Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/2KQAFYlh37b3rSq3n1HpcqN7OX4.roa
File:                     2KQAFYlh37b3rSq3n1HpcqN7OX4.roa (raw, json)
Hash identifier:          fKQe9gApd9PuwUIjzUrjhttueSQGoqtWJ/p1DHHYpjs=
Subject key identifier:   D8:A4:00:15:89:61:DF:B6:F7:AD:2A:B7:9F:51:E9:72:A3:7B:39:7E
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0197E921B1304CE9C4AE1C06D27D96E0B9A4
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/2KQAFYlh37b3rSq3n1HpcqN7OX4.roa
Signing time:             Tue 08 Jul 2025 08:23:08 +0000
ROA not before:           Tue 08 Jul 2025 08:23:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        45.146.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 20:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:21:b1:30:4c:e9:c4:ae:1c:06:d2:7d:96:e0:b9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jul  8 08:23:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8a400158961dfb6f7ad2ab79f51e972a37b397e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fd:ad:f4:35:63:1d:17:5b:34:50:2d:f9:5e:
                    e9:38:82:5b:62:82:cb:d7:d6:95:98:a4:3c:bf:35:
                    e2:e6:63:49:91:37:31:36:85:34:d7:5c:f9:4d:de:
                    71:3b:09:8e:27:54:c4:48:fd:26:20:e7:3d:7c:f7:
                    7d:68:d6:fc:60:4c:67:0c:9d:0f:ac:16:c9:38:9b:
                    57:c6:cf:57:c6:07:76:6d:07:b3:5b:23:7e:c9:ec:
                    52:8d:4a:57:0a:22:4c:76:87:db:d8:3d:8d:45:6d:
                    c8:e6:9f:a2:fe:67:b2:0b:fc:2a:38:97:d2:af:8a:
                    6a:de:3f:bf:9f:33:7e:8f:a6:dd:b1:d5:66:77:dd:
                    8d:b7:0e:11:83:32:88:44:5c:02:0e:16:4a:80:a2:
                    04:af:36:31:ea:28:60:1a:7f:e0:6e:1b:21:38:e2:
                    d5:40:1a:0e:c8:2f:d5:c6:82:cd:d1:6a:25:2b:aa:
                    bd:f2:3f:66:66:bf:07:f2:79:51:e6:4d:93:82:74:
                    c8:6d:1c:22:1b:70:03:0d:41:88:4f:ac:33:25:6c:
                    a1:28:3b:96:9c:70:1c:32:03:13:53:2a:58:c8:7f:
                    d3:ba:4d:cd:75:af:7e:bb:6d:81:57:b8:02:e1:63:
                    b0:f9:0d:ad:bc:21:94:64:40:d5:2f:61:c9:bd:59:
                    6d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A4:00:15:89:61:DF:B6:F7:AD:2A:B7:9F:51:E9:72:A3:7B:39:7E
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/2KQAFYlh37b3rSq3n1HpcqN7OX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:20:51:f5:6a:b4:1d:73:1f:e3:9f:ac:15:a7:4d:8b:fe:bf:
         26:51:ac:98:6d:e8:1a:fc:0f:7d:d7:c1:c0:d5:ed:b5:06:2a:
         37:c9:c1:7b:f6:d7:a4:c1:d5:c1:ac:76:85:fa:e7:7f:eb:11:
         90:2a:8f:f4:45:29:55:66:97:8d:01:97:5e:b7:ef:10:bb:71:
         0c:69:88:82:6d:c4:06:8d:0f:69:a5:87:68:1b:d5:83:2a:0c:
         fe:00:b8:d7:6e:bc:a7:74:d0:17:1b:73:88:7d:ff:52:b7:d0:
         02:fc:d5:2d:c2:fc:37:99:56:d6:4e:6c:b0:c2:a2:e9:db:9f:
         ee:7c:d6:2a:0b:43:e5:16:69:03:a7:df:7b:b2:30:a8:34:bc:
         24:06:e1:93:8d:b5:24:38:6c:7d:e0:cb:27:ce:52:bd:c0:48:
         09:a6:3b:9f:e5:69:a1:79:70:db:42:2e:84:38:67:ad:3f:25:
         4d:8d:12:b3:18:c2:0c:8a:71:3e:9d:b5:db:91:68:33:bd:87:
         41:67:1b:b3:80:15:b3:e7:de:33:24:a9:5d:ea:9a:c6:23:c0:
         cf:09:7e:73:78:f2:9d:73:c6:34:f9:40:7a:19:43:57:2a:ab:
         82:be:8d:5d:13:d1:48:3c:9a:b4:d8:5a:2d:38:fc:12:18:6b:
         bb:56:af:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfpIbEwTOnErhwG0n2W4LmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwNzA4MDgyMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE0MDAxNTg5NjFkZmI2ZjdhZDJhYjc5ZjUxZTk3MmEzN2IzOTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3P2t9DVjHRdbNFAt+V7pOIJbYoLL
19aVmKQ8vzXi5mNJkTcxNoU011z5Td5xOwmOJ1TESP0mIOc9fPd9aNb8YExnDJ0P
rBbJOJtXxs9Xxgd2bQezWyN+yexSjUpXCiJMdofb2D2NRW3I5p+i/meyC/wqOJfS
r4pq3j+/nzN+j6bdsdVmd92Ntw4RgzKIRFwCDhZKgKIErzYx6ihgGn/gbhshOOLV
QBoOyC/VxoLN0WolK6q98j9mZr8H8nlR5k2TgnTIbRwiG3ADDUGIT6wzJWyhKDuW
nHAcMgMTUypYyH/Tuk3Nda9+u22BV7gC4WOw+Q2tvCGUZEDVL2HJvVltDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNikABWJYd+2960qt59R6XKjezl+MB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvMktRQUZZbGgzN2IzclNxM24xSHBjcU43T1g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZLLMA0G
CSqGSIb3DQEBCwUAA4IBAQCsIFH1arQdcx/jn6wVp02L/r8mUayYbega/A9918HA
1e21Bio3ycF79tekwdXBrHaF+ud/6xGQKo/0RSlVZpeNAZdet+8Qu3EMaYiCbcQG
jQ9ppYdoG9WDKgz+ALjXbryndNAXG3OIff9St9AC/NUtwvw3mVbWTmywwqLp25/u
fNYqC0PlFmkDp997sjCoNLwkBuGTjbUkOGx94MsnzlK9wEgJpjuf5WmheXDbQi6E
OGetPyVNjRKzGMIMinE+nbXbkWgzvYdBZxuzgBWz594zJKld6prGI8DPCX5zePKd
c8Y0+UB6GUNXKquCvo1dE9FIPJq02FotOPwSGGu7Vq+D
-----END CERTIFICATE-----