Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/AdhQM9alSm15c2qoWl7pYd72JgI.roa
File:                     AdhQM9alSm15c2qoWl7pYd72JgI.roa (raw, json)
Hash identifier:          o/6/N2TtwlLf19lCWOUT/UQzvyMt2hIqHd+9YXOaPik=
Subject key identifier:   01:D8:50:33:D6:A5:4A:6D:79:73:6A:A8:5A:5E:E9:61:DE:F6:26:02
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0197C45C157CA62A14FF552E8285651486C1
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/AdhQM9alSm15c2qoWl7pYd72JgI.roa
Signing time:             Tue 01 Jul 2025 05:00:58 +0000
ROA not before:           Tue 01 Jul 2025 05:00:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        45.146.200.0/24 maxlen: 24
                          45.146.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:5c:15:7c:a6:2a:14:ff:55:2e:82:85:65:14:86:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jul  1 05:00:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01d85033d6a54a6d79736aa85a5ee961def62602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:bc:cb:33:e9:f6:b4:9d:0d:4e:80:87:fa:89:
                    14:bc:e4:45:43:ef:72:e6:bd:9a:4b:e2:4f:a6:02:
                    e3:91:17:85:49:16:fa:36:35:8c:92:db:3a:d8:1d:
                    45:ec:36:93:44:59:f6:4c:8e:29:dd:87:b3:2d:13:
                    25:4f:54:f9:e5:46:c4:75:a9:46:bf:8f:e9:1a:dd:
                    b9:8c:44:72:28:89:0f:a2:40:bb:ec:f8:d4:b0:d5:
                    bd:3f:d1:1a:81:56:b5:eb:d0:1f:5e:8d:56:40:f8:
                    62:16:50:6e:9b:b8:ac:38:49:f8:89:b1:d7:04:2c:
                    cc:13:4a:e7:ef:de:79:ce:7b:85:0c:37:83:03:bb:
                    61:1e:b4:c8:be:72:5e:e5:be:95:8a:90:0b:47:2a:
                    15:a7:d3:14:3c:5e:a2:91:37:f3:9a:ca:3f:27:29:
                    c6:ab:fe:46:d8:54:cd:af:db:a8:68:fd:8f:13:8e:
                    c5:ea:f6:d9:c4:2b:da:83:d0:ca:cb:b7:99:82:76:
                    72:ff:dc:95:7e:4e:8e:85:fd:1b:3f:ed:06:76:d2:
                    98:05:5b:99:f5:91:d0:9e:1f:3d:99:2f:0d:f1:6d:
                    f9:50:9d:d6:9a:03:d0:5b:5b:16:bc:01:01:ac:2c:
                    58:3a:10:e5:61:a9:0e:e9:37:2a:8e:f8:6d:02:e1:
                    4a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:D8:50:33:D6:A5:4A:6D:79:73:6A:A8:5A:5E:E9:61:DE:F6:26:02
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/AdhQM9alSm15c2qoWl7pYd72JgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/24
                  45.146.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:e4:97:ff:75:b0:35:45:ee:08:b4:a5:2e:73:b7:86:16:23:
         a2:21:13:64:6e:36:b2:14:29:81:37:a8:78:f5:27:41:d1:1f:
         e3:60:1e:ef:fe:f7:7d:8d:02:b0:bd:f5:01:45:ca:ea:53:1f:
         70:dc:c7:f2:1c:00:5e:1f:1b:30:e9:76:27:f6:94:87:5f:4b:
         31:0a:b7:1b:29:50:26:01:57:c9:4d:02:e7:33:4f:b1:02:69:
         6f:4b:76:14:bb:08:5f:dd:03:f0:d6:9f:04:00:99:d9:30:7e:
         81:78:fe:58:f5:63:7d:42:73:ad:ce:f2:59:39:b7:fe:b0:9f:
         5b:3c:75:a5:bd:cd:cc:44:62:b4:62:46:91:68:5b:39:6e:8d:
         53:50:52:2c:90:10:8a:ca:1f:f2:41:59:ba:41:8a:10:5d:b7:
         cd:81:6b:db:6e:67:21:04:46:4c:06:9b:8f:01:76:db:2b:76:
         d1:3a:15:de:ae:93:52:87:5d:8e:e5:e0:9c:9f:84:f1:6e:28:
         8e:9b:5f:ce:33:4f:ba:3e:ab:bd:c1:e1:5c:2c:29:b4:ac:1a:
         04:5a:35:12:c5:62:73:04:05:8b:a0:37:b9:a4:a6:7c:67:5a:
         f2:48:c7:28:27:81:54:ed:e9:8e:97:1d:14:82:2e:f8:d6:f1:
         6f:ea:ba:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfEXBV8pioU/1UugoVlFIbBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwNzAxMDUwMDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWQ4NTAzM2Q2YTU0YTZkNzk3MzZhYTg1YTVlZTk2MWRlZjYyNjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bzLM+n2tJ0NToCH+okUvORFQ+9y
5r2aS+JPpgLjkReFSRb6NjWMkts62B1F7DaTRFn2TI4p3YezLRMlT1T55UbEdalG
v4/pGt25jERyKIkPokC77PjUsNW9P9EagVa169AfXo1WQPhiFlBum7isOEn4ibHX
BCzME0rn7955znuFDDeDA7thHrTIvnJe5b6VipALRyoVp9MUPF6ikTfzmso/JynG
q/5G2FTNr9uoaP2PE47F6vbZxCvag9DKy7eZgnZy/9yVfk6Ohf0bP+0GdtKYBVuZ
9ZHQnh89mS8N8W35UJ3WmgPQW1sWvAEBrCxYOhDlYakO6TcqjvhtAuFK4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAHYUDPWpUpteXNqqFpe6WHe9iYCMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvQWRoUU05YWxTbTE1YzJxb1dsN3BZZDcySmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZLIAwQA
LZLLMA0GCSqGSIb3DQEBCwUAA4IBAQBT5Jf/dbA1Re4ItKUuc7eGFiOiIRNkbjay
FCmBN6h49SdB0R/jYB7v/vd9jQKwvfUBRcrqUx9w3MfyHABeHxsw6XYn9pSHX0sx
CrcbKVAmAVfJTQLnM0+xAmlvS3YUuwhf3QPw1p8EAJnZMH6BeP5Y9WN9QnOtzvJZ
Obf+sJ9bPHWlvc3MRGK0YkaRaFs5bo1TUFIskBCKyh/yQVm6QYoQXbfNgWvbbmch
BEZMBpuPAXbbK3bROhXerpNSh12O5eCcn4TxbiiOm1/OM0+6Pqu9weFcLCm0rBoE
WjUSxWJzBAWLoDe5pKZ8Z1rySMcoJ4FU7emOlx0Ugi741vFv6rrk
-----END CERTIFICATE-----