Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/hrfeMD2u_7F4y1k0MAzZPQ9vrIs.roa
File:                     hrfeMD2u_7F4y1k0MAzZPQ9vrIs.roa (raw, json)
Hash identifier:          CddaHxBcNch4O7Q4Q52nyRtg3LPRKMEntvloxPCOUFU=
Subject key identifier:   86:B7:DE:30:3D:AE:FF:B1:78:CB:59:34:30:0C:D9:3D:0F:6F:AC:8B
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01983C6A70E82AC4EB1748358D7B1DEF177D
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/hrfeMD2u_7F4y1k0MAzZPQ9vrIs.roa
Signing time:             Thu 24 Jul 2025 12:31:05 +0000
ROA not before:           Thu 24 Jul 2025 12:31:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        45.131.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3c:6a:70:e8:2a:c4:eb:17:48:35:8d:7b:1d:ef:17:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jul 24 12:31:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86b7de303daeffb178cb5934300cd93d0f6fac8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:7b:74:aa:80:a3:73:76:a1:b0:d6:b5:70:1a:
                    86:90:e6:05:71:1b:c4:98:17:33:53:5c:a1:14:61:
                    10:ac:7a:bc:48:06:8e:3a:3e:2c:84:f4:0a:b2:c3:
                    09:b1:f0:05:c8:4d:b0:e4:4c:c8:d9:a8:69:35:ea:
                    99:e9:20:de:4e:06:12:7a:d4:36:d1:57:29:4c:a6:
                    ef:bd:5c:14:e3:90:14:c9:a5:d1:34:2c:2e:4b:b8:
                    79:18:d5:1f:df:51:9a:dc:93:45:84:e1:f5:f7:08:
                    46:15:68:22:30:02:15:05:be:c6:e3:46:c0:10:52:
                    f3:fe:27:d3:b1:7c:bc:8d:26:38:cb:99:f6:e6:bb:
                    41:ad:59:b4:dd:6d:5d:37:12:41:72:31:ec:1e:e2:
                    f4:02:4d:99:a0:91:f2:95:4f:dc:3c:cf:a3:4d:ca:
                    4f:22:2f:2a:06:30:5b:e3:11:32:6c:81:9f:91:b9:
                    e4:ae:00:80:58:21:2c:f7:af:d7:19:04:d2:10:d2:
                    27:6b:87:57:b5:92:f4:b1:0e:04:2e:21:86:bc:e9:
                    ee:55:95:b6:33:37:00:3e:47:dc:62:9f:31:71:df:
                    53:90:63:31:a1:30:57:ff:fb:02:b7:44:18:16:c1:
                    67:5c:5f:3e:87:e8:14:13:26:79:4a:4f:a3:c5:9b:
                    3a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B7:DE:30:3D:AE:FF:B1:78:CB:59:34:30:0C:D9:3D:0F:6F:AC:8B
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/hrfeMD2u_7F4y1k0MAzZPQ9vrIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:be:f5:dd:36:d5:c6:71:e5:4f:3c:6f:7d:aa:fe:15:be:0b:
         31:43:44:12:f6:07:16:69:63:18:8c:fb:4f:7c:f2:4b:f0:ce:
         83:d1:98:08:23:50:34:bc:7f:08:4e:68:1f:ce:67:34:11:44:
         ff:9c:75:38:c9:93:27:d3:79:e5:6c:0b:0d:2a:64:1e:af:94:
         3d:de:12:fa:5d:19:4c:53:71:da:44:f5:15:56:24:ba:b9:7e:
         0e:16:54:47:f2:e0:a2:b7:d1:01:47:6c:26:b7:66:aa:65:51:
         1c:18:bc:0f:a4:66:8c:0a:0d:08:2d:6e:a4:bf:d3:97:7b:bc:
         b0:9e:9c:f4:47:0f:b0:27:0d:e2:e7:31:59:59:d9:99:da:57:
         a8:04:2c:61:9e:09:08:86:07:57:5a:a2:bb:72:51:b8:bf:87:
         a1:85:18:ff:27:2d:99:e4:bd:0e:8a:89:5c:ad:ab:fb:ec:2d:
         63:a1:a4:78:cf:9d:b4:71:58:4e:04:b7:d0:09:88:f8:25:94:
         6c:90:6b:6a:52:2c:6d:ab:bd:4a:f6:36:51:c8:ab:bd:9c:26:
         87:27:64:02:fe:bc:de:33:dd:a5:e8:0b:d3:26:0b:37:bc:84:
         e9:23:36:10:cb:35:d7:3c:e0:fe:28:a3:f8:78:44:ab:35:b8:
         f1:37:a4:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg8anDoKsTrF0g1jXsd7xd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwNzI0MTIzMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmI3ZGUzMDNkYWVmZmIxNzhjYjU5MzQzMDBjZDkzZDBmNmZhYzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nt0qoCjc3ahsNa1cBqGkOYFcRvE
mBczU1yhFGEQrHq8SAaOOj4shPQKssMJsfAFyE2w5EzI2ahpNeqZ6SDeTgYSetQ2
0VcpTKbvvVwU45AUyaXRNCwuS7h5GNUf31Ga3JNFhOH19whGFWgiMAIVBb7G40bA
EFLz/ifTsXy8jSY4y5n25rtBrVm03W1dNxJBcjHsHuL0Ak2ZoJHylU/cPM+jTcpP
Ii8qBjBb4xEybIGfkbnkrgCAWCEs96/XGQTSENIna4dXtZL0sQ4ELiGGvOnuVZW2
MzcAPkfcYp8xcd9TkGMxoTBX//sCt0QYFsFnXF8+h+gUEyZ5Sk+jxZs6UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIa33jA9rv+xeMtZNDAM2T0Pb6yLMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvaHJmZU1EMnVfN0Y0eTFrME1BelpQUTl2cklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYNuMA0G
CSqGSIb3DQEBCwUAA4IBAQAbvvXdNtXGceVPPG99qv4VvgsxQ0QS9gcWaWMYjPtP
fPJL8M6D0ZgII1A0vH8ITmgfzmc0EUT/nHU4yZMn03nlbAsNKmQer5Q93hL6XRlM
U3HaRPUVViS6uX4OFlRH8uCit9EBR2wmt2aqZVEcGLwPpGaMCg0ILW6kv9OXe7yw
npz0Rw+wJw3i5zFZWdmZ2leoBCxhngkIhgdXWqK7clG4v4ehhRj/Jy2Z5L0Oiolc
rav77C1joaR4z520cVhOBLfQCYj4JZRskGtqUixtq71K9jZRyKu9nCaHJ2QC/rze
M92l6AvTJgs3vITpIzYQyzXXPOD+KKP4eESrNbjxN6Sl
-----END CERTIFICATE-----