Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/9kQSFx9NBgdYOUE_u_QQ1xrVHjM.roa
File:                     9kQSFx9NBgdYOUE_u_QQ1xrVHjM.roa (raw, json)
Hash identifier:          nF34ztaCx4lsDpWaNHXR5tZ2u4WJ9TVd0nOUtCtY/2Y=
Subject key identifier:   F6:44:12:17:1F:4D:06:07:58:39:41:3F:BB:F4:10:D7:1A:D5:1E:33
Certificate issuer:       /CN=7672c0fe08371764058c6ab85dfb5dcdc109f77e
Certificate serial:       01980AB76937F2DC31DE02F15473384B3AE9
Authority key identifier: 76:72:C0:FE:08:37:17:64:05:8C:6A:B8:5D:FB:5D:CD:C1:09:F7:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dnLA_gg3F2QFjGq4XftdzcEJ934.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/9kQSFx9NBgdYOUE_u_QQ1xrVHjM.roa
Signing time:             Mon 14 Jul 2025 20:54:08 +0000
ROA not before:           Mon 14 Jul 2025 20:54:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44559
IP address blocks:        185.43.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/dnLA_gg3F2QFjGq4XftdzcEJ934.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/dnLA_gg3F2QFjGq4XftdzcEJ934.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dnLA_gg3F2QFjGq4XftdzcEJ934.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0a:b7:69:37:f2:dc:31:de:02:f1:54:73:38:4b:3a:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7672c0fe08371764058c6ab85dfb5dcdc109f77e
        Validity
            Not Before: Jul 14 20:54:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f64412171f4d06075839413fbbf410d71ad51e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:70:51:b8:dd:ac:c3:04:59:99:c4:97:64:ce:
                    65:ef:8a:21:f1:4d:5b:0e:0c:f7:28:75:4f:9b:52:
                    91:57:cb:a4:63:a5:f5:dc:97:99:f2:48:3e:7b:88:
                    c3:fb:28:fd:b5:f0:bc:52:22:5b:00:3f:4f:40:7c:
                    ab:31:38:53:8a:1b:af:56:1f:40:00:54:0d:77:a2:
                    a9:37:9c:d1:a8:5e:62:ec:9d:61:75:c7:50:78:74:
                    84:d8:b5:08:69:95:c9:97:31:c6:14:85:a7:65:be:
                    1b:b4:6c:70:9d:28:e5:98:dc:87:28:04:aa:b0:da:
                    fd:15:2a:33:55:a6:d2:92:e7:38:10:8b:b9:69:9a:
                    3c:43:b7:00:c7:cf:f0:97:ec:c2:3b:c1:8d:c5:de:
                    c7:ed:00:01:0b:99:91:e7:2e:c6:09:ae:2d:3d:2a:
                    9e:96:ce:3d:5d:19:4b:68:7b:73:a5:4c:0e:05:97:
                    7c:f7:b3:ce:68:c2:31:4e:97:24:b4:31:21:08:31:
                    77:cd:40:f4:cd:3d:2a:b1:b1:5a:04:68:f7:14:48:
                    dd:be:70:3b:0d:8d:ad:e7:e4:bd:fe:ab:36:22:f6:
                    3d:41:01:11:bc:0a:c6:52:92:67:9b:84:58:f7:c8:
                    b1:b4:73:a1:4d:a7:49:f4:5f:ec:28:0b:fc:69:b4:
                    b4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:44:12:17:1F:4D:06:07:58:39:41:3F:BB:F4:10:D7:1A:D5:1E:33
            X509v3 Authority Key Identifier:
                keyid:76:72:C0:FE:08:37:17:64:05:8C:6A:B8:5D:FB:5D:CD:C1:09:F7:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dnLA_gg3F2QFjGq4XftdzcEJ934.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/9kQSFx9NBgdYOUE_u_QQ1xrVHjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c9f2f6-191d-4f0f-a3c4-c3c80e4704e4/1/dnLA_gg3F2QFjGq4XftdzcEJ934.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:ff:24:e8:49:fa:a9:b4:b9:a2:92:ab:35:4d:19:22:ac:e9:
         5f:fd:f8:95:84:c7:f8:e3:9a:e7:3b:95:1a:f8:f0:f1:09:93:
         6f:1c:35:47:4e:15:ed:d5:c7:47:25:04:d6:f8:fb:a6:dc:db:
         35:38:60:87:b5:84:7e:70:42:83:f3:d3:5e:3b:5a:7e:d9:b8:
         95:d4:a9:e0:cd:89:0b:0d:1b:01:60:5e:51:4a:66:a7:2f:5c:
         a5:89:cc:de:c6:db:75:47:6b:5e:16:79:95:41:2c:e7:60:e9:
         c1:a6:db:71:2e:69:e8:46:3f:93:a0:ec:3d:5a:df:4a:a5:c6:
         c8:51:6c:27:26:72:e1:36:41:fe:b4:9e:0b:2d:85:39:9d:e7:
         5b:b3:70:fd:ef:98:12:40:e0:ba:c6:f4:21:b9:47:78:fc:d2:
         3e:07:6d:c5:09:1a:69:7f:ec:46:26:c3:de:4d:75:2d:2b:95:
         10:e2:e1:eb:31:8e:0f:2f:a5:0f:57:0e:09:7e:8a:17:ec:4b:
         f7:c2:38:65:cc:a4:1b:98:c8:38:79:96:b0:e7:16:d4:de:34:
         46:cc:a6:98:e8:62:c4:ba:2b:de:02:47:59:99:26:2f:75:d2:
         59:14:e1:ad:93:54:5d:6c:88:b3:5d:47:43:23:64:95:29:97:
         f7:e4:8b:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgKt2k38twx3gLxVHM4SzrpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NzJjMGZlMDgzNzE3NjQwNThjNmFiODVkZmI1ZGNkYzEw
OWY3N2UwHhcNMjUwNzE0MjA1NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjQ0MTIxNzFmNGQwNjA3NTgzOTQxM2ZiYmY0MTBkNzFhZDUxZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XBRuN2swwRZmcSXZM5l74oh8U1b
Dgz3KHVPm1KRV8ukY6X13JeZ8kg+e4jD+yj9tfC8UiJbAD9PQHyrMThTihuvVh9A
AFQNd6KpN5zRqF5i7J1hdcdQeHSE2LUIaZXJlzHGFIWnZb4btGxwnSjlmNyHKASq
sNr9FSozVabSkuc4EIu5aZo8Q7cAx8/wl+zCO8GNxd7H7QABC5mR5y7GCa4tPSqe
ls49XRlLaHtzpUwOBZd897POaMIxTpcktDEhCDF3zUD0zT0qsbFaBGj3FEjdvnA7
DY2t5+S9/qs2IvY9QQERvArGUpJnm4RY98ixtHOhTadJ9F/sKAv8abS0IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZEEhcfTQYHWDlBP7v0ENca1R4zMB8GA1UdIwQY
MBaAFHZywP4INxdkBYxquF37Xc3BCfd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG5MQV9nZzNGMlFGakdxNFhmdGR6Y0VKOTM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOWYyZjYtMTkxZC00ZjBmLWEzYzQt
YzNjODBlNDcwNGU0LzEvOWtRU0Z4OU5CZ2RZT1VFX3VfUVExeHJWSGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOWYyZjYtMTkxZC00ZjBmLWEzYzQtYzNjODBlNDcwNGU0
LzEvZG5MQV9nZzNGMlFGakdxNFhmdGR6Y0VKOTM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSuRMA0G
CSqGSIb3DQEBCwUAA4IBAQAn/yToSfqptLmikqs1TRkirOlf/fiVhMf445rnO5Ua
+PDxCZNvHDVHThXt1cdHJQTW+Pum3Ns1OGCHtYR+cEKD89NeO1p+2biV1KngzYkL
DRsBYF5RSmanL1yliczextt1R2teFnmVQSznYOnBpttxLmnoRj+ToOw9Wt9KpcbI
UWwnJnLhNkH+tJ4LLYU5nedbs3D975gSQOC6xvQhuUd4/NI+B23FCRppf+xGJsPe
TXUtK5UQ4uHrMY4PL6UPVw4JfooX7Ev3wjhlzKQbmMg4eZaw5xbU3jRGzKaY6GLE
uiveAkdZmSYvddJZFOGtk1RdbIizXUdDI2SVKZf35Iu1
-----END CERTIFICATE-----