Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qVrlvHs7gJ1vjwDEsfreonLx3os.roa
File:                     qVrlvHs7gJ1vjwDEsfreonLx3os.roa (raw, json)
Hash identifier:          fd3ZSvSPgpAvl764uNjevHrS24WI5aOYWj55i6E60q8=
Subject key identifier:   A9:5A:E5:BC:7B:3B:80:9D:6F:8F:00:C4:B1:FA:DE:A2:72:F1:DE:8B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01984B8CF577C5C96D190A7D69AD1E8A83ED
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qVrlvHs7gJ1vjwDEsfreonLx3os.roa
Signing time:             Sun 27 Jul 2025 11:03:05 +0000
ROA not before:           Sun 27 Jul 2025 11:03:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214957
IP address blocks:        94.183.162.0/24 maxlen: 24
                          94.183.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4b:8c:f5:77:c5:c9:6d:19:0a:7d:69:ad:1e:8a:83:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 27 11:03:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a95ae5bc7b3b809d6f8f00c4b1fadea272f1de8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7c:98:fc:48:36:5d:a5:13:3f:ac:8a:d1:cd:
                    cd:c5:01:39:48:f2:bc:ec:9c:98:06:d0:69:d6:59:
                    06:bb:9b:c5:27:7a:58:76:c5:e9:99:5c:94:12:2e:
                    27:0b:f4:39:d3:ac:9b:37:95:7e:c8:d3:4d:09:76:
                    19:e8:12:76:1d:e7:46:59:f0:87:81:9d:14:a0:2b:
                    06:ee:44:b5:b0:04:6f:07:01:fb:d1:91:99:83:46:
                    a9:3c:8b:77:b5:22:59:12:be:3f:6e:a5:8e:27:91:
                    00:a5:58:41:92:7b:92:54:47:43:c6:b1:04:b1:5b:
                    75:9e:ea:b0:98:b4:e7:8c:57:1b:ef:87:5e:3f:76:
                    86:b6:61:59:20:e4:31:aa:4f:11:a9:69:93:00:1b:
                    04:63:d7:68:49:23:3b:c9:b1:55:60:8a:0b:e5:c0:
                    79:63:0d:94:74:23:17:21:c2:fa:32:31:fe:b9:de:
                    29:10:79:86:7e:ab:51:4d:82:bb:9c:d8:ba:37:ed:
                    f4:60:d8:5d:46:38:d0:77:f2:3a:06:4b:be:5d:29:
                    9d:cd:3e:75:cb:4e:3f:ba:b8:91:14:e5:1b:90:8f:
                    26:6e:46:00:8d:4d:d6:0a:64:35:0e:ba:61:d8:30:
                    26:c7:ce:79:9e:31:7e:c4:0b:cb:fc:a5:d6:c3:20:
                    c2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:5A:E5:BC:7B:3B:80:9D:6F:8F:00:C4:B1:FA:DE:A2:72:F1:DE:8B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qVrlvHs7gJ1vjwDEsfreonLx3os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.183.162.0/24
                  94.183.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d2:81:0d:50:52:8c:2e:00:7d:3d:5a:b4:9f:11:5e:d1:fa:
         fc:cf:bd:b6:1a:ad:c4:0c:c4:50:45:7b:98:31:81:23:0e:8a:
         9a:d0:f1:75:b8:33:76:15:45:13:68:11:c3:cf:3a:fa:67:15:
         d8:f4:b1:f9:17:15:d9:a1:13:e4:02:95:40:d8:77:f1:01:d0:
         ed:db:8b:40:e4:70:c9:27:7b:52:c7:ee:6c:5d:0c:ce:9c:fa:
         e6:f9:e7:b6:58:e9:ac:d0:00:9b:b6:b0:50:75:00:70:7a:8f:
         16:24:69:72:ac:a4:f4:b0:84:84:ec:1b:89:77:93:ae:b7:a9:
         92:eb:ae:12:5d:52:40:7c:8b:bb:72:71:4c:77:2a:1a:69:59:
         3b:9b:9e:4a:71:b0:d5:77:22:a2:b5:67:34:88:d5:a8:f9:05:
         67:59:04:6c:3e:23:6e:58:cb:80:da:3c:a5:4f:ac:4a:91:06:
         60:0a:00:6d:09:73:da:fc:b4:cb:69:a6:a3:54:4d:bf:3c:ea:
         2c:3d:bd:68:75:cd:2b:c4:ee:bd:ab:b6:78:19:59:19:e6:b6:
         a2:ec:4e:2e:a8:76:a5:f9:40:a8:61:68:6e:c6:24:4b:33:c7:
         93:21:e4:6e:d3:eb:d1:97:3a:8e:4e:4f:7d:0f:fc:b9:fd:ad:
         11:4f:73:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhLjPV3xcltGQp9aa0eioPtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzI3MTEwMzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTVhZTViYzdiM2I4MDlkNmY4ZjAwYzRiMWZhZGVhMjcyZjFkZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnyY/Eg2XaUTP6yK0c3NxQE5SPK8
7JyYBtBp1lkGu5vFJ3pYdsXpmVyUEi4nC/Q506ybN5V+yNNNCXYZ6BJ2HedGWfCH
gZ0UoCsG7kS1sARvBwH70ZGZg0apPIt3tSJZEr4/bqWOJ5EApVhBknuSVEdDxrEE
sVt1nuqwmLTnjFcb74deP3aGtmFZIOQxqk8RqWmTABsEY9doSSM7ybFVYIoL5cB5
Yw2UdCMXIcL6MjH+ud4pEHmGfqtRTYK7nNi6N+30YNhdRjjQd/I6Bku+XSmdzT51
y04/uriRFOUbkI8mbkYAjU3WCmQ1Drph2DAmx855njF+xAvL/KXWwyDC+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKla5bx7O4Cdb48AxLH63qJy8d6LMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcVZybHZIczdnSjF2andERXNmcmVvbkx4M29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXreiAwQA
Xre0MA0GCSqGSIb3DQEBCwUAA4IBAQB80oENUFKMLgB9PVq0nxFe0fr8z722Gq3E
DMRQRXuYMYEjDoqa0PF1uDN2FUUTaBHDzzr6ZxXY9LH5FxXZoRPkApVA2HfxAdDt
24tA5HDJJ3tSx+5sXQzOnPrm+ee2WOms0ACbtrBQdQBweo8WJGlyrKT0sISE7BuJ
d5Out6mS664SXVJAfIu7cnFMdyoaaVk7m55KcbDVdyKitWc0iNWo+QVnWQRsPiNu
WMuA2jylT6xKkQZgCgBtCXPa/LTLaaajVE2/POosPb1odc0rxO69q7Z4GVkZ5rai
7E4uqHal+UCoYWhuxiRLM8eTIeRu0+vRlzqOTk99D/y5/a0RT3Nq
-----END CERTIFICATE-----