Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/eb3e00-e2aa-447f-91f3-8a545cb35a9a/1/52rM1TLXeNL9F-vxMnLogxZvGbg.roa
File:                     52rM1TLXeNL9F-vxMnLogxZvGbg.roa (raw, json)
Hash identifier:          t74CQPsg3SU8+YzT6bR/4fFoJ3HTMThAu9/OMJSg+7c=
Subject key identifier:   E7:6A:CC:D5:32:D7:78:D2:FD:17:EB:F1:32:72:E8:83:16:6F:19:B8
Certificate issuer:       /CN=4f9004b3bf8a1e17bd6066e051896d3bebd66973
Certificate serial:       0197CA83763DDAD8EEB9B2F1D46E362F0F3B
Authority key identifier: 4F:90:04:B3:BF:8A:1E:17:BD:60:66:E0:51:89:6D:3B:EB:D6:69:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5AEs7-KHhe9YGbgUYltO-vWaXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/eb3e00-e2aa-447f-91f3-8a545cb35a9a/1/52rM1TLXeNL9F-vxMnLogxZvGbg.roa
Signing time:             Wed 02 Jul 2025 09:41:42 +0000
ROA not before:           Wed 02 Jul 2025 09:41:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201864
IP address blocks:        146.19.138.0/24 maxlen: 24
                          176.10.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/eb3e00-e2aa-447f-91f3-8a545cb35a9a/1/T5AEs7-KHhe9YGbgUYltO-vWaXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/eb3e00-e2aa-447f-91f3-8a545cb35a9a/1/T5AEs7-KHhe9YGbgUYltO-vWaXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5AEs7-KHhe9YGbgUYltO-vWaXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 09:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:83:76:3d:da:d8:ee:b9:b2:f1:d4:6e:36:2f:0f:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9004b3bf8a1e17bd6066e051896d3bebd66973
        Validity
            Not Before: Jul  2 09:41:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e76accd532d778d2fd17ebf13272e883166f19b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:27:55:3f:58:b1:6d:ba:c7:d3:aa:50:2b:d9:
                    ee:4f:78:f1:48:44:14:eb:f4:cf:04:73:d5:6d:4c:
                    19:99:89:57:07:d8:c6:9e:8f:92:2c:b7:5c:1b:68:
                    48:e3:0c:c8:e3:97:0e:97:06:a5:85:83:72:2a:d1:
                    55:bf:86:d5:58:7f:e2:0a:4b:d0:aa:b3:d0:ee:1e:
                    ab:bd:6a:0b:7c:c7:33:3f:d3:84:56:53:30:9e:49:
                    e1:c4:12:6c:be:d3:48:d9:e0:ee:11:21:ea:fd:7e:
                    c0:d8:5e:23:90:49:36:ec:c4:53:30:2e:d1:a1:19:
                    8c:f3:0e:30:ee:90:98:ef:f2:66:e2:0d:49:c0:89:
                    b7:88:86:7d:10:4a:0a:f8:25:56:85:c6:79:1f:a0:
                    c1:d8:83:e9:b6:f4:a8:2c:b8:0f:9f:cf:cc:86:cc:
                    e9:7b:01:fa:10:3f:69:81:62:50:1e:cc:3d:cd:74:
                    7b:14:7a:00:99:0a:f7:16:60:f6:48:0a:d3:f0:91:
                    e7:15:e0:4e:9e:5a:6f:a6:a0:c5:b9:5f:c1:98:17:
                    89:2e:18:67:95:ec:40:be:11:0c:e7:35:b8:ae:8c:
                    7c:9f:bf:e5:e8:ad:37:a8:19:ae:2c:4c:68:d0:e6:
                    10:4b:f7:89:50:1e:76:db:1f:83:17:70:a0:df:ed:
                    32:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:6A:CC:D5:32:D7:78:D2:FD:17:EB:F1:32:72:E8:83:16:6F:19:B8
            X509v3 Authority Key Identifier:
                keyid:4F:90:04:B3:BF:8A:1E:17:BD:60:66:E0:51:89:6D:3B:EB:D6:69:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5AEs7-KHhe9YGbgUYltO-vWaXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/eb3e00-e2aa-447f-91f3-8a545cb35a9a/1/52rM1TLXeNL9F-vxMnLogxZvGbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/eb3e00-e2aa-447f-91f3-8a545cb35a9a/1/T5AEs7-KHhe9YGbgUYltO-vWaXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.138.0/24
                  176.10.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:0e:45:94:2a:f6:70:a4:3d:25:7b:1e:b1:b1:ae:27:fd:98:
         0d:d2:ab:fa:31:b8:65:60:fc:4e:d3:63:4d:22:0d:37:8c:27:
         1b:7e:50:fe:af:ab:22:1d:b1:4d:14:7e:5a:0d:dd:56:fa:37:
         a2:66:06:99:43:fe:ed:2d:6f:0d:7a:d0:83:47:39:33:33:c8:
         c1:a4:1c:39:4a:cb:1b:70:0c:e9:13:e6:69:bc:85:65:0c:9f:
         64:cb:e3:06:3c:9f:1b:9d:58:87:91:fa:e4:c0:87:fc:d2:ac:
         41:1d:a4:33:34:08:39:fc:d1:32:f1:94:96:4d:42:42:cd:0e:
         88:ec:26:4c:8a:c1:be:7a:11:c3:57:a6:7c:df:ce:4b:bc:63:
         a6:5d:f4:ca:37:e2:bf:3b:4f:6b:15:e6:4f:a8:31:ce:ce:d5:
         1b:45:11:0c:68:80:2b:e7:a2:18:3a:f3:5a:0d:83:fc:7a:83:
         e2:85:e2:98:0b:a3:e5:ca:a7:b1:b2:d5:84:7e:49:d5:11:9f:
         6a:dd:fa:34:f5:a3:e8:0f:05:18:21:11:82:99:65:9a:49:9c:
         b7:0a:94:c2:84:a5:e8:50:8f:0a:8b:22:97:d0:13:e5:b1:5f:
         10:30:88:96:7f:c2:7a:46:e7:da:ba:16:41:6d:81:fb:d0:a0:
         ac:b0:17:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfKg3Y92tjuubLx1G42Lw87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTAwNGIzYmY4YTFlMTdiZDYwNjZlMDUxODk2ZDNiZWJk
NjY5NzMwHhcNMjUwNzAyMDk0MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzZhY2NkNTMyZDc3OGQyZmQxN2ViZjEzMjcyZTg4MzE2NmYxOWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSdVP1ixbbrH06pQK9nuT3jxSEQU
6/TPBHPVbUwZmYlXB9jGno+SLLdcG2hI4wzI45cOlwalhYNyKtFVv4bVWH/iCkvQ
qrPQ7h6rvWoLfMczP9OEVlMwnknhxBJsvtNI2eDuESHq/X7A2F4jkEk27MRTMC7R
oRmM8w4w7pCY7/Jm4g1JwIm3iIZ9EEoK+CVWhcZ5H6DB2IPptvSoLLgPn8/Mhszp
ewH6ED9pgWJQHsw9zXR7FHoAmQr3FmD2SArT8JHnFeBOnlpvpqDFuV/BmBeJLhhn
lexAvhEM5zW4rox8n7/l6K03qBmuLExo0OYQS/eJUB522x+DF3Cg3+0yRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOdqzNUy13jS/Rfr8TJy6IMWbxm4MB8GA1UdIwQY
MBaAFE+QBLO/ih4XvWBm4FGJbTvr1mlzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVBRXM3LUtIaGU5WUdiZ1VZbHRPLXZXYVhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lYjNlMDAtZTJhYS00NDdmLTkxZjMt
OGE1NDVjYjM1YTlhLzEvNTJyTTFUTFhlTkw5Ri12eE1uTG9neFp2R2JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lYjNlMDAtZTJhYS00NDdmLTkxZjMtOGE1NDVjYjM1YTlh
LzEvVDVBRXM3LUtIaGU5WUdiZ1VZbHRPLXZXYVhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhOKAwQA
sApcMA0GCSqGSIb3DQEBCwUAA4IBAQB9DkWUKvZwpD0lex6xsa4n/ZgN0qv6Mbhl
YPxO02NNIg03jCcbflD+r6siHbFNFH5aDd1W+jeiZgaZQ/7tLW8NetCDRzkzM8jB
pBw5SssbcAzpE+ZpvIVlDJ9ky+MGPJ8bnViHkfrkwIf80qxBHaQzNAg5/NEy8ZSW
TUJCzQ6I7CZMisG+ehHDV6Z8385LvGOmXfTKN+K/O09rFeZPqDHOztUbRREMaIAr
56IYOvNaDYP8eoPiheKYC6PlyqexstWEfknVEZ9q3fo09aPoDwUYIRGCmWWaSZy3
CpTChKXoUI8KiyKX0BPlsV8QMIiWf8J6RufauhZBbYH70KCssBfU
-----END CERTIFICATE-----