Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/Jv9ea6TjWXgvrL4UJOE0Y6J6Kzo.roa
File:                     Jv9ea6TjWXgvrL4UJOE0Y6J6Kzo.roa (raw, json)
Hash identifier:          vQZS+xG2DvESCsjLOI3ZeRzubYmodylcXb11ZuJ/VmA=
Subject key identifier:   26:FF:5E:6B:A4:E3:59:78:2F:AC:BE:14:24:E1:34:63:A2:7A:2B:3A
Certificate issuer:       /CN=3c1f14d37fbdc87ae7c9c7b9153eaea5d4c5549b
Certificate serial:       01973FDB2CAB97291227BD6C550865C6431F
Authority key identifier: 3C:1F:14:D3:7F:BD:C8:7A:E7:C9:C7:B9:15:3E:AE:A5:D4:C5:54:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PB8U03-9yHrnyce5FT6updTFVJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/Jv9ea6TjWXgvrL4UJOE0Y6J6Kzo.roa
Signing time:             Thu 05 Jun 2025 11:30:17 +0000
ROA not before:           Thu 05 Jun 2025 11:30:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215272
IP address blocks:        45.128.205.0/24 maxlen: 24
                          185.244.50.0/24 maxlen: 24
                          185.251.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/PB8U03-9yHrnyce5FT6updTFVJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/PB8U03-9yHrnyce5FT6updTFVJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PB8U03-9yHrnyce5FT6updTFVJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 17:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:db:2c:ab:97:29:12:27:bd:6c:55:08:65:c6:43:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c1f14d37fbdc87ae7c9c7b9153eaea5d4c5549b
        Validity
            Not Before: Jun  5 11:30:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26ff5e6ba4e359782facbe1424e13463a27a2b3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:92:b2:fb:9e:d3:67:9c:69:03:c3:47:ff:46:
                    3d:06:20:29:5b:02:06:a3:bf:e2:bb:b1:74:bf:f9:
                    26:b6:fc:a5:31:28:29:75:19:9b:de:30:c4:c1:17:
                    b0:86:72:36:aa:cd:b8:1b:4e:d7:fc:35:5c:fc:c5:
                    a8:79:aa:ed:f5:12:ca:15:c2:7c:f1:5d:d9:fb:e3:
                    c2:78:4b:1d:82:a3:16:63:26:ea:7e:68:27:91:ba:
                    10:e5:2a:39:2f:fe:f2:89:ab:0e:8f:54:35:0c:b2:
                    e1:85:a4:27:71:8a:00:93:d0:3f:f6:a9:27:aa:80:
                    53:6e:ef:14:37:99:d5:9f:a5:d0:e7:67:98:b2:4b:
                    8a:86:e1:2b:bf:f0:c8:71:4a:b3:db:95:23:94:61:
                    56:af:cc:01:54:a7:56:fc:20:c1:0d:30:91:22:eb:
                    26:cd:3b:bb:a1:b8:2e:30:e6:76:26:75:a4:77:6a:
                    4d:79:58:1f:0d:8b:a0:c5:86:1a:f2:6c:00:ce:e8:
                    75:03:1a:d7:34:a4:8b:b8:33:33:a9:2d:83:4b:df:
                    26:f1:0d:ea:5a:89:ab:1d:67:50:97:40:74:e0:73:
                    f9:b4:8f:e3:bf:88:2b:4c:44:be:37:46:f5:cd:08:
                    f6:14:be:02:ad:ec:4c:9f:d5:2b:0b:e3:a9:7f:3a:
                    32:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:FF:5E:6B:A4:E3:59:78:2F:AC:BE:14:24:E1:34:63:A2:7A:2B:3A
            X509v3 Authority Key Identifier:
                keyid:3C:1F:14:D3:7F:BD:C8:7A:E7:C9:C7:B9:15:3E:AE:A5:D4:C5:54:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PB8U03-9yHrnyce5FT6updTFVJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/Jv9ea6TjWXgvrL4UJOE0Y6J6Kzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/PB8U03-9yHrnyce5FT6updTFVJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.205.0/24
                  185.244.50.0/24
                  185.251.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:11:ab:fb:c4:7d:a1:fd:48:f1:2d:12:22:83:9c:80:89:20:
         4b:36:d5:3c:da:77:7a:68:ff:f2:1c:e1:1f:4a:e8:fd:9b:5c:
         63:9f:e5:76:4d:96:80:2f:37:5c:b3:eb:c2:60:af:26:ad:e3:
         cf:c1:55:22:0a:f9:73:80:67:dc:c2:7e:b6:48:c5:ef:cc:d6:
         02:04:af:f0:f0:18:97:e1:c8:d8:d1:75:b3:6a:67:2e:e1:cd:
         aa:b7:3e:f0:a4:c6:1e:73:77:86:bf:0b:81:15:2a:cc:5e:1f:
         32:73:fe:95:40:67:8d:9a:86:61:37:e2:b3:f4:92:2b:16:d2:
         98:2d:af:71:33:63:27:a5:17:19:af:87:e0:65:03:a5:8f:e7:
         32:47:37:87:31:1e:88:f8:94:c6:35:2c:90:f2:fe:08:ff:95:
         c8:74:0b:4c:31:80:96:2a:d3:9b:f0:5b:1b:f0:0e:12:dc:b0:
         df:53:25:26:3a:76:8c:8e:06:6a:27:d6:3e:f9:19:85:d9:68:
         d6:e8:a0:e7:e9:13:a2:d0:0d:72:8e:ed:cf:83:f2:89:0f:0d:
         e3:2f:c2:05:8c:51:bc:c2:cc:4c:64:bc:18:dc:f8:a4:c0:80:
         75:13:b1:46:72:e0:f6:dd:aa:09:49:7e:d8:d5:6f:60:5a:65:
         cb:73:bd:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZc/2yyrlykSJ71sVQhlxkMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMWYxNGQzN2ZiZGM4N2FlN2M5YzdiOTE1M2VhZWE1ZDRj
NTU0OWIwHhcNMjUwNjA1MTEzMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmZmNWU2YmE0ZTM1OTc4MmZhY2JlMTQyNGUxMzQ2M2EyN2EyYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5Ky+57TZ5xpA8NH/0Y9BiApWwIG
o7/iu7F0v/kmtvylMSgpdRmb3jDEwRewhnI2qs24G07X/DVc/MWoeart9RLKFcJ8
8V3Z++PCeEsdgqMWYybqfmgnkboQ5So5L/7yiasOj1Q1DLLhhaQncYoAk9A/9qkn
qoBTbu8UN5nVn6XQ52eYskuKhuErv/DIcUqz25UjlGFWr8wBVKdW/CDBDTCRIusm
zTu7obguMOZ2JnWkd2pNeVgfDYugxYYa8mwAzuh1AxrXNKSLuDMzqS2DS98m8Q3q
WomrHWdQl0B04HP5tI/jv4grTES+N0b1zQj2FL4CrexMn9UrC+OpfzoyEwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCb/Xmuk41l4L6y+FCThNGOieis6MB8GA1UdIwQY
MBaAFDwfFNN/vch658nHuRU+rqXUxVSbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEI4VTAzLTl5SHJueWNlNUZUNnVwZFRGVkpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMWI3NGMtMTZhYy00ODMxLWI2YzUt
ZjFjNmJmMWU0YmE3LzEvSnY5ZWE2VGpXWGd2ckw0VUpPRTBZNko2S3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMWI3NGMtMTZhYy00ODMxLWI2YzUtZjFjNmJmMWU0YmE3
LzEvUEI4VTAzLTl5SHJueWNlNUZUNnVwZFRGVkpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYDNAwQA
ufQyAwQAufsmMA0GCSqGSIb3DQEBCwUAA4IBAQCFEav7xH2h/UjxLRIig5yAiSBL
NtU82nd6aP/yHOEfSuj9m1xjn+V2TZaALzdcs+vCYK8mrePPwVUiCvlzgGfcwn62
SMXvzNYCBK/w8BiX4cjY0XWzamcu4c2qtz7wpMYec3eGvwuBFSrMXh8yc/6VQGeN
moZhN+Kz9JIrFtKYLa9xM2MnpRcZr4fgZQOlj+cyRzeHMR6I+JTGNSyQ8v4I/5XI
dAtMMYCWKtOb8Fsb8A4S3LDfUyUmOnaMjgZqJ9Y++RmF2WjW6KDn6ROi0A1yju3P
g/KJDw3jL8IFjFG8wsxMZLwY3PikwIB1E7FGcuD23aoJSX7Y1W9gWmXLc71k
-----END CERTIFICATE-----