Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-P7HIg5JeqHjYIZAXfstwRc8rS4.roa
File:                     1-P7HIg5JeqHjYIZAXfstwRc8rS4.roa (raw, json)
Hash identifier:          rfWBq2o+X7+3NLxi+YEByLqJPY5EYKg+kyA5kFaeeMo=
Subject key identifier:   F8:FE:C7:22:0E:49:7A:A1:E3:60:86:40:5D:FB:2D:C1:17:3C:AD:2E
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01978785354168FF2198E85199B8FDCAD8F2
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-P7HIg5JeqHjYIZAXfstwRc8rS4.roa
Signing time:             Thu 19 Jun 2025 09:29:03 +0000
ROA not before:           Thu 19 Jun 2025 09:29:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153914
IP address blocks:        45.88.183.0/24 maxlen: 24
                          45.89.105.0/24 maxlen: 24
                          45.89.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:87:85:35:41:68:ff:21:98:e8:51:99:b8:fd:ca:d8:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jun 19 09:29:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8fec7220e497aa1e36086405dfb2dc1173cad2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:af:aa:57:e6:84:00:8a:0a:13:f3:f5:15:23:
                    d5:f8:76:03:61:54:ae:fb:5e:4a:79:41:6b:67:b1:
                    8a:16:91:0b:6a:eb:93:7d:7a:f1:96:51:80:25:04:
                    60:9c:57:02:b2:10:43:3a:4d:73:f1:96:e5:f7:e8:
                    b9:78:c0:69:c8:96:f0:e0:93:07:2d:db:eb:7f:57:
                    68:32:0c:6a:28:e7:cc:88:de:35:4f:6e:cc:8d:1f:
                    ea:c3:b5:3c:83:68:dd:68:32:68:21:38:9e:f0:fb:
                    cb:13:70:22:15:68:19:2c:73:5d:16:bc:81:2c:89:
                    97:d7:d4:40:57:91:ac:88:e8:50:18:69:cb:40:e4:
                    41:25:e4:ea:14:2b:48:f6:d7:21:df:fd:97:f7:ce:
                    80:e8:75:13:0a:e7:69:8e:4c:b6:41:0f:4e:b6:9d:
                    0d:80:f2:3e:5e:bc:59:64:50:bb:91:03:f5:98:c5:
                    bc:28:f2:5d:97:b8:19:bd:4c:8e:02:d8:19:40:a9:
                    ca:45:2f:1c:cb:ab:81:0c:f3:8f:c1:5a:76:38:e9:
                    94:25:0f:1e:4c:4f:a5:8e:61:4e:2d:e8:65:c8:2c:
                    a2:84:7d:e2:5e:2f:4e:4b:2f:71:4e:a2:76:aa:ee:
                    60:60:57:74:e9:62:61:64:30:06:f8:52:d8:cd:ba:
                    ae:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:FE:C7:22:0E:49:7A:A1:E3:60:86:40:5D:FB:2D:C1:17:3C:AD:2E
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/1-P7HIg5JeqHjYIZAXfstwRc8rS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.183.0/24
                  45.89.105.0-45.89.106.255

    Signature Algorithm: sha256WithRSAEncryption
         69:f8:11:0a:93:85:05:09:b4:72:ca:a2:db:b5:d5:28:c2:7d:
         b9:f9:0e:89:0a:3a:34:b7:73:ff:28:a7:f8:c9:14:73:8f:24:
         fc:7e:05:ec:91:56:87:8a:0d:23:d2:aa:a7:d3:36:6d:9b:66:
         60:53:a7:53:1d:84:fd:0f:ac:0b:99:79:2f:22:9f:d1:04:be:
         8b:42:7e:49:8f:6d:01:e5:78:d2:cf:e7:64:27:cd:d9:2c:f4:
         da:38:b4:17:95:ae:2f:c6:eb:7b:9f:2f:73:6a:48:21:b5:ca:
         ef:88:76:7d:0b:c8:fe:df:4e:37:66:a9:79:36:0b:30:28:c7:
         cd:a6:7c:27:85:94:e3:49:e7:44:66:e2:42:0a:34:3f:a2:3e:
         f9:06:35:16:f8:af:3d:ff:14:5a:8c:d4:e2:bc:8a:e3:7d:9d:
         bb:d2:f6:a9:7a:56:74:39:74:b7:86:de:a6:a5:f9:e8:af:6e:
         41:6a:7c:ef:b3:f8:0d:d3:72:1d:7a:f6:ba:31:e1:97:dd:ab:
         b3:2c:46:40:ab:84:33:59:92:54:bb:77:35:30:9e:2d:62:80:
         8e:46:3c:01:e7:a5:e1:55:79:e3:1f:79:f9:41:64:4e:10:f4:
         43:c2:93:75:0e:04:8f:d4:90:2e:96:97:30:a7:8e:fe:c5:0d:
         cb:ea:80:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZeHhTVBaP8hmOhRmbj9ytjyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwNjE5MDkyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGZlYzcyMjBlNDk3YWExZTM2MDg2NDA1ZGZiMmRjMTE3M2NhZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6+qV+aEAIoKE/P1FSPV+HYDYVSu
+15KeUFrZ7GKFpELauuTfXrxllGAJQRgnFcCshBDOk1z8Zbl9+i5eMBpyJbw4JMH
Ldvrf1doMgxqKOfMiN41T27MjR/qw7U8g2jdaDJoITie8PvLE3AiFWgZLHNdFryB
LImX19RAV5GsiOhQGGnLQORBJeTqFCtI9tch3/2X986A6HUTCudpjky2QQ9Otp0N
gPI+XrxZZFC7kQP1mMW8KPJdl7gZvUyOAtgZQKnKRS8cy6uBDPOPwVp2OOmUJQ8e
TE+ljmFOLehlyCyihH3iXi9OSy9xTqJ2qu5gYFd06WJhZDAG+FLYzbquNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPj+xyIOSXqh42CGQF37LcEXPK0uMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvMS1QN0hJZzVKZXFIallJWkFYZnN0d1JjOHJTNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvNzA0MDcxLThkYzAtNGVkNi05NDU3LWU4NjEyMWM1OTRk
Zi8xL1l2MjJkbFRmWVlUbjFneEJVT3FWTThMUGx3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAtBggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFAMEAC1YtzAM
AwQALVlpAwQALVlqMA0GCSqGSIb3DQEBCwUAA4IBAQBp+BEKk4UFCbRyyqLbtdUo
wn25+Q6JCjo0t3P/KKf4yRRzjyT8fgXskVaHig0j0qqn0zZtm2ZgU6dTHYT9D6wL
mXkvIp/RBL6LQn5Jj20B5XjSz+dkJ83ZLPTaOLQXla4vxut7ny9zakghtcrviHZ9
C8j+3043Zql5NgswKMfNpnwnhZTjSedEZuJCCjQ/oj75BjUW+K89/xRajNTivIrj
fZ270vapelZ0OXS3ht6mpfnor25Banzvs/gN03Ideva6MeGX3auzLEZAq4QzWZJU
u3c1MJ4tYoCORjwB56XhVXnjH3n5QWROEPRDwpN1DgSP1JAulpcwp47+xQ3L6oAW
-----END CERTIFICATE-----