Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/y3IgWEC6wOfcW2mB2big0GlRakQ.roa
File:                     y3IgWEC6wOfcW2mB2big0GlRakQ.roa (raw, json)
Hash identifier:          hgID1ZyHgm6d4cBPAeKq0y34fmPvZXXFjVqgin/MNVE=
Subject key identifier:   CB:72:20:58:40:BA:C0:E7:DC:5B:69:81:D9:B8:A0:D0:69:51:6A:44
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0197E921B0BD9C17342790A5982046FD3323
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/y3IgWEC6wOfcW2mB2big0GlRakQ.roa
Signing time:             Tue 08 Jul 2025 08:23:08 +0000
ROA not before:           Tue 08 Jul 2025 08:23:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.146.200.0/23 maxlen: 23
                          45.146.200.0/24 maxlen: 24
                          45.146.202.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 20:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:21:b0:bd:9c:17:34:27:90:a5:98:20:46:fd:33:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jul  8 08:23:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb72205840bac0e7dc5b6981d9b8a0d069516a44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a9:7c:80:d1:f1:78:62:51:49:05:1e:6d:e7:
                    32:1e:69:4a:4f:a6:73:60:ee:7f:c6:a9:2a:24:d8:
                    f9:d4:e7:db:29:a2:4e:b2:85:28:8c:61:10:8d:2a:
                    da:6e:f0:f0:64:9f:93:c7:82:2b:2a:80:3a:2a:be:
                    65:65:3b:0e:ff:3f:61:87:6f:2e:ef:ad:aa:74:07:
                    08:ee:52:3b:16:43:fd:56:b4:4c:ca:0e:53:ba:ce:
                    55:1b:c0:1b:e0:98:01:b2:8c:17:d9:81:40:d5:ce:
                    3f:72:76:43:1f:d2:5d:2c:bd:13:31:24:59:89:f8:
                    95:8f:5c:b7:69:b5:dd:26:dc:22:46:b8:43:32:3e:
                    5f:a4:2e:b7:e6:09:94:46:56:00:c3:e5:ab:d9:92:
                    60:40:5c:f1:23:06:b0:44:aa:5e:58:ef:4c:85:09:
                    71:cc:62:c2:84:a2:0a:fb:6b:06:09:88:f2:92:07:
                    34:c8:9d:24:e4:48:1a:a6:fd:f5:6b:6d:11:56:c4:
                    af:72:fa:62:4c:73:0c:a7:c0:d9:61:c3:58:c2:ae:
                    eb:a5:14:9c:ed:7a:f1:f7:c5:e6:6a:34:9a:af:8f:
                    80:25:e9:ac:ee:06:82:35:c9:9e:2f:bb:9a:f7:47:
                    24:a8:71:eb:42:7e:f9:3b:73:13:6a:6d:94:26:4c:
                    3b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:72:20:58:40:BA:C0:E7:DC:5B:69:81:D9:B8:A0:D0:69:51:6A:44
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/y3IgWEC6wOfcW2mB2big0GlRakQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:02:43:1a:8b:3b:ae:18:03:a6:62:0a:59:9a:93:a7:8b:59:
         33:77:30:45:b4:5d:e2:cd:5e:f3:ae:75:28:79:51:ef:c3:53:
         ac:d6:9a:48:e1:5c:a9:0f:ea:ba:be:88:b1:c1:b3:0b:6c:86:
         be:17:86:d3:16:9b:55:1f:3c:fb:1d:b4:45:d9:05:6f:26:1a:
         70:7f:36:32:9f:4f:5f:5b:4e:c1:3e:f7:29:83:57:da:75:08:
         86:2d:d3:d4:6e:3e:71:86:e4:0a:e9:1d:64:b9:40:53:45:4e:
         b3:95:b1:95:0e:fa:3d:11:fc:47:5d:79:ba:35:7c:76:38:c5:
         08:c4:b1:1b:92:54:55:b4:12:67:1c:56:a9:b1:0d:c5:06:9c:
         1c:01:e4:54:21:5e:ac:cf:98:aa:47:1d:94:bd:1d:b8:08:9d:
         df:a0:ec:d0:0d:f4:42:a5:b4:b2:1d:1d:c7:a9:0a:33:89:d1:
         13:d2:cd:08:41:c3:f2:e5:fa:bb:27:97:87:51:0f:9e:da:0d:
         f3:1a:41:ce:e8:4b:07:83:64:85:26:c7:5a:8a:a9:3a:26:f7:
         3b:88:ae:dd:50:fd:53:d0:d8:30:52:f0:6e:01:c7:56:6b:ea:
         d9:10:8d:17:be:ee:df:5d:41:2e:3c:c5:15:7e:9d:8e:6f:35:
         9c:32:cb:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfpIbC9nBc0J5ClmCBG/TMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwNzA4MDgyMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjcyMjA1ODQwYmFjMGU3ZGM1YjY5ODFkOWI4YTBkMDY5NTE2YTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKl8gNHxeGJRSQUebecyHmlKT6Zz
YO5/xqkqJNj51OfbKaJOsoUojGEQjSrabvDwZJ+Tx4IrKoA6Kr5lZTsO/z9hh28u
762qdAcI7lI7FkP9VrRMyg5Tus5VG8Ab4JgBsowX2YFA1c4/cnZDH9JdLL0TMSRZ
ifiVj1y3abXdJtwiRrhDMj5fpC635gmURlYAw+Wr2ZJgQFzxIwawRKpeWO9MhQlx
zGLChKIK+2sGCYjykgc0yJ0k5Egapv31a20RVsSvcvpiTHMMp8DZYcNYwq7rpRSc
7Xrx98XmajSar4+AJems7gaCNcmeL7ua90ckqHHrQn75O3MTam2UJkw7xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtyIFhAusDn3Ftpgdm4oNBpUWpEMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEveTNJZ1dFQzZ3T2ZjVzJtQjJiaWcwR2xSYWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZLIMA0G
CSqGSIb3DQEBCwUAA4IBAQA6AkMaizuuGAOmYgpZmpOni1kzdzBFtF3izV7zrnUo
eVHvw1Os1ppI4VypD+q6voixwbMLbIa+F4bTFptVHzz7HbRF2QVvJhpwfzYyn09f
W07BPvcpg1fadQiGLdPUbj5xhuQK6R1kuUBTRU6zlbGVDvo9EfxHXXm6NXx2OMUI
xLEbklRVtBJnHFapsQ3FBpwcAeRUIV6sz5iqRx2UvR24CJ3foOzQDfRCpbSyHR3H
qQozidET0s0IQcPy5fq7J5eHUQ+e2g3zGkHO6EsHg2SFJsdaiqk6Jvc7iK7dUP1T
0NgwUvBuAcdWa+rZEI0Xvu7fXUEuPMUVfp2ObzWcMsvV
-----END CERTIFICATE-----