Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/25b61b-37e9-4408-acc1-87c03cdd7f9f/1/M95FjIFFe7FE8GSWYSZYw7JDajo.roa
File:                     M95FjIFFe7FE8GSWYSZYw7JDajo.roa (raw, json)
Hash identifier:          NrgUx/KwCI45z+00qu3mq53IxB/PSBwR22i9a5VwK5U=
Subject key identifier:   33:DE:45:8C:81:45:7B:B1:44:F0:64:96:61:26:58:C3:B2:43:6A:3A
Certificate issuer:       /CN=d24482331fe3761de53a99bd37c8fd6a6f9fa007
Certificate serial:       0197E99F1D977C761E4108BD38BA43CC8B40
Authority key identifier: D2:44:82:33:1F:E3:76:1D:E5:3A:99:BD:37:C8:FD:6A:6F:9F:A0:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0kSCMx_jdh3lOpm9N8j9am-foAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/25b61b-37e9-4408-acc1-87c03cdd7f9f/1/M95FjIFFe7FE8GSWYSZYw7JDajo.roa
Signing time:             Tue 08 Jul 2025 10:40:08 +0000
ROA not before:           Tue 08 Jul 2025 10:40:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198022
IP address blocks:        45.143.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/25b61b-37e9-4408-acc1-87c03cdd7f9f/1/0kSCMx_jdh3lOpm9N8j9am-foAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/25b61b-37e9-4408-acc1-87c03cdd7f9f/1/0kSCMx_jdh3lOpm9N8j9am-foAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0kSCMx_jdh3lOpm9N8j9am-foAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:9f:1d:97:7c:76:1e:41:08:bd:38:ba:43:cc:8b:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d24482331fe3761de53a99bd37c8fd6a6f9fa007
        Validity
            Not Before: Jul  8 10:40:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33de458c81457bb144f06496612658c3b2436a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:32:90:ae:b8:30:86:43:50:56:37:e6:cf:32:
                    58:16:54:5a:8f:0d:45:7c:e4:77:c1:dd:1a:04:b7:
                    79:30:7e:d8:b5:8d:f2:ed:eb:20:24:39:cc:82:07:
                    f3:2d:b1:a8:93:65:70:27:48:25:11:85:cd:07:84:
                    5c:62:e4:aa:5e:fe:5e:a3:63:40:2e:44:71:f9:7f:
                    ee:82:75:47:cf:94:e8:e0:bc:b0:85:9d:ae:fc:6a:
                    c3:99:ef:81:29:ad:ad:f0:8b:9d:7e:d8:54:8a:d9:
                    01:2e:bd:1a:24:b3:b0:05:a5:c2:92:68:66:b0:7d:
                    e9:8c:c2:2f:a4:1f:b5:e6:b1:42:63:3c:9e:a8:aa:
                    56:a8:97:9f:1c:49:01:64:f1:10:47:eb:76:d9:b3:
                    6c:a7:49:2f:1b:4c:0e:43:f1:22:6b:ee:a3:ea:ce:
                    10:2b:4f:8f:b2:f0:d6:a9:5c:10:fa:d8:fd:4b:2d:
                    72:40:be:2d:d6:0b:8d:b5:4e:9a:74:de:c5:a1:d7:
                    02:f0:20:28:47:db:af:b7:e0:63:fe:3e:e9:99:2f:
                    d9:35:6d:df:cf:7d:e8:42:ee:be:d1:49:8e:ea:f3:
                    90:f5:e3:91:a5:cf:2d:b8:62:ff:ce:ac:67:55:b1:
                    9f:88:b9:09:f5:c9:77:13:4e:c5:40:f8:07:ed:f8:
                    b8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:DE:45:8C:81:45:7B:B1:44:F0:64:96:61:26:58:C3:B2:43:6A:3A
            X509v3 Authority Key Identifier:
                keyid:D2:44:82:33:1F:E3:76:1D:E5:3A:99:BD:37:C8:FD:6A:6F:9F:A0:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0kSCMx_jdh3lOpm9N8j9am-foAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/25b61b-37e9-4408-acc1-87c03cdd7f9f/1/M95FjIFFe7FE8GSWYSZYw7JDajo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/25b61b-37e9-4408-acc1-87c03cdd7f9f/1/0kSCMx_jdh3lOpm9N8j9am-foAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:18:21:87:e9:02:3c:a9:90:51:b9:59:ad:f5:12:e0:5e:27:
         47:99:eb:94:e4:07:02:05:6d:01:61:1a:3a:e5:f8:a7:88:21:
         e7:36:4a:95:99:21:02:06:82:4c:24:df:1b:f4:b8:be:0e:86:
         4c:e4:92:6e:9a:72:72:1d:85:91:e6:99:40:8a:47:0a:a3:47:
         07:73:25:4e:f1:c8:43:ae:a0:9f:4d:87:c1:22:dc:00:0d:d8:
         73:55:55:93:4c:ce:ec:4b:4d:fc:54:98:9c:27:ac:8a:b9:fe:
         24:69:63:a6:fd:a8:39:7d:fd:57:f2:1d:ec:37:66:91:44:94:
         f8:6c:a4:4e:1a:78:9b:9d:47:9e:a5:e6:d6:10:6e:e0:76:ac:
         92:ea:d6:04:f7:bc:e3:d3:2e:25:36:09:06:79:4e:68:57:14:
         6c:a5:12:af:74:cc:a0:c3:e6:db:0e:1d:6d:c2:2e:a7:a1:df:
         b5:c4:b7:82:38:f7:77:fc:ea:e2:33:da:6b:fa:26:f3:e7:1c:
         cc:3e:83:bd:d9:6e:6a:ad:58:38:8f:c5:c8:fe:b1:88:d8:db:
         81:25:ad:61:fd:0d:8b:3b:f9:38:84:7c:a3:fc:60:28:e0:57:
         ea:ad:22:d3:83:59:a4:ac:28:a6:03:22:03:9d:7d:17:c4:e8:
         64:f8:cd:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfpnx2XfHYeQQi9OLpDzItAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNDQ4MjMzMWZlMzc2MWRlNTNhOTliZDM3YzhmZDZhNmY5
ZmEwMDcwHhcNMjUwNzA4MTA0MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2RlNDU4YzgxNDU3YmIxNDRmMDY0OTY2MTI2NThjM2IyNDM2YTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjKQrrgwhkNQVjfmzzJYFlRajw1F
fOR3wd0aBLd5MH7YtY3y7esgJDnMggfzLbGok2VwJ0glEYXNB4RcYuSqXv5eo2NA
LkRx+X/ugnVHz5To4LywhZ2u/GrDme+BKa2t8IudfthUitkBLr0aJLOwBaXCkmhm
sH3pjMIvpB+15rFCYzyeqKpWqJefHEkBZPEQR+t22bNsp0kvG0wOQ/Eia+6j6s4Q
K0+PsvDWqVwQ+tj9Sy1yQL4t1guNtU6adN7FodcC8CAoR9uvt+Bj/j7pmS/ZNW3f
z33oQu6+0UmO6vOQ9eORpc8tuGL/zqxnVbGfiLkJ9cl3E07FQPgH7fi4lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPeRYyBRXuxRPBklmEmWMOyQ2o6MB8GA1UdIwQY
MBaAFNJEgjMf43Yd5TqZvTfI/Wpvn6AHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGtTQ014X2pkaDNsT3BtOU44ajlhbS1mb0FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yNWI2MWItMzdlOS00NDA4LWFjYzEt
ODdjMDNjZGQ3ZjlmLzEvTTk1RmpJRkZlN0ZFOEdTV1lTWll3N0pEYWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yNWI2MWItMzdlOS00NDA4LWFjYzEtODdjMDNjZGQ3Zjlm
LzEvMGtTQ014X2pkaDNsT3BtOU44ajlhbS1mb0FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY+4MA0G
CSqGSIb3DQEBCwUAA4IBAQBOGCGH6QI8qZBRuVmt9RLgXidHmeuU5AcCBW0BYRo6
5finiCHnNkqVmSECBoJMJN8b9Li+DoZM5JJumnJyHYWR5plAikcKo0cHcyVO8chD
rqCfTYfBItwADdhzVVWTTM7sS038VJicJ6yKuf4kaWOm/ag5ff1X8h3sN2aRRJT4
bKROGnibnUeepebWEG7gdqyS6tYE97zj0y4lNgkGeU5oVxRspRKvdMygw+bbDh1t
wi6nod+1xLeCOPd3/OriM9pr+ibz5xzMPoO92W5qrVg4j8XI/rGI2NuBJa1h/Q2L
O/k4hHyj/GAo4FfqrSLTg1mkrCimAyIDnX0XxOhk+M1Q
-----END CERTIFICATE-----