Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/XFVHFxDUYwG4UlIAsaKEO88ZI_A.roa
File:                     XFVHFxDUYwG4UlIAsaKEO88ZI_A.roa (raw, json)
Hash identifier:          +oKx8kq8jipWi7psVTpSszgMkHlaDLxhaTtm05lR0oU=
Subject key identifier:   5C:55:47:17:10:D4:63:01:B8:52:52:00:B1:A2:84:3B:CF:19:23:F0
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0197BFC5D9932F18573780E3D4166E8E9DB9
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/XFVHFxDUYwG4UlIAsaKEO88ZI_A.roa
Signing time:             Mon 30 Jun 2025 07:38:23 +0000
ROA not before:           Mon 30 Jun 2025 07:38:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42881
IP address blocks:        45.145.176.0/22 maxlen: 22
                          195.88.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:c5:d9:93:2f:18:57:37:80:e3:d4:16:6e:8e:9d:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jun 30 07:38:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c55471710d46301b8525200b1a2843bcf1923f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a0:d0:00:4a:43:af:d7:af:7a:b0:b1:33:a1:
                    59:46:7c:6e:5f:7f:d7:90:a1:4e:63:e6:a1:08:dd:
                    ee:48:31:69:01:e1:f4:42:34:8e:e9:5a:36:69:b5:
                    35:17:b7:90:ab:7d:6c:fb:8c:86:92:82:1a:75:3b:
                    c1:48:f0:9a:78:42:16:5f:8b:58:79:9b:12:fb:ef:
                    0e:ab:d8:11:85:99:ba:b9:40:74:ec:52:31:7b:2e:
                    e1:2c:d4:9d:d7:58:c2:93:bd:46:79:9a:7f:5d:fc:
                    18:8e:bf:ce:07:0e:2d:83:ea:c9:a6:c7:ba:5e:c4:
                    fa:ba:5a:6e:5c:aa:83:7e:8d:07:e2:60:ef:4e:bb:
                    81:04:41:0a:a3:a3:54:89:ed:64:a8:09:07:8d:40:
                    f9:4f:9e:29:94:a5:8c:76:dd:df:4f:37:3f:16:8d:
                    b2:f9:a2:38:f2:82:6e:fb:a8:0e:d0:79:84:09:96:
                    91:7b:70:6d:7d:26:6b:6b:e7:4b:d7:3c:3e:55:39:
                    e4:09:80:bd:ba:13:0f:e9:a9:dd:ba:78:41:c3:db:
                    4c:b3:60:3d:f8:53:32:47:c5:0a:de:fe:b7:b6:38:
                    3c:9d:4a:4d:3a:9c:ce:0b:97:43:5f:da:b3:a3:6b:
                    ab:88:62:14:6a:02:d9:e0:47:55:ed:be:9e:cf:c9:
                    6a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:55:47:17:10:D4:63:01:B8:52:52:00:B1:A2:84:3B:CF:19:23:F0
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/XFVHFxDUYwG4UlIAsaKEO88ZI_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.176.0/22
                  195.88.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:38:d5:3b:7a:cf:5f:dc:80:97:5c:5a:36:eb:33:1e:77:f9:
         62:08:52:79:1b:60:19:9a:f0:fc:5d:0e:40:c7:3f:38:f2:20:
         ef:3a:ea:c9:da:96:eb:17:02:7c:83:26:99:63:4c:06:0d:70:
         7f:34:bb:86:e3:4a:f3:84:51:90:8d:f3:3f:90:f1:4f:65:83:
         5a:01:ba:7e:37:88:df:b5:b0:dc:bf:80:4f:2b:07:da:cc:14:
         c4:79:d8:d8:c2:dd:3c:a3:2c:be:d9:0e:b3:e4:a0:62:85:dc:
         6b:fc:ff:26:c8:0d:a6:a7:68:28:ba:13:7a:6a:23:e0:40:cb:
         9c:80:c9:44:46:e0:cd:98:24:3d:64:6c:5d:a9:a9:dd:57:74:
         7f:33:2c:7a:b1:ca:e2:ab:b3:4b:ab:40:3e:91:31:fa:e6:37:
         b1:ea:f9:e2:fa:d9:fe:ba:1b:cf:7b:3a:50:b9:0f:31:b7:35:
         6f:f8:bd:d6:cc:0e:11:8a:ef:01:4d:0b:0e:d3:01:ee:f9:57:
         69:72:d6:55:f0:6b:c6:8c:1a:5b:bb:b3:ad:80:a4:2c:22:31:
         20:c9:e0:16:0d:89:e0:f1:eb:1e:c8:7d:b3:44:41:e7:e7:c6:
         17:0f:49:f6:d1:f9:7b:15:33:0a:a8:24:19:43:ca:97:28:76:
         10:f2:6e:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZe/xdmTLxhXN4Dj1BZujp25MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwNjMwMDczODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzU1NDcxNzEwZDQ2MzAxYjg1MjUyMDBiMWEyODQzYmNmMTkyM2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6DQAEpDr9everCxM6FZRnxuX3/X
kKFOY+ahCN3uSDFpAeH0QjSO6Vo2abU1F7eQq31s+4yGkoIadTvBSPCaeEIWX4tY
eZsS++8Oq9gRhZm6uUB07FIxey7hLNSd11jCk71GeZp/XfwYjr/OBw4tg+rJpse6
XsT6ulpuXKqDfo0H4mDvTruBBEEKo6NUie1kqAkHjUD5T54plKWMdt3fTzc/Fo2y
+aI48oJu+6gO0HmECZaRe3BtfSZra+dL1zw+VTnkCYC9uhMP6andunhBw9tMs2A9
+FMyR8UK3v63tjg8nUpNOpzOC5dDX9qzo2uriGIUagLZ4EdV7b6ez8lq/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFxVRxcQ1GMBuFJSALGihDvPGSPwMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvWEZWSEZ4RFVZd0c0VWxJQXNhS0VPODhaSV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZGwAwQB
w1iSMA0GCSqGSIb3DQEBCwUAA4IBAQBHONU7es9f3ICXXFo26zMed/liCFJ5G2AZ
mvD8XQ5Axz848iDvOurJ2pbrFwJ8gyaZY0wGDXB/NLuG40rzhFGQjfM/kPFPZYNa
Abp+N4jftbDcv4BPKwfazBTEedjYwt08oyy+2Q6z5KBihdxr/P8myA2mp2gouhN6
aiPgQMucgMlERuDNmCQ9ZGxdqandV3R/Myx6scriq7NLq0A+kTH65jex6vni+tn+
uhvPezpQuQ8xtzVv+L3WzA4Riu8BTQsO0wHu+VdpctZV8GvGjBpbu7OtgKQsIjEg
yeAWDYng8eseyH2zREHn58YXD0n20fl7FTMKqCQZQ8qXKHYQ8m5E
-----END CERTIFICATE-----