Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/KSVx5eK-3Ok_QmYL4im4M-Q40k8.roa
File:                     KSVx5eK-3Ok_QmYL4im4M-Q40k8.roa (raw, json)
Hash identifier:          gQeWTiK5+qSnrhI6AwN5oqTQ9qQDhfD+Jat8wDysEss=
Subject key identifier:   29:25:71:E5:E2:BE:DC:E9:3F:42:66:0B:E2:29:B8:33:E4:38:D2:4F
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B53E7984608526C7B817538CB42A23
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/KSVx5eK-3Ok_QmYL4im4M-Q40k8.roa
Signing time:             Mon 14 Jul 2025 16:12:09 +0000
ROA not before:           Mon 14 Jul 2025 16:12:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207577
IP address blocks:        45.142.123.0/24 maxlen: 24
                          195.66.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b5:3e:79:84:60:85:26:c7:b8:17:53:8c:b4:2a:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:12:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=292571e5e2bedce93f42660be229b833e438d24f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a0:ab:92:51:30:5f:23:fc:08:5b:58:76:8a:
                    a6:17:a0:60:d0:e8:85:97:54:7f:cd:10:83:2f:47:
                    2a:9d:49:7b:e6:99:af:5c:03:50:3b:ab:3b:38:aa:
                    d9:cb:37:5d:55:63:61:c3:2d:56:67:fc:9b:37:c8:
                    56:d5:e7:6b:37:19:95:77:5e:98:2d:38:e6:19:3c:
                    9c:b6:c1:38:3e:89:cd:f5:b9:46:22:fc:89:4a:d7:
                    dc:81:73:52:8d:4f:71:dd:9e:b0:95:b4:cf:a4:e2:
                    52:2c:09:80:7d:24:d1:48:8b:c3:8a:53:2e:67:bf:
                    2f:2e:8a:3e:b1:0a:74:03:fa:c7:40:36:89:3d:eb:
                    20:ba:29:3d:11:c9:af:29:ec:cc:9a:79:5b:8e:4b:
                    96:e8:f0:cc:c1:74:44:d4:63:d8:d9:b6:0d:de:f8:
                    d2:74:fb:61:e1:fd:6a:4f:21:b4:85:16:33:7c:74:
                    e9:f4:55:6a:a8:57:6a:08:e3:cf:ec:50:65:d7:ca:
                    5d:4f:03:b1:30:08:f3:ec:c2:ad:d5:07:f7:af:0e:
                    36:fc:f2:cd:30:2c:e4:81:ef:df:d4:67:24:d1:0d:
                    b0:cb:5d:42:3d:be:d3:21:9d:e2:05:8c:d7:b2:d5:
                    50:6c:5d:30:5e:76:23:8e:72:1c:85:c7:62:14:f7:
                    93:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:25:71:E5:E2:BE:DC:E9:3F:42:66:0B:E2:29:B8:33:E4:38:D2:4F
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/KSVx5eK-3Ok_QmYL4im4M-Q40k8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.123.0/24
                  195.66.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:34:39:31:d0:8f:79:da:27:a8:76:91:dd:99:ab:f0:b5:e1:
         f7:64:a0:49:e6:6c:cb:6b:16:e4:fa:40:21:fc:b2:22:fa:bb:
         06:74:a6:13:d3:f6:ff:d6:3a:c9:a0:f9:2f:fa:37:15:53:01:
         35:a0:af:e3:17:5b:e7:78:d4:d8:1b:9d:f8:82:83:39:3f:73:
         17:5f:5e:1b:07:9d:94:3a:ea:f1:59:a9:e4:62:4e:0e:d5:e3:
         e7:cd:8c:6b:80:9f:cc:cb:7c:ae:85:62:83:f6:cc:cd:8f:e7:
         8e:a6:54:33:6f:7b:7f:fe:4b:90:83:3f:6b:d0:de:24:4e:0a:
         24:97:2e:c9:5a:d6:cc:63:81:eb:67:ba:b9:03:e2:a4:de:14:
         ac:33:0b:42:04:83:8e:47:ed:b6:64:76:25:c1:70:ae:0b:ca:
         be:75:ea:5a:d5:2a:0e:4f:27:80:7e:8f:31:e4:34:c8:ad:a7:
         31:67:84:a7:71:f7:73:9e:de:2c:47:16:c6:41:65:a7:db:5c:
         a4:21:ac:f1:96:c3:c0:c1:67:97:d9:c3:c4:e6:ac:09:b8:d9:
         f7:d6:7e:82:85:86:ac:94:96:6d:9f:e5:58:1d:8b:21:ca:e7:
         bc:ef:07:fb:42:49:14:5b:5b:28:dc:d3:49:3e:f7:4e:a3:62:
         6d:78:78:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgJtT55hGCFJse4F1OMtCojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTI1NzFlNWUyYmVkY2U5M2Y0MjY2MGJlMjI5YjgzM2U0MzhkMjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaCrklEwXyP8CFtYdoqmF6Bg0OiF
l1R/zRCDL0cqnUl75pmvXANQO6s7OKrZyzddVWNhwy1WZ/ybN8hW1edrNxmVd16Y
LTjmGTyctsE4PonN9blGIvyJStfcgXNSjU9x3Z6wlbTPpOJSLAmAfSTRSIvDilMu
Z78vLoo+sQp0A/rHQDaJPesguik9EcmvKezMmnlbjkuW6PDMwXRE1GPY2bYN3vjS
dPth4f1qTyG0hRYzfHTp9FVqqFdqCOPP7FBl18pdTwOxMAjz7MKt1Qf3rw42/PLN
MCzkge/f1Gck0Q2wy11CPb7TIZ3iBYzXstVQbF0wXnYjjnIchcdiFPeT+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCklceXivtzpP0JmC+IpuDPkONJPMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvS1NWeDVlSy0zT2tfUW1ZTDRpbTRNLVE0MGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY57AwQA
w0JoMA0GCSqGSIb3DQEBCwUAA4IBAQA7NDkx0I952ieodpHdmavwteH3ZKBJ5mzL
axbk+kAh/LIi+rsGdKYT0/b/1jrJoPkv+jcVUwE1oK/jF1vneNTYG534goM5P3MX
X14bB52UOurxWankYk4O1ePnzYxrgJ/My3yuhWKD9szNj+eOplQzb3t//kuQgz9r
0N4kTgokly7JWtbMY4HrZ7q5A+Kk3hSsMwtCBIOOR+22ZHYlwXCuC8q+depa1SoO
TyeAfo8x5DTIracxZ4Sncfdznt4sRxbGQWWn21ykIazxlsPAwWeX2cPE5qwJuNn3
1n6ChYaslJZtn+VYHYshyue87wf7QkkUW1so3NNJPvdOo2JteHgs
-----END CERTIFICATE-----