Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/F9Jr0wX27e1YaVoYxJRskkbbo_M.roa
File:                     F9Jr0wX27e1YaVoYxJRskkbbo_M.roa (raw, json)
Hash identifier:          yuu6YnKZ1NWNGWMDoBRRe/DZ1ru3hFi8sq7yEMn9tRw=
Subject key identifier:   17:D2:6B:D3:05:F6:ED:ED:58:69:5A:18:C4:94:6C:92:46:DB:A3:F3
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019889866BE375A1E7F86E57F989359B3C9A
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/F9Jr0wX27e1YaVoYxJRskkbbo_M.roa
Signing time:             Fri 08 Aug 2025 11:52:24 +0000
ROA not before:           Fri 08 Aug 2025 11:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213708
IP address blocks:        45.13.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:89:86:6b:e3:75:a1:e7:f8:6e:57:f9:89:35:9b:3c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Aug  8 11:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17d26bd305f6eded58695a18c4946c9246dba3f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ef:fb:95:7e:f6:82:23:c6:42:15:5b:9e:04:
                    10:19:17:2c:1f:29:3f:3b:4e:57:62:d1:f4:1e:44:
                    c0:70:71:81:0b:12:90:ee:d6:ba:b0:3d:90:ad:2c:
                    54:28:55:f4:1a:8b:5b:00:97:33:91:4d:07:57:0e:
                    b7:c9:2c:b2:d2:96:d0:6e:2f:47:1f:e8:b9:aa:37:
                    09:c4:3c:75:74:1f:34:ad:55:3b:cb:09:b1:b5:09:
                    ca:e3:ea:d1:8b:df:3a:6b:1c:c0:f8:13:c0:b1:47:
                    64:3d:2e:90:88:7f:a3:ca:d7:3d:4d:c8:61:21:1f:
                    1c:b2:bb:8e:52:8d:80:5d:84:05:63:10:b5:6b:a3:
                    ca:56:13:1d:61:88:6a:52:f8:51:18:05:44:52:80:
                    48:8f:8e:9e:9d:02:7b:39:dc:41:d9:9f:20:4a:92:
                    a8:31:7a:8c:6d:f2:f9:49:e8:65:4e:ba:3b:76:f8:
                    16:b8:a3:16:1c:11:8f:aa:2b:a4:b6:ae:ca:07:5f:
                    b2:65:af:dd:fe:7f:59:c9:6c:23:7e:61:8f:f0:90:
                    f8:f5:35:46:c1:22:96:31:c8:a4:47:17:47:2e:76:
                    1e:7c:64:6b:c6:ff:b2:0f:13:c5:99:d9:bf:b0:cd:
                    de:3c:8a:3b:82:f7:b2:4e:38:b2:57:a2:05:d0:b0:
                    be:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:D2:6B:D3:05:F6:ED:ED:58:69:5A:18:C4:94:6C:92:46:DB:A3:F3
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/F9Jr0wX27e1YaVoYxJRskkbbo_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:28:62:2a:da:b2:0a:44:a9:a8:ef:aa:6e:8f:1e:bb:15:31:
         4c:a0:13:be:43:97:c5:0a:a7:1a:31:eb:95:05:4a:9b:36:a2:
         7d:bd:d6:0f:b2:bd:6b:5c:e1:4c:9d:ab:7d:93:0d:e9:bb:15:
         f3:4b:ba:88:51:26:b1:f1:2a:95:15:bc:8a:a8:6c:fb:69:45:
         57:fb:a2:b2:12:56:77:3e:d8:91:a6:ff:77:1a:c8:c9:98:21:
         d8:31:8a:17:19:79:c3:4a:43:9f:42:a3:74:0c:7f:b5:4a:97:
         8c:1a:bc:ec:a7:b3:5d:f3:98:ca:a8:a1:19:8f:56:ff:e8:26:
         1d:19:d4:87:b1:ad:22:7c:71:21:c4:c3:93:7b:5c:0d:dc:8d:
         ac:6b:e9:cf:4b:92:f7:7e:ef:33:1a:bd:e6:7b:e1:32:7d:c3:
         c4:c5:79:05:ed:3f:53:62:93:1f:38:72:3d:de:0c:32:60:1b:
         1c:54:79:05:71:e2:1f:23:70:e4:4b:05:d8:b2:16:3a:d6:d5:
         3b:e0:0b:17:09:51:1f:52:67:93:e0:e9:b4:9c:af:9d:35:7c:
         96:bc:74:cb:6f:df:bf:9b:96:9e:0b:3e:80:5f:e1:6f:af:d2:
         02:ae:5c:53:78:ea:0f:7b:51:fe:80:f5:92:94:80:c5:23:00:
         59:28:71:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiJhmvjdaHn+G5X+Yk1mzyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwODA4MTE1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2QyNmJkMzA1ZjZlZGVkNTg2OTVhMThjNDk0NmM5MjQ2ZGJhM2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsu/7lX72giPGQhVbngQQGRcsHyk/
O05XYtH0HkTAcHGBCxKQ7ta6sD2QrSxUKFX0GotbAJczkU0HVw63ySyy0pbQbi9H
H+i5qjcJxDx1dB80rVU7ywmxtQnK4+rRi986axzA+BPAsUdkPS6QiH+jytc9Tchh
IR8csruOUo2AXYQFYxC1a6PKVhMdYYhqUvhRGAVEUoBIj46enQJ7OdxB2Z8gSpKo
MXqMbfL5SehlTro7dvgWuKMWHBGPqiuktq7KB1+yZa/d/n9ZyWwjfmGP8JD49TVG
wSKWMcikRxdHLnYefGRrxv+yDxPFmdm/sM3ePIo7gveyTjiyV6IF0LC+0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfSa9MF9u3tWGlaGMSUbJJG26PzMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvRjlKcjB3WDI3ZTFZYVZvWXhKUnNra2Jib19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ2+MA0G
CSqGSIb3DQEBCwUAA4IBAQBMKGIq2rIKRKmo76pujx67FTFMoBO+Q5fFCqcaMeuV
BUqbNqJ9vdYPsr1rXOFMnat9kw3puxXzS7qIUSax8SqVFbyKqGz7aUVX+6KyElZ3
PtiRpv93GsjJmCHYMYoXGXnDSkOfQqN0DH+1SpeMGrzsp7Nd85jKqKEZj1b/6CYd
GdSHsa0ifHEhxMOTe1wN3I2sa+nPS5L3fu8zGr3me+EyfcPExXkF7T9TYpMfOHI9
3gwyYBscVHkFceIfI3DkSwXYshY61tU74AsXCVEfUmeT4Om0nK+dNXyWvHTLb9+/
m5aeCz6AX+Fvr9ICrlxTeOoPe1H+gPWSlIDFIwBZKHH+
-----END CERTIFICATE-----