Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/QfrBASbGsV9PVtFSk_7UjwBcWEM.roa
File:                     QfrBASbGsV9PVtFSk_7UjwBcWEM.roa (raw, json)
Hash identifier:          rNxthRgt1V+JwXg506MlnxTxTgZ9hC5VywiRjKQezCo=
Subject key identifier:   41:FA:C1:01:26:C6:B1:5F:4F:56:D1:52:93:FE:D4:8F:00:5C:58:43
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01993D45A2CE6082A9696EC45918D7C03F8A
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/QfrBASbGsV9PVtFSk_7UjwBcWEM.roa
Signing time:             Fri 12 Sep 2025 09:33:17 +0000
ROA not before:           Fri 12 Sep 2025 09:33:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        45.155.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 06:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:45:a2:ce:60:82:a9:69:6e:c4:59:18:d7:c0:3f:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Sep 12 09:33:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41fac10126c6b15f4f56d15293fed48f005c5843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:4f:3b:f2:65:cc:c1:54:31:d2:84:cb:ad:8c:
                    02:7b:9c:34:86:4e:25:36:df:1f:6e:cd:51:9f:fb:
                    b2:45:67:f2:37:f1:5a:f1:50:dd:4c:2c:4e:fc:dc:
                    31:13:f7:64:7a:fd:b2:59:cf:57:ec:01:27:c7:03:
                    f4:74:ae:60:95:e4:3c:54:56:80:3a:a7:23:28:2a:
                    ee:38:bd:f4:40:a6:54:79:8b:f2:28:36:84:d3:c8:
                    39:d8:6a:14:45:60:6e:bc:ca:09:e4:a5:0d:07:0a:
                    b6:6c:49:08:d0:ce:e2:54:fe:c9:9c:00:fb:51:4c:
                    7c:b4:ee:fb:ae:c0:8e:75:26:0c:75:86:fa:b6:ef:
                    8d:79:1e:a8:5d:85:0e:97:07:e9:ee:a1:bd:5b:99:
                    76:bb:d2:e0:7b:db:ae:37:24:d1:95:ac:c8:8c:c6:
                    31:93:4a:7c:c4:54:17:67:80:51:cc:3d:b9:a0:b2:
                    23:60:ce:71:30:13:26:88:bb:cc:15:99:3c:f6:67:
                    62:4f:c0:53:03:ba:12:c4:20:c9:e2:44:59:6e:78:
                    75:e6:dd:cb:2d:18:5f:ff:8b:23:d5:7a:a1:d7:27:
                    39:4a:32:a6:a4:97:75:2f:a8:21:c3:77:f6:56:de:
                    9b:f6:52:fa:90:fa:af:0a:02:ae:bc:26:be:ec:09:
                    ad:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:FA:C1:01:26:C6:B1:5F:4F:56:D1:52:93:FE:D4:8F:00:5C:58:43
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/QfrBASbGsV9PVtFSk_7UjwBcWEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:d5:e8:b7:84:c0:3b:63:1b:ba:f5:d3:d6:ae:02:4d:a3:53:
         76:58:f0:25:c7:c1:88:de:21:37:c5:e0:e3:47:b1:fb:0e:b9:
         f0:f2:f0:21:42:54:cd:a7:82:f0:cf:a8:3e:74:a6:53:32:8e:
         a3:08:4e:de:23:1d:56:5d:80:68:33:53:ba:42:09:14:f3:1c:
         71:bf:e4:63:30:0b:f4:94:e9:e5:41:16:e8:70:fc:be:b7:dc:
         bd:98:74:41:f2:9d:ec:75:ee:aa:ad:ad:9e:9b:5c:d4:bb:13:
         fa:88:b1:a2:8e:24:3a:83:be:8f:d9:f4:0d:3d:ab:3f:0a:6c:
         5b:d5:26:24:f3:33:82:c7:63:05:9a:2a:93:19:15:46:d8:5d:
         3c:b0:84:cc:f1:42:30:7b:41:4b:43:85:cd:a9:81:9e:06:f9:
         f8:3c:aa:17:a6:d8:68:66:cd:15:c4:85:c7:e3:85:34:e0:9d:
         a7:fc:32:83:69:c5:1c:94:44:07:5a:b2:bd:e4:e6:10:7a:94:
         d9:73:b2:22:2b:3b:e8:4f:0f:86:13:68:0d:eb:15:68:cc:c8:
         38:cb:53:d8:09:d3:7e:58:c7:35:89:f6:59:cb:67:57:b1:99:
         5e:b3:7e:de:08:a5:ab:6f:69:2b:e8:de:d9:e5:e7:b2:1e:55:
         24:7c:a9:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk9RaLOYIKpaW7EWRjXwD+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwOTEyMDkzMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWZhYzEwMTI2YzZiMTVmNGY1NmQxNTI5M2ZlZDQ4ZjAwNWM1ODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0878mXMwVQx0oTLrYwCe5w0hk4l
Nt8fbs1Rn/uyRWfyN/Fa8VDdTCxO/NwxE/dkev2yWc9X7AEnxwP0dK5gleQ8VFaA
OqcjKCruOL30QKZUeYvyKDaE08g52GoURWBuvMoJ5KUNBwq2bEkI0M7iVP7JnAD7
UUx8tO77rsCOdSYMdYb6tu+NeR6oXYUOlwfp7qG9W5l2u9Lge9uuNyTRlazIjMYx
k0p8xFQXZ4BRzD25oLIjYM5xMBMmiLvMFZk89mdiT8BTA7oSxCDJ4kRZbnh15t3L
LRhf/4sj1Xqh1yc5SjKmpJd1L6ghw3f2Vt6b9lL6kPqvCgKuvCa+7Amt8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEH6wQEmxrFfT1bRUpP+1I8AXFhDMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvUWZyQkFTYkdzVjlQVnRGU2tfN1Vqd0JjV0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv+MA0G
CSqGSIb3DQEBCwUAA4IBAQCH1ei3hMA7Yxu69dPWrgJNo1N2WPAlx8GI3iE3xeDj
R7H7Drnw8vAhQlTNp4Lwz6g+dKZTMo6jCE7eIx1WXYBoM1O6QgkU8xxxv+RjMAv0
lOnlQRbocPy+t9y9mHRB8p3sde6qra2em1zUuxP6iLGijiQ6g76P2fQNPas/Cmxb
1SYk8zOCx2MFmiqTGRVG2F08sITM8UIwe0FLQ4XNqYGeBvn4PKoXpthoZs0VxIXH
44U04J2n/DKDacUclEQHWrK95OYQepTZc7IiKzvoTw+GE2gN6xVozMg4y1PYCdN+
WMc1ifZZy2dXsZles37eCKWrb2kr6N7Z5eeyHlUkfKmN
-----END CERTIFICATE-----