Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/47oAZ7ALtnjytAXw6azuJ79q9jI.roa
File:                     47oAZ7ALtnjytAXw6azuJ79q9jI.roa (raw, json)
Hash identifier:          CqBkSTQVbCb2uDCbL2m8QddnjqjXpjXCwL7OFoKHIQU=
Subject key identifier:   E3:BA:00:67:B0:0B:B6:78:F2:B4:05:F0:E9:AC:EE:27:BF:6A:F6:32
Certificate issuer:       /CN=4635da3a20879e55fe96853e0d7aeeff53386e8b
Certificate serial:       019833496863F69E0DE7034490A008D9FDEE
Authority key identifier: 46:35:DA:3A:20:87:9E:55:FE:96:85:3E:0D:7A:EE:FF:53:38:6E:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RjXaOiCHnlX-loU-DXru_1M4bos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/47oAZ7ALtnjytAXw6azuJ79q9jI.roa
Signing time:             Tue 22 Jul 2025 17:58:25 +0000
ROA not before:           Tue 22 Jul 2025 17:58:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201130
IP address blocks:        5.63.22.0/24 maxlen: 24
                          194.150.184.0/23 maxlen: 24
                          2a13:4340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/RjXaOiCHnlX-loU-DXru_1M4bos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/RjXaOiCHnlX-loU-DXru_1M4bos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RjXaOiCHnlX-loU-DXru_1M4bos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:33:49:68:63:f6:9e:0d:e7:03:44:90:a0:08:d9:fd:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4635da3a20879e55fe96853e0d7aeeff53386e8b
        Validity
            Not Before: Jul 22 17:58:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3ba0067b00bb678f2b405f0e9acee27bf6af632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8d:a4:2b:62:26:57:96:9e:c7:67:7e:fb:02:
                    aa:34:ba:e7:40:20:20:f8:fe:26:64:fd:78:44:28:
                    8d:1a:68:c5:d1:f4:6b:e5:98:b0:8c:70:a9:6e:7e:
                    37:42:54:44:24:1e:0a:18:44:5b:1a:81:1b:1d:9a:
                    7c:8f:d8:b6:04:71:4d:65:50:7a:fe:af:16:58:c9:
                    da:0d:1e:ca:4e:99:54:b2:23:51:fa:70:4a:6a:cd:
                    b1:d1:46:58:14:aa:2b:aa:5b:65:ea:8f:2d:36:f6:
                    a4:57:37:45:27:88:fd:70:33:57:4b:df:09:2a:42:
                    af:ac:ee:3a:57:29:13:67:39:eb:d2:25:3d:5e:42:
                    cc:18:7c:05:24:07:cd:1d:7f:1c:97:d2:fd:32:af:
                    f6:a8:92:08:8b:ab:29:e7:a1:6f:61:66:0d:18:08:
                    53:a5:e1:c0:96:e3:37:d3:03:a5:55:64:28:fd:32:
                    34:96:36:33:53:2d:ee:32:37:3d:7f:93:58:92:60:
                    9b:80:bd:ad:bd:7d:40:7b:8b:1d:6c:51:98:4c:63:
                    d4:80:63:ec:1a:e7:b8:6c:94:0c:97:d9:46:3b:fc:
                    b5:b4:f0:1d:5d:66:3d:cc:0e:c5:5e:d0:6c:77:7b:
                    2e:d3:54:4b:12:25:2e:aa:26:56:10:a1:d4:93:b3:
                    28:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:BA:00:67:B0:0B:B6:78:F2:B4:05:F0:E9:AC:EE:27:BF:6A:F6:32
            X509v3 Authority Key Identifier:
                keyid:46:35:DA:3A:20:87:9E:55:FE:96:85:3E:0D:7A:EE:FF:53:38:6E:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RjXaOiCHnlX-loU-DXru_1M4bos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/47oAZ7ALtnjytAXw6azuJ79q9jI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/RjXaOiCHnlX-loU-DXru_1M4bos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.22.0/24
                  194.150.184.0/23
                IPv6:
                  2a13:4340::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:41:5d:8d:80:0c:b4:16:e2:e2:b8:91:5f:34:1e:65:5b:c0:
         b2:f3:14:3c:34:45:cd:74:81:15:2e:11:b4:58:f2:c6:90:b5:
         19:db:14:d9:45:47:74:96:c1:41:ce:3d:5c:54:62:83:d3:ec:
         bf:d0:15:72:f7:e5:a4:4e:1b:6e:4b:48:b5:f0:32:ee:4e:79:
         fb:22:d0:de:41:53:c8:92:82:48:97:89:2a:f2:dc:95:cc:3d:
         55:f1:6b:0d:c0:ba:3a:76:92:45:5f:ed:bc:e2:1d:c3:70:e0:
         5b:a3:bf:72:09:da:f2:d7:43:e1:4d:10:8f:87:08:98:c0:91:
         d0:da:2e:7d:3d:2a:f9:50:a3:1e:51:1d:2a:7c:1b:b2:f2:81:
         d3:f7:87:ab:ee:d9:69:cf:ce:c2:fe:6e:ca:bc:48:0c:fb:c8:
         01:d5:e1:23:fd:b8:4e:a9:f6:51:7b:d6:34:f1:85:8a:a8:7e:
         a0:84:aa:68:75:14:5d:8e:3a:ef:f0:f3:49:f4:4b:95:e1:08:
         b9:5e:dd:b2:fc:af:98:b0:e4:80:f6:d2:b1:49:50:2f:e8:69:
         75:a7:83:ca:70:84:b9:45:fe:43:9e:f5:64:d4:34:7c:b6:22:
         de:aa:b8:9d:85:06:5d:10:7c:cd:cf:eb:bd:cc:d0:79:8c:5f:
         6b:14:78:b5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZgzSWhj9p4N5wNEkKAI2f3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MzVkYTNhMjA4NzllNTVmZTk2ODUzZTBkN2FlZWZmNTMz
ODZlOGIwHhcNMjUwNzIyMTc1ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2JhMDA2N2IwMGJiNjc4ZjJiNDA1ZjBlOWFjZWUyN2JmNmFmNjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt42kK2ImV5aex2d++wKqNLrnQCAg
+P4mZP14RCiNGmjF0fRr5ZiwjHCpbn43QlREJB4KGERbGoEbHZp8j9i2BHFNZVB6
/q8WWMnaDR7KTplUsiNR+nBKas2x0UZYFKorqltl6o8tNvakVzdFJ4j9cDNXS98J
KkKvrO46VykTZznr0iU9XkLMGHwFJAfNHX8cl9L9Mq/2qJIIi6sp56FvYWYNGAhT
peHAluM30wOlVWQo/TI0ljYzUy3uMjc9f5NYkmCbgL2tvX1Ae4sdbFGYTGPUgGPs
Gue4bJQMl9lGO/y1tPAdXWY9zA7FXtBsd3su01RLEiUuqiZWEKHUk7MocQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOO6AGewC7Z48rQF8Oms7ie/avYyMB8GA1UdIwQY
MBaAFEY12jogh55V/paFPg167v9TOG6LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmpYYU9pQ0hubFgtbG9VLURYcnVfMU00Ym9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iZmI0YzgtNTY1NS00NDBmLTg1Yjgt
YzQwY2UzMmI2Zjc2LzEvNDdvQVo3QUx0bmp5dEFYdzZhenVKNzlxOWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iZmI0YzgtNTY1NS00NDBmLTg1YjgtYzQwY2UzMmI2Zjc2
LzEvUmpYYU9pQ0hubFgtbG9VLURYcnVfMU00Ym9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQABT8WAwQB
wpa4MA0EAgACMAcDBQMqE0NAMA0GCSqGSIb3DQEBCwUAA4IBAQBmQV2NgAy0FuLi
uJFfNB5lW8Cy8xQ8NEXNdIEVLhG0WPLGkLUZ2xTZRUd0lsFBzj1cVGKD0+y/0BVy
9+WkThtuS0i18DLuTnn7ItDeQVPIkoJIl4kq8tyVzD1V8WsNwLo6dpJFX+284h3D
cOBbo79yCdry10PhTRCPhwiYwJHQ2i59PSr5UKMeUR0qfBuy8oHT94er7tlpz87C
/m7KvEgM+8gB1eEj/bhOqfZRe9Y08YWKqH6ghKpodRRdjjrv8PNJ9EuV4Qi5Xt2y
/K+YsOSA9tKxSVAv6Gl1p4PKcIS5Rf5DnvVk1DR8tiLeqridhQZdEHzNz+u9zNB5
jF9rFHi1
-----END CERTIFICATE-----