Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/7d2944-1ed6-4fcd-8c5c-77b4bbe35a9e/1/Rfx73to5lynfa5P988aJIcpZHW0.roa
File:                     Rfx73to5lynfa5P988aJIcpZHW0.roa (raw, json)
Hash identifier:          fb46D6K33gqqGx/M4AgtMP1UJSgJ24dkYkKRuFAfTRM=
Subject key identifier:   45:FC:7B:DE:DA:39:97:29:DF:6B:93:FD:F3:C6:89:21:CA:59:1D:6D
Certificate issuer:       /CN=bc6d2ed7794d3217cfaafe1cad53f755b82ce3a9
Certificate serial:       019420D5DA294FF2BC635C990FB7C6FEFB26
Authority key identifier: BC:6D:2E:D7:79:4D:32:17:CF:AA:FE:1C:AD:53:F7:55:B8:2C:E3:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vG0u13lNMhfPqv4crVP3Vbgs46k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/7d2944-1ed6-4fcd-8c5c-77b4bbe35a9e/1/Rfx73to5lynfa5P988aJIcpZHW0.roa
Signing time:             Wed 01 Jan 2025 07:47:53 +0000
ROA not before:           Wed 01 Jan 2025 07:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39668
IP address blocks:        89.35.128.0/24 maxlen: 24
                          185.132.172.0/22 maxlen: 22
                          2a09:4080::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/7d2944-1ed6-4fcd-8c5c-77b4bbe35a9e/1/vG0u13lNMhfPqv4crVP3Vbgs46k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/7d2944-1ed6-4fcd-8c5c-77b4bbe35a9e/1/vG0u13lNMhfPqv4crVP3Vbgs46k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vG0u13lNMhfPqv4crVP3Vbgs46k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:da:29:4f:f2:bc:63:5c:99:0f:b7:c6:fe:fb:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc6d2ed7794d3217cfaafe1cad53f755b82ce3a9
        Validity
            Not Before: Jan  1 07:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45fc7bdeda399729df6b93fdf3c68921ca591d6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f8:a9:24:c0:81:0d:9a:1e:c6:a2:f1:5f:f5:
                    5a:c0:6f:aa:66:4f:af:a8:3e:bd:00:c7:af:bd:bd:
                    f9:c0:43:b6:83:0b:63:3f:67:42:5e:ff:6a:81:07:
                    2f:53:14:c3:4b:c2:5b:49:b6:d8:91:43:d0:6c:9d:
                    b6:48:89:31:39:a1:87:c3:d0:3b:ae:67:b0:31:89:
                    1c:90:2d:0d:91:c0:f1:ab:62:90:26:b8:c1:e0:f2:
                    43:f8:42:76:51:74:b4:74:23:c1:0a:db:1c:12:01:
                    9c:d9:62:ba:38:54:3c:03:3d:8d:6a:9f:82:4a:86:
                    c8:52:b6:c5:e1:ba:9d:21:46:4e:b3:4c:b2:9a:7c:
                    df:35:90:07:3b:26:b3:50:5a:67:98:b7:82:38:0d:
                    3e:5f:bd:59:c9:6a:01:15:62:48:43:d0:17:36:b6:
                    50:d9:2b:dd:7c:2a:a1:08:e2:9a:c9:34:e3:6c:fd:
                    ce:8b:c3:9a:2b:a5:f4:35:99:47:06:5f:8e:1e:e5:
                    83:ff:16:88:83:53:d9:fc:4a:73:a2:6f:1e:2b:7e:
                    c0:fd:18:26:f5:fa:b8:2d:e4:f1:52:d2:b2:47:61:
                    4e:b8:0a:32:62:b1:56:08:58:41:b5:b6:75:b0:e3:
                    10:14:0c:d8:2f:72:76:d2:6a:9a:5e:e6:15:95:02:
                    95:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:FC:7B:DE:DA:39:97:29:DF:6B:93:FD:F3:C6:89:21:CA:59:1D:6D
            X509v3 Authority Key Identifier:
                keyid:BC:6D:2E:D7:79:4D:32:17:CF:AA:FE:1C:AD:53:F7:55:B8:2C:E3:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vG0u13lNMhfPqv4crVP3Vbgs46k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7d2944-1ed6-4fcd-8c5c-77b4bbe35a9e/1/Rfx73to5lynfa5P988aJIcpZHW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7d2944-1ed6-4fcd-8c5c-77b4bbe35a9e/1/vG0u13lNMhfPqv4crVP3Vbgs46k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.128.0/24
                  185.132.172.0/22
                IPv6:
                  2a09:4080::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:c5:af:dc:64:8e:01:8f:be:a2:fb:89:18:dd:d5:27:74:01:
         5b:bb:36:40:2e:0a:00:22:ae:11:87:1f:42:68:dc:17:78:79:
         6e:d3:61:03:a2:7e:a6:2d:4f:1f:b7:04:36:14:27:cf:66:cd:
         89:71:67:3f:10:0d:81:51:99:60:8a:b2:cf:fd:74:51:9e:20:
         92:c8:4c:37:da:70:64:46:ac:e7:6c:a5:c4:6c:a6:50:5f:6f:
         d4:25:58:2c:30:a8:3f:1e:a3:39:c0:4b:a2:48:b4:1d:ed:61:
         2e:ee:2c:57:46:d4:5e:06:51:7c:8a:b6:e3:18:b8:69:06:93:
         74:5f:9d:30:0a:02:2f:90:9d:1f:db:3c:a5:8e:0e:ad:b9:c3:
         67:93:99:16:29:ae:a9:24:61:f5:d2:e1:2c:19:d6:4d:24:50:
         da:ed:46:ac:0e:6c:78:39:57:cd:d7:a2:16:9b:50:84:3e:e4:
         95:1c:ec:49:e3:6b:d4:1c:60:a1:e5:7c:0c:3c:e1:39:7d:28:
         c1:d0:4b:86:76:07:3c:a2:92:ec:8f:cf:03:c0:ad:c5:f0:34:
         e0:1e:13:16:d5:aa:c3:7b:3b:47:8a:03:fa:1c:87:52:20:7a:
         8a:22:09:55:c2:e9:e3:e2:d1:11:b5:76:fe:16:03:b5:cf:0e:
         95:09:6e:4d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1dopT/K8Y1yZD7fG/vsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNmQyZWQ3Nzk0ZDMyMTdjZmFhZmUxY2FkNTNmNzU1Yjgy
Y2UzYTkwHhcNMjUwMTAxMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWZjN2JkZWRhMzk5NzI5ZGY2YjkzZmRmM2M2ODkyMWNhNTkxZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfipJMCBDZoexqLxX/VawG+qZk+v
qD69AMevvb35wEO2gwtjP2dCXv9qgQcvUxTDS8JbSbbYkUPQbJ22SIkxOaGHw9A7
rmewMYkckC0NkcDxq2KQJrjB4PJD+EJ2UXS0dCPBCtscEgGc2WK6OFQ8Az2Nap+C
SobIUrbF4bqdIUZOs0yymnzfNZAHOyazUFpnmLeCOA0+X71ZyWoBFWJIQ9AXNrZQ
2SvdfCqhCOKayTTjbP3Oi8OaK6X0NZlHBl+OHuWD/xaIg1PZ/Epzom8eK37A/Rgm
9fq4LeTxUtKyR2FOuAoyYrFWCFhBtbZ1sOMQFAzYL3J20mqaXuYVlQKVzQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEX8e97aOZcp32uT/fPGiSHKWR1tMB8GA1UdIwQY
MBaAFLxtLtd5TTIXz6r+HK1T91W4LOOpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkcwdTEzbE5NaGZQcXY0Y3JWUDNWYmdzNDZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83ZDI5NDQtMWVkNi00ZmNkLThjNWMt
NzdiNGJiZTM1YTllLzEvUmZ4NzN0bzVseW5mYTVQOTg4YUpJY3BaSFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83ZDI5NDQtMWVkNi00ZmNkLThjNWMtNzdiNGJiZTM1YTll
LzEvdkcwdTEzbE5NaGZQcXY0Y3JWUDNWYmdzNDZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAWSOAAwQC
uYSsMA0EAgACMAcDBQMqCUCAMA0GCSqGSIb3DQEBCwUAA4IBAQA2xa/cZI4Bj76i
+4kY3dUndAFbuzZALgoAIq4Rhx9CaNwXeHlu02EDon6mLU8ftwQ2FCfPZs2JcWc/
EA2BUZlgirLP/XRRniCSyEw32nBkRqznbKXEbKZQX2/UJVgsMKg/HqM5wEuiSLQd
7WEu7ixXRtReBlF8irbjGLhpBpN0X50wCgIvkJ0f2zyljg6tucNnk5kWKa6pJGH1
0uEsGdZNJFDa7UasDmx4OVfN16IWm1CEPuSVHOxJ42vUHGCh5XwMPOE5fSjB0EuG
dgc8opLsj88DwK3F8DTgHhMW1arDeztHigP6HIdSIHqKIglVwunj4tERtXb+FgO1
zw6VCW5N
-----END CERTIFICATE-----