Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/PWSfCZt09MdS0QQvAR2pXMY6SkU.roa
File:                     PWSfCZt09MdS0QQvAR2pXMY6SkU.roa (raw, json)
Hash identifier:          VBjVP2VmUWdbTbx4QWa5MBdLEthK/+ye620Bo5kalbk=
Subject key identifier:   3D:64:9F:09:9B:74:F4:C7:52:D1:04:2F:01:1D:A9:5C:C6:3A:4A:45
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       01982B63ECCFC28493B4F107AFB89ABEA018
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/PWSfCZt09MdS0QQvAR2pXMY6SkU.roa
Signing time:             Mon 21 Jul 2025 05:10:25 +0000
ROA not before:           Mon 21 Jul 2025 05:10:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22773
IP address blocks:        92.71.72.0/21 maxlen: 24
                          92.71.80.0/20 maxlen: 24
                          92.71.100.0/22 maxlen: 24
                          92.71.104.0/21 maxlen: 24
                          92.71.112.0/21 maxlen: 24
                          92.71.120.0/22 maxlen: 24
                          213.201.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 19:28:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2b:63:ec:cf:c2:84:93:b4:f1:07:af:b8:9a:be:a0:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jul 21 05:10:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d649f099b74f4c752d1042f011da95cc63a4a45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cf:40:e0:b8:10:5c:a4:12:50:e4:2d:54:49:
                    c3:21:d1:7f:a1:c5:a2:a3:61:52:81:c5:ad:08:e7:
                    d4:74:28:46:9f:6c:0c:28:f9:c1:07:33:b4:e8:f3:
                    55:7c:46:7e:cb:e7:cd:c2:a2:48:9e:26:e7:93:77:
                    cd:ba:f4:f3:0e:64:3c:d9:cf:76:8d:e4:10:dc:41:
                    96:1a:83:bb:49:86:d2:d1:74:61:b9:41:43:3a:72:
                    39:1d:73:06:cd:ed:f2:bc:0f:dd:eb:ca:02:0b:17:
                    e8:8a:f7:d2:8e:50:37:bd:6b:b2:b1:f2:73:fe:86:
                    8b:9f:11:1a:5f:3d:1d:81:d8:fc:17:6f:39:b0:7b:
                    ca:b8:fe:28:b6:cb:5b:f7:bb:6b:7f:49:a8:ea:73:
                    8d:65:b8:20:b2:92:6b:1f:ca:1b:79:1b:cc:46:26:
                    02:0c:ce:e2:7e:47:c0:8b:c1:c4:76:09:4f:e3:e0:
                    7d:e9:d1:b5:b4:ff:40:da:1b:8c:9d:17:9c:cb:d4:
                    1c:cd:ad:e0:9b:72:07:8f:2c:e2:68:13:f0:5f:5c:
                    90:f5:59:18:d0:1a:8f:10:de:3c:75:4c:21:33:36:
                    ab:63:fb:05:78:04:30:1e:ca:65:99:04:9c:0d:f3:
                    3b:41:4b:1b:3c:92:a5:ad:55:0d:84:61:76:3a:5f:
                    ae:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:64:9F:09:9B:74:F4:C7:52:D1:04:2F:01:1D:A9:5C:C6:3A:4A:45
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/PWSfCZt09MdS0QQvAR2pXMY6SkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.71.72.0-92.71.95.255
                  92.71.100.0-92.71.123.255
                  213.201.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:8a:18:c3:bb:f0:c4:c6:63:2c:fc:c0:57:d7:17:d8:fa:d9:
         3a:06:63:c7:f2:70:e3:d7:b8:d7:65:4c:9c:8c:f1:0e:40:ef:
         15:31:1b:83:2b:54:81:0f:94:b5:6d:d3:24:cb:37:e9:46:c1:
         cd:cd:62:0b:88:76:e2:99:0f:be:fc:c3:7d:7c:17:83:31:bc:
         79:7f:88:aa:4f:6c:e2:90:dd:0b:43:c1:f5:44:dd:36:d4:08:
         44:73:62:22:33:8c:23:f0:19:59:69:b8:42:20:28:e2:ee:34:
         23:8e:c5:e8:4a:41:93:25:ea:d3:d9:bd:67:b9:31:d6:42:30:
         96:c2:d3:0f:08:32:49:18:bd:38:77:51:24:58:8f:b2:30:77:
         68:9f:43:dc:a2:f4:d2:80:2c:17:8e:c5:a1:8c:8e:78:28:3e:
         69:dd:24:6d:aa:e9:9e:51:e3:1a:93:9c:b5:22:41:63:e2:cd:
         89:66:0e:fd:cc:32:e2:9b:b7:d5:7a:d4:9d:0a:57:fb:6b:88:
         7c:ba:0b:cc:31:c7:d3:b0:aa:66:5e:bd:25:87:e7:c3:bf:a3:
         88:c1:59:d3:3a:05:e2:84:57:5c:d1:f1:53:20:5c:7e:34:50:
         83:e2:16:55:9a:40:59:fe:a0:57:63:dd:c3:6f:b1:2a:f4:3c:
         de:57:f4:5f
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZgrY+zPwoSTtPEHr7iavqAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNzIxMDUxMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDY0OWYwOTliNzRmNGM3NTJkMTA0MmYwMTFkYTk1Y2M2M2E0YTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmM9A4LgQXKQSUOQtVEnDIdF/ocWi
o2FSgcWtCOfUdChGn2wMKPnBBzO06PNVfEZ+y+fNwqJInibnk3fNuvTzDmQ82c92
jeQQ3EGWGoO7SYbS0XRhuUFDOnI5HXMGze3yvA/d68oCCxfoivfSjlA3vWuysfJz
/oaLnxEaXz0dgdj8F285sHvKuP4otstb97trf0mo6nONZbggspJrH8obeRvMRiYC
DM7ifkfAi8HEdglP4+B96dG1tP9A2huMnRecy9Qcza3gm3IHjyziaBPwX1yQ9VkY
0BqPEN48dUwhMzarY/sFeAQwHsplmQScDfM7QUsbPJKlrVUNhGF2Ol+uIQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFD1knwmbdPTHUtEELwEdqVzGOkpFMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvUFdTZkNadDA5TWRTMFFRdkFSMnBYTVk2U2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBANcR0gD
BAVcR0AwDAMEAlxHZAMEAlxHeAMEAtXJ9DANBgkqhkiG9w0BAQsFAAOCAQEAqIoY
w7vwxMZjLPzAV9cX2PrZOgZjx/Jw49e412VMnIzxDkDvFTEbgytUgQ+UtW3TJMs3
6UbBzc1iC4h24pkPvvzDfXwXgzG8eX+Iqk9s4pDdC0PB9UTdNtQIRHNiIjOMI/AZ
WWm4QiAo4u40I47F6EpBkyXq09m9Z7kx1kIwlsLTDwgySRi9OHdRJFiPsjB3aJ9D
3KL00oAsF47FoYyOeCg+ad0kbarpnlHjGpOctSJBY+LNiWYO/cwy4pu31XrUnQpX
+2uIfLoLzDHH07CqZl69JYfnw7+jiMFZ0zoF4oRXXNHxUyBcfjRQg+IWVZpAWf6g
V2Pdw2+xKvQ83lf0Xw==
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:14:09 2025 by rpki-client