Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/2h4PGwruYpyJt3BQWtPQcsgNRNk.roa
File:                     2h4PGwruYpyJt3BQWtPQcsgNRNk.roa (raw, json)
Hash identifier:          QCNnPqGHtxqVOnwq21xOk8gMIvhO2BuPOm8i0r/ZWwk=
Subject key identifier:   DA:1E:0F:1B:0A:EE:62:9C:89:B7:70:50:5A:D3:D0:72:C8:0D:44:D9
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       0197F3EAAD61BB08D82ADD8BC420406B8692
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/2h4PGwruYpyJt3BQWtPQcsgNRNk.roa
Signing time:             Thu 10 Jul 2025 10:38:52 +0000
ROA not before:           Thu 10 Jul 2025 10:38:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397044
IP address blocks:        94.131.48.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:ea:ad:61:bb:08:d8:2a:dd:8b:c4:20:40:6b:86:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jul 10 10:38:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da1e0f1b0aee629c89b770505ad3d072c80d44d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:44:3e:a1:ec:45:d7:8b:27:20:45:2c:1a:3a:
                    8a:10:fc:be:59:cf:02:15:22:0b:f9:fd:96:cc:fa:
                    1e:fc:85:06:bb:88:65:b0:82:c3:97:e5:80:3b:22:
                    e6:fb:49:4e:fc:3a:62:40:56:8f:b7:1a:47:aa:18:
                    64:11:65:b0:46:00:b6:1f:07:e0:07:3f:8b:53:f4:
                    9e:91:9c:7c:09:78:51:a0:f7:a6:b8:90:01:36:a4:
                    d9:9e:e4:b4:e3:88:56:2e:5c:d3:5d:b8:ca:ea:b1:
                    df:42:ba:78:25:06:47:4f:09:5a:da:cd:a2:d5:db:
                    e5:a2:f7:29:77:59:20:8c:27:d3:07:ef:14:3b:93:
                    cb:df:60:38:b0:36:5b:73:7c:73:9c:64:f9:19:f0:
                    70:4e:73:74:e3:0e:b1:dd:6b:67:a1:b6:e5:3b:49:
                    d7:64:57:16:2d:19:6c:7b:f5:9a:a4:d4:4a:ba:ba:
                    52:22:f7:38:13:38:48:30:8e:32:1b:f3:c8:98:5d:
                    0d:d3:86:08:9e:64:9b:75:15:47:ff:1c:f7:5c:d7:
                    c8:cf:74:ce:0c:c0:22:42:ed:5c:25:13:23:23:26:
                    aa:7e:f8:56:79:b1:d2:f3:73:3e:a5:19:b0:e8:24:
                    f1:9a:de:89:ca:81:a1:55:98:49:b8:be:28:f6:de:
                    c4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:1E:0F:1B:0A:EE:62:9C:89:B7:70:50:5A:D3:D0:72:C8:0D:44:D9
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/2h4PGwruYpyJt3BQWtPQcsgNRNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         95:45:13:64:20:9d:d1:72:f4:aa:20:8a:ad:58:10:fb:41:04:
         f5:e8:4e:04:01:d0:78:31:d2:92:39:e5:51:db:4c:af:c3:a7:
         df:84:9a:38:f9:05:29:35:75:5c:4f:9d:f4:4b:ce:ce:76:98:
         07:a3:39:98:d1:5e:de:a5:df:54:32:22:56:fb:bf:f4:df:2a:
         27:aa:8f:d1:74:f3:61:a6:ab:75:6f:13:24:0e:5e:cb:9f:8b:
         ce:be:0e:fb:97:50:75:2c:19:04:34:54:e5:e9:d5:43:b7:24:
         eb:bc:b3:d2:ec:28:d0:d3:a6:91:f5:46:c0:3c:d3:5c:1f:47:
         db:95:e9:34:a1:52:1d:8c:7f:ec:f3:a7:42:f0:ce:27:b6:a7:
         07:30:48:8b:2a:e5:45:c8:73:9f:a6:3e:a5:94:71:e1:a8:eb:
         71:09:3f:87:84:ef:d7:48:0b:9f:ef:79:a9:ec:74:b5:62:1c:
         9a:99:29:09:5b:ca:82:1a:9e:93:31:a9:34:88:1f:d6:f9:d7:
         a7:f2:0c:20:d4:33:ce:89:10:4c:11:04:57:5e:4c:73:96:ed:
         8e:a9:11:bc:79:b8:78:14:f7:46:da:f7:33:e7:13:d6:5a:7f:
         8d:2d:62:d0:31:81:62:9a:ad:e9:de:19:e8:7f:e4:ac:b8:f1:
         91:90:cf:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfz6q1huwjYKt2LxCBAa4aSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwNzEwMTAzODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTFlMGYxYjBhZWU2MjljODliNzcwNTA1YWQzZDA3MmM4MGQ0NGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkQ+oexF14snIEUsGjqKEPy+Wc8C
FSIL+f2WzPoe/IUGu4hlsILDl+WAOyLm+0lO/DpiQFaPtxpHqhhkEWWwRgC2Hwfg
Bz+LU/SekZx8CXhRoPemuJABNqTZnuS044hWLlzTXbjK6rHfQrp4JQZHTwla2s2i
1dvlovcpd1kgjCfTB+8UO5PL32A4sDZbc3xznGT5GfBwTnN04w6x3WtnobblO0nX
ZFcWLRlse/WapNRKurpSIvc4EzhIMI4yG/PImF0N04YInmSbdRVH/xz3XNfIz3TO
DMAiQu1cJRMjIyaqfvhWebHS83M+pRmw6CTxmt6JyoGhVZhJuL4o9t7EAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoeDxsK7mKcibdwUFrT0HLIDUTZMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvMmg0UEd3cnVZcHlKdDNCUVd0UFFjc2dOUk5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXoMwMA0G
CSqGSIb3DQEBCwUAA4IBAQCVRRNkIJ3RcvSqIIqtWBD7QQT16E4EAdB4MdKSOeVR
20yvw6ffhJo4+QUpNXVcT530S87OdpgHozmY0V7epd9UMiJW+7/03yonqo/RdPNh
pqt1bxMkDl7Ln4vOvg77l1B1LBkENFTl6dVDtyTrvLPS7CjQ06aR9UbAPNNcH0fb
lek0oVIdjH/s86dC8M4ntqcHMEiLKuVFyHOfpj6llHHhqOtxCT+HhO/XSAuf73mp
7HS1YhyamSkJW8qCGp6TMak0iB/W+den8gwg1DPOiRBMEQRXXkxzlu2OqRG8ebh4
FPdG2vcz5xPWWn+NLWLQMYFimq3p3hnof+SsuPGRkM83
-----END CERTIFICATE-----