Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/SgVaw9dGiBaOyFrQoF1dUXR7CDI.roa
File:                     SgVaw9dGiBaOyFrQoF1dUXR7CDI.roa (raw, json)
Hash identifier:          OI5adqW3SJrMIQGjIhmdYoxARRioxuyzaVULjGuGLRQ=
Subject key identifier:   4A:05:5A:C3:D7:46:88:16:8E:C8:5A:D0:A0:5D:5D:51:74:7B:08:32
Certificate issuer:       /CN=28c6800d74bc4105b40e77ea085ba026dbeec35f
Certificate serial:       0198365486567333FF08242EB1E289AC91A7
Authority key identifier: 28:C6:80:0D:74:BC:41:05:B4:0E:77:EA:08:5B:A0:26:DB:EE:C3:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KMaADXS8QQW0DnfqCFugJtvuw18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/SgVaw9dGiBaOyFrQoF1dUXR7CDI.roa
Signing time:             Wed 23 Jul 2025 08:09:25 +0000
ROA not before:           Wed 23 Jul 2025 08:09:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.145.232.0/23 maxlen: 23
                          45.145.234.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/KMaADXS8QQW0DnfqCFugJtvuw18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/KMaADXS8QQW0DnfqCFugJtvuw18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KMaADXS8QQW0DnfqCFugJtvuw18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:54:86:56:73:33:ff:08:24:2e:b1:e2:89:ac:91:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28c6800d74bc4105b40e77ea085ba026dbeec35f
        Validity
            Not Before: Jul 23 08:09:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a055ac3d74688168ec85ad0a05d5d51747b0832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:74:c3:34:f4:68:7a:fe:6c:a5:20:de:c6:47:
                    cd:1e:f0:d0:4c:ff:dd:3c:73:12:56:59:c6:a8:54:
                    c5:6a:39:0a:03:91:19:c6:c7:1d:6e:06:c7:97:f4:
                    dd:70:e1:db:04:84:8c:55:d1:44:f9:7a:96:d2:3b:
                    4e:2a:c9:34:7e:7b:fe:33:70:73:39:0a:13:63:39:
                    ac:7f:f1:72:dc:90:b7:97:6d:8f:54:00:a8:78:be:
                    0b:95:af:b9:10:06:fa:7f:6f:fc:c6:0e:fa:d1:dd:
                    18:34:f1:d8:13:cf:b8:92:4f:27:81:68:67:c6:a4:
                    ce:72:66:8b:9a:eb:3c:33:28:ef:1e:2e:80:9e:dc:
                    37:47:a3:f3:dc:ed:b1:94:31:88:ad:01:71:9e:ed:
                    64:30:bc:43:3c:cf:0c:cf:00:60:79:46:fc:23:61:
                    78:10:51:26:01:d3:fc:5e:dc:85:72:29:a1:14:9a:
                    b7:85:80:76:cd:7b:b5:b4:83:fb:05:2b:5e:38:7e:
                    c5:af:21:f6:85:9f:1f:c4:48:f6:0f:4f:17:8c:c6:
                    dc:7f:ae:c8:5c:23:68:95:9f:d0:24:a1:49:94:94:
                    00:30:6b:72:d7:9e:f2:01:fd:9f:50:a9:23:c0:af:
                    bf:ec:97:9d:65:89:55:a1:c3:f2:38:b9:8d:9c:38:
                    ed:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:05:5A:C3:D7:46:88:16:8E:C8:5A:D0:A0:5D:5D:51:74:7B:08:32
            X509v3 Authority Key Identifier:
                keyid:28:C6:80:0D:74:BC:41:05:B4:0E:77:EA:08:5B:A0:26:DB:EE:C3:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KMaADXS8QQW0DnfqCFugJtvuw18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/SgVaw9dGiBaOyFrQoF1dUXR7CDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/KMaADXS8QQW0DnfqCFugJtvuw18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:b6:7d:f0:03:72:58:c7:25:ab:34:76:47:cb:d1:21:48:79:
         6c:a0:75:18:5a:cd:2a:95:63:65:61:a5:59:db:71:1e:48:4e:
         34:29:6c:e2:85:a8:d4:8c:b8:ec:e7:d2:4f:d1:0d:43:15:72:
         04:08:a0:d2:32:ec:9a:ad:cc:af:30:d1:8c:16:29:9e:cd:5f:
         0d:32:6d:4f:42:dc:38:8d:b0:82:8e:7b:a4:77:ff:a6:97:37:
         8e:b1:f5:52:3b:09:1a:0f:fd:6b:f7:a7:de:4a:16:3a:30:27:
         04:e5:24:a7:30:28:c7:51:68:f0:fb:da:cb:e9:0b:08:c5:3a:
         96:98:92:91:81:68:63:29:31:ec:25:07:f0:4e:16:ef:7b:23:
         9e:0a:9d:de:77:f1:87:4c:ae:78:44:5c:09:85:7d:96:3b:44:
         dd:cd:fe:ef:6d:3b:93:24:ea:06:8c:eb:db:68:37:d4:e6:a0:
         ad:76:3c:28:e3:70:36:47:44:22:0d:b1:8f:89:30:e1:8f:64:
         32:05:01:29:01:a0:0a:c2:d6:cd:86:00:4a:e8:45:af:4e:1a:
         54:de:ed:a8:b9:1b:b8:40:2e:35:07:5b:6e:9f:56:27:f6:78:
         47:4e:cd:72:10:66:71:00:1a:98:f1:ab:28:68:81:65:29:75:
         a8:e8:c6:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg2VIZWczP/CCQuseKJrJGnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YzY4MDBkNzRiYzQxMDViNDBlNzdlYTA4NWJhMDI2ZGJl
ZWMzNWYwHhcNMjUwNzIzMDgwOTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTA1NWFjM2Q3NDY4ODE2OGVjODVhZDBhMDVkNWQ1MTc0N2IwODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHTDNPRoev5spSDexkfNHvDQTP/d
PHMSVlnGqFTFajkKA5EZxscdbgbHl/TdcOHbBISMVdFE+XqW0jtOKsk0fnv+M3Bz
OQoTYzmsf/Fy3JC3l22PVACoeL4Lla+5EAb6f2/8xg760d0YNPHYE8+4kk8ngWhn
xqTOcmaLmus8MyjvHi6Antw3R6Pz3O2xlDGIrQFxnu1kMLxDPM8MzwBgeUb8I2F4
EFEmAdP8XtyFcimhFJq3hYB2zXu1tIP7BSteOH7FryH2hZ8fxEj2D08XjMbcf67I
XCNolZ/QJKFJlJQAMGty157yAf2fUKkjwK+/7JedZYlVocPyOLmNnDjtDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEoFWsPXRogWjsha0KBdXVF0ewgyMB8GA1UdIwQY
MBaAFCjGgA10vEEFtA536ghboCbb7sNfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS01hQURYUzhRUVcwRG5mcUNGdWdKdHZ1dzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8yNDI5MTEtOTNjMC00NWU3LTkwMTIt
NDkzOWJiZmRmYjg2LzEvU2dWYXc5ZEdpQmFPeUZyUW9GMWRVWFI3Q0RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8yNDI5MTEtOTNjMC00NWU3LTkwMTItNDkzOWJiZmRmYjg2
LzEvS01hQURYUzhRUVcwRG5mcUNGdWdKdHZ1dzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZHoMA0G
CSqGSIb3DQEBCwUAA4IBAQAvtn3wA3JYxyWrNHZHy9EhSHlsoHUYWs0qlWNlYaVZ
23EeSE40KWzihajUjLjs59JP0Q1DFXIECKDSMuyarcyvMNGMFimezV8NMm1PQtw4
jbCCjnukd/+mlzeOsfVSOwkaD/1r96feShY6MCcE5SSnMCjHUWjw+9rL6QsIxTqW
mJKRgWhjKTHsJQfwThbveyOeCp3ed/GHTK54RFwJhX2WO0Tdzf7vbTuTJOoGjOvb
aDfU5qCtdjwo43A2R0QiDbGPiTDhj2QyBQEpAaAKwtbNhgBK6EWvThpU3u2ouRu4
QC41B1tun1Yn9nhHTs1yEGZxABqY8asoaIFlKXWo6Maw
-----END CERTIFICATE-----