1:dc:4a:8c:ea:fe:1e:0e:e0:67:c4:0c:49:b5:
                    ef:fc:07:cf:b4:a1:92:3d:be:ee:11:60:5f:76:b9:
                    91:f1:94:a0:7a:a3:78:15:cf:d5:7e:04:eb:d3:e3:
                    90:4a:ff:42:f0:40:41:59:f5:77:c8:2f:96:98:74:
                    5d:f3:af:fd:a0:92:60:bb:13:dd:b9:d3:5d:28:16:
                    2f:60:8f:fa:9f:68:7f:6a:d5:32:ec:88:92:0b:7d:
                    06:14:a4:18:01:65:8e:02:64:14:92:6a:6a:28:f6:
                    b5:d2:b7:b2:41:5e:18:ef:09:5a:3e:34:b6:76:ac:
                    9f:c6:13:c0:2c:3e:cd:27:7b:38:e3:e1:16:07:97:
                    1d:86:a2:2f:2c:e9:8f:af:63:93:41:51:3a:29:82:
                    ea:56:aa:d2:2c:f6:e3:23:2a:7b:e2:00:da:78:dd:
                    54:e3:8f:27:42:35:33:31:b2:c3:e5:9c:34:7e:7d:
                    09:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:71:E3:81:92:8D:48:D3:0F:F1:D2:7F:06:D6:19:ED:7A:38:66:B3
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/CnHjgZKNSNMP8dJ_BtYZ7Xo4ZrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.135.0/24
                  81.22.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:ee:19:50:0f:80:fd:97:8f:8b:4e:6f:9f:cc:84:22:33:f2:
         ba:d2:78:a1:e4:9a:14:a7:5c:22:58:c3:8a:8b:83:09:73:9d:
         49:ff:1e:d5:14:1a:86:8e:97:89:3d:e3:08:ca:e5:9b:35:01:
         eb:2f:10:ce:7c:ae:1a:1c:cb:c3:eb:3a:e4:f0:6d:f8:75:40:
         9a:5c:fd:e7:30:f6:ef:82:d5:ef:76:23:34:e8:d3:ea:ca:09:
         0e:09:66:fc:c4:4c:0f:bf:00:a3:f9:3a:af:b1:58:e0:e0:ec:
         15:3f:09:69:a4:58:87:0a:b3:63:61:09:26:76:82:e8:1c:40:
         ee:cc:3f:35:60:01:d1:30:2b:41:6d:ba:51:2a:25:f2:4b:18:
         96:f0:69:d4:d8:e6:91:42:dc:c7:bc:de:7e:8e:a1:f6:91:a7:
         dd:37:28:cc:e4:06:4d:13:f0:01:56:bd:44:54:16:34:25:fd:
         51:56:ff:4c:88:a7:b1:95:f3:8d:0c:ac:2a:3e:b1:bc:d7:82:
         df:bf:9f:c1:3f:18:cd:51:be:47:16:9a:f4:b6:18:5f:17:ab:
         e8:c9:4a:9c:73:0e:e6:df:49:1c:31:ab:76:01:0c:f8:8d:4b:
         d2:bc:7b:36:ae:78:a8:14:ba:cb:ae:9b:1c:2c:79:83:26:dd:
         8a:11:0f:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZsMZUT9tX97scN6s6/2xKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwNDI1MDkwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTcxZTM4MTkyOGQ0OGQzMGZmMWQyN2YwNmQ2MTllZDdhMzg2NmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPz052W+HyDo1INjgooIJ1eONnMZ
BriYSzZctL4Panf8v/50hcI+INcngmDktwPkr8gxeuGWUl9du9PPuLJd1epL5ryJ
RKhKcIVHsdxKjOr+Hg7gZ8QMSbXv/AfPtKGSPb7uEWBfdrmR8ZSgeqN4Fc/VfgTr
0+OQSv9C8EBBWfV3yC+WmHRd86/9oJJguxPdudNdKBYvYI/6n2h/atUy7IiSC30G
FKQYAWWOAmQUkmpqKPa10reyQV4Y7wlaPjS2dqyfxhPALD7NJ3s44+EWB5cdhqIv
LOmPr2OTQVE6KYLqVqrSLPbjIyp74gDaeN1U448nQjUzMbLD5Zw0fn0JRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFApx44GSjUjTD/HSfwbWGe16OGazMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvQ25IamdaS05TTk1QOGRKX0J0WVo3WG80WnJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAURaHAwQA
URaNMA0GCSqGSIb3DQEBCwUAA4IBAQAj7hlQD4D9l4+LTm+fzIQiM/K60nih5JoU
p1wiWMOKi4MJc51J/x7VFBqGjpeJPeMIyuWbNQHrLxDOfK4aHMvD6zrk8G34dUCa
XP3nMPbvgtXvdiM06NPqygkOCWb8xEwPvwCj+TqvsVjg4OwVPwlppFiHCrNjYQkm
doLoHEDuzD81YAHRMCtBbbpRKiXySxiW8GnU2OaRQtzHvN5+jqH2kafdNyjM5AZN
E/ABVr1EVBY0Jf1RVv9MiKexlfONDKwqPrG814Lfv5/BPxjNUb5HFpr0thhfF6vo
yUqccw7m30kcMat2AQz4jUvSvHs2rnioFLrLrpscLHmDJt2KEQ+X
-----END CERTIFICATE-----