Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/lC34k1-t02SGTcIbuSOIkSaj8Qk.roa
File:                     lC34k1-t02SGTcIbuSOIkSaj8Qk.roa (raw, json)
Hash identifier:          6LXw7kOxd5eo2CWu5sHXILDYM0IfPyaXq884lQYULfw=
Subject key identifier:   94:2D:F8:93:5F:AD:D3:64:86:4D:C2:1B:B9:23:88:91:26:A3:F1:09
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B455BA82C972F732E59A3CAA3E5954
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/lC34k1-t02SGTcIbuSOIkSaj8Qk.roa
Signing time:             Mon 14 Jul 2025 16:11:10 +0000
ROA not before:           Mon 14 Jul 2025 16:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204154
IP address blocks:        46.17.107.0/24 maxlen: 24
                          185.172.129.0/24 maxlen: 24
                          185.200.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b4:55:ba:82:c9:72:f7:32:e5:9a:3c:aa:3e:59:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=942df8935fadd364864dc21bb923889126a3f109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:45:45:e1:e2:61:66:11:08:76:22:ab:0c:6c:
                    fa:2e:b7:50:dd:87:e9:33:92:1c:94:36:24:03:45:
                    95:e8:28:b0:df:4e:cc:14:1b:55:b1:89:75:f0:3c:
                    8f:ce:f8:ad:c5:17:e2:5b:a0:7b:7c:85:8a:61:43:
                    79:45:5f:d0:8f:45:0c:f8:67:9c:59:c1:03:be:01:
                    49:b6:95:16:46:6b:b7:a4:88:4d:9e:ad:2f:45:c2:
                    26:f7:de:65:9b:fd:42:33:62:71:ac:c0:41:46:8a:
                    bc:a1:19:1a:4f:c8:17:e5:96:1d:c3:39:3a:a2:6b:
                    30:73:f1:ba:c1:45:f6:f7:7b:18:22:f6:7b:a3:ff:
                    5a:14:80:0b:4e:a5:86:d8:80:e7:f7:ab:39:66:0b:
                    6e:00:26:67:67:f1:1a:04:a0:5e:45:5b:30:e8:0e:
                    d1:e4:4e:b0:01:56:b2:cd:84:7c:a2:c3:ea:65:f1:
                    eb:ff:f9:38:e7:2c:a7:3e:bc:6a:69:9e:a6:9f:f6:
                    bd:77:b6:62:af:7c:3c:02:aa:94:fd:de:68:6a:2f:
                    dd:5c:27:60:83:f7:41:b5:48:79:30:f2:bb:ad:c0:
                    a0:68:7d:bb:fb:77:df:ff:83:bb:d9:06:ba:76:54:
                    04:1f:9f:3b:d8:e0:b8:bf:1f:47:59:f3:2c:f4:e7:
                    e2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:2D:F8:93:5F:AD:D3:64:86:4D:C2:1B:B9:23:88:91:26:A3:F1:09
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/lC34k1-t02SGTcIbuSOIkSaj8Qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.107.0/24
                  185.172.129.0/24
                  185.200.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:41:92:68:9f:82:42:92:71:78:d5:68:2c:cf:f4:07:17:4f:
         c2:02:4f:16:ab:ba:3e:8a:4c:d1:25:e2:a6:17:25:e7:56:8e:
         d5:e5:78:58:f7:f8:bb:eb:c0:28:77:e6:5f:5e:32:7d:5e:e5:
         7f:17:2f:f0:d4:32:a3:21:c2:4c:32:90:6f:b7:50:05:21:ea:
         a7:ca:56:7f:f7:1e:e1:40:30:75:17:5c:5a:21:18:ab:72:fc:
         02:e3:5d:d1:03:3a:25:5c:ef:3f:cd:9b:35:a0:fb:6c:1f:a9:
         65:c5:b7:fd:22:4d:f0:5e:1c:0b:cb:fa:cd:8c:6a:15:0b:36:
         3c:8d:19:cf:f3:4a:04:91:34:88:66:c4:e5:85:89:07:15:83:
         a7:cd:c1:12:d8:80:c4:a1:69:b3:67:55:a5:d2:62:bf:59:b3:
         33:2d:90:db:d1:94:6f:f6:3e:b5:b2:7d:6b:0a:e4:6a:b0:06:
         0c:5b:0d:77:ea:3a:a5:eb:fb:e1:c0:97:ce:05:49:f6:1f:2a:
         3c:07:a9:43:c8:d5:e1:fa:6f:d8:3e:73:83:ff:cc:bf:08:42:
         8b:4f:28:f0:ed:0f:45:36:8a:03:35:fa:dd:6f:c6:a6:4b:db:
         f9:70:a6:1b:a9:7a:aa:d3:db:5c:53:6f:06:d2:b5:25:59:29:
         2c:0b:c3:45
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgJtFW6gsly9zLlmjyqPllUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDJkZjg5MzVmYWRkMzY0ODY0ZGMyMWJiOTIzODg5MTI2YTNmMTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUVF4eJhZhEIdiKrDGz6LrdQ3Yfp
M5IclDYkA0WV6Ciw307MFBtVsYl18DyPzvitxRfiW6B7fIWKYUN5RV/Qj0UM+Gec
WcEDvgFJtpUWRmu3pIhNnq0vRcIm995lm/1CM2JxrMBBRoq8oRkaT8gX5ZYdwzk6
omswc/G6wUX293sYIvZ7o/9aFIALTqWG2IDn96s5ZgtuACZnZ/EaBKBeRVsw6A7R
5E6wAVayzYR8osPqZfHr//k45yynPrxqaZ6mn/a9d7Zir3w8AqqU/d5oai/dXCdg
g/dBtUh5MPK7rcCgaH27+3ff/4O72Qa6dlQEH5872OC4vx9HWfMs9Ofi+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJQt+JNfrdNkhk3CG7kjiJEmo/EJMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvbEMzNGsxLXQwMlNHVGNJYnVTT0lrU2FqOFFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALhFrAwQA
uayBAwQAuci/MA0GCSqGSIb3DQEBCwUAA4IBAQCJQZJon4JCknF41Wgsz/QHF0/C
Ak8Wq7o+ikzRJeKmFyXnVo7V5XhY9/i768Aod+ZfXjJ9XuV/Fy/w1DKjIcJMMpBv
t1AFIeqnylZ/9x7hQDB1F1xaIRircvwC413RAzolXO8/zZs1oPtsH6llxbf9Ik3w
XhwLy/rNjGoVCzY8jRnP80oEkTSIZsTlhYkHFYOnzcES2IDEoWmzZ1Wl0mK/WbMz
LZDb0ZRv9j61sn1rCuRqsAYMWw136jql6/vhwJfOBUn2Hyo8B6lDyNXh+m/YPnOD
/8y/CEKLTyjw7Q9FNooDNfrdb8amS9v5cKYbqXqq09tcU28G0rUlWSksC8NF
-----END CERTIFICATE-----