Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aa30c8-157e-4844-8650-76803d82ce8e/1/P0W3X-yDwmL3jdWEyyFPblZWJ48.roa
File:                     P0W3X-yDwmL3jdWEyyFPblZWJ48.roa (raw, json)
Hash identifier:          1GBYTZrENIDaoy+I+yb47CXdH21TGrW0TYQJ2NR0pzo=
Subject key identifier:   3F:45:B7:5F:EC:83:C2:62:F7:8D:D5:84:CB:21:4F:6E:56:56:27:8F
Certificate issuer:       /CN=05352119b4ba4708f119e4d1fb4752bc881af493
Certificate serial:       019764843EE159B27C20146914797EE8733E
Authority key identifier: 05:35:21:19:B4:BA:47:08:F1:19:E4:D1:FB:47:52:BC:88:1A:F4:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTUhGbS6RwjxGeTR-0dSvIga9JM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aa30c8-157e-4844-8650-76803d82ce8e/1/P0W3X-yDwmL3jdWEyyFPblZWJ48.roa
Signing time:             Thu 12 Jun 2025 14:21:17 +0000
ROA not before:           Thu 12 Jun 2025 14:21:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197844
IP address blocks:        91.227.196.0/23 maxlen: 23
                          194.35.236.0/23 maxlen: 23
                          194.35.238.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aa30c8-157e-4844-8650-76803d82ce8e/1/BTUhGbS6RwjxGeTR-0dSvIga9JM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aa30c8-157e-4844-8650-76803d82ce8e/1/BTUhGbS6RwjxGeTR-0dSvIga9JM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTUhGbS6RwjxGeTR-0dSvIga9JM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:84:3e:e1:59:b2:7c:20:14:69:14:79:7e:e8:73:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05352119b4ba4708f119e4d1fb4752bc881af493
        Validity
            Not Before: Jun 12 14:21:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f45b75fec83c262f78dd584cb214f6e5656278f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f2:81:2d:62:e2:c5:ac:3e:92:50:19:8d:6b:
                    3c:e1:ed:92:a2:46:44:89:f8:75:a5:ee:c0:ba:06:
                    60:55:ae:1b:93:9a:a8:a5:f4:c3:08:ed:84:f5:05:
                    d9:8c:4a:b3:26:e0:fe:b6:52:78:26:6c:d0:cc:50:
                    e3:81:6d:e5:ee:9b:6f:65:1d:cf:c6:2d:c8:35:77:
                    7b:65:6e:4a:65:9b:00:a7:1e:d6:75:3d:ac:73:74:
                    33:d5:77:8d:87:e1:2e:c0:d5:28:3f:ab:50:73:3d:
                    ed:ca:d2:a4:9d:0a:dc:77:96:22:a8:b6:fd:87:62:
                    d0:a7:9e:38:fd:5b:04:65:0c:84:d5:8f:b0:85:96:
                    0e:a9:6c:7b:aa:0e:fd:36:8d:d5:56:e4:82:cd:ac:
                    f6:8c:d8:70:52:0b:0c:b2:ec:dc:16:3a:14:55:99:
                    f2:ed:bf:32:74:49:54:c3:4b:97:76:80:96:ea:1f:
                    e2:fd:fe:1a:91:9e:51:1d:fc:bf:38:af:32:e9:61:
                    aa:21:cc:ac:9d:a6:7d:4f:89:03:c7:50:87:a9:d2:
                    42:20:e0:77:da:77:e0:b5:26:37:5d:bb:da:e1:2c:
                    53:36:3a:65:12:01:a3:24:75:58:35:cd:60:81:bd:
                    54:8b:5c:9d:40:8d:c3:ea:b7:d3:30:68:16:b7:b3:
                    90:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:45:B7:5F:EC:83:C2:62:F7:8D:D5:84:CB:21:4F:6E:56:56:27:8F
            X509v3 Authority Key Identifier:
                keyid:05:35:21:19:B4:BA:47:08:F1:19:E4:D1:FB:47:52:BC:88:1A:F4:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTUhGbS6RwjxGeTR-0dSvIga9JM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aa30c8-157e-4844-8650-76803d82ce8e/1/P0W3X-yDwmL3jdWEyyFPblZWJ48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aa30c8-157e-4844-8650-76803d82ce8e/1/BTUhGbS6RwjxGeTR-0dSvIga9JM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.196.0/23
                  194.35.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:72:2a:d0:35:00:74:03:a5:4f:5e:f5:20:fb:6b:7f:21:19:
         08:c3:6a:6c:c9:7d:c6:27:3b:52:bd:68:07:df:43:71:bc:74:
         62:e7:7f:ce:27:2f:cd:bd:70:1a:e4:18:f2:76:08:45:33:0a:
         1a:75:59:af:70:0a:18:f4:8d:67:ea:a1:b2:cf:b9:0b:04:94:
         8a:84:2c:55:0a:06:53:07:01:eb:79:ad:ee:14:b6:32:6e:7c:
         22:cd:3b:b9:cc:73:b2:7f:80:bf:d8:e7:9f:bf:dc:be:a8:62:
         aa:b8:f6:8f:15:64:bb:3b:82:b7:61:de:f6:7f:78:47:9c:02:
         17:2e:97:28:49:1a:19:9e:2b:eb:8c:34:f3:ed:90:66:e1:50:
         c1:57:85:e5:17:06:74:b2:0f:a3:40:38:d7:fc:8c:d0:5b:af:
         db:60:57:d8:23:88:7f:73:8f:e6:cd:d4:f4:69:42:4f:87:8e:
         a8:8f:2b:65:b3:c0:91:e1:59:4c:1d:2d:1d:54:81:c1:0f:1e:
         55:7b:fb:d8:85:57:59:1b:ac:2f:99:24:e1:a4:91:b2:92:e0:
         bf:bf:34:c5:84:ec:e6:1f:d4:b8:66:2e:24:75:11:8c:11:f4:
         4f:4b:7b:62:b6:ef:38:91:4c:00:4e:34:26:ab:ea:d0:79:91:
         29:cd:9d:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdkhD7hWbJ8IBRpFHl+6HM+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzUyMTE5YjRiYTQ3MDhmMTE5ZTRkMWZiNDc1MmJjODgx
YWY0OTMwHhcNMjUwNjEyMTQyMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjQ1Yjc1ZmVjODNjMjYyZjc4ZGQ1ODRjYjIxNGY2ZTU2NTYyNzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPKBLWLixaw+klAZjWs84e2SokZE
ifh1pe7AugZgVa4bk5qopfTDCO2E9QXZjEqzJuD+tlJ4JmzQzFDjgW3l7ptvZR3P
xi3INXd7ZW5KZZsApx7WdT2sc3Qz1XeNh+EuwNUoP6tQcz3tytKknQrcd5YiqLb9
h2LQp544/VsEZQyE1Y+whZYOqWx7qg79No3VVuSCzaz2jNhwUgsMsuzcFjoUVZny
7b8ydElUw0uXdoCW6h/i/f4akZ5RHfy/OK8y6WGqIcysnaZ9T4kDx1CHqdJCIOB3
2nfgtSY3Xbva4SxTNjplEgGjJHVYNc1ggb1Ui1ydQI3D6rfTMGgWt7OQ7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD9Ft1/sg8Ji943VhMshT25WViePMB8GA1UdIwQY
MBaAFAU1IRm0ukcI8Rnk0ftHUryIGvSTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRVaEdiUzZSd2p4R2VUUi0wZFN2SWdhOUpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hYTMwYzgtMTU3ZS00ODQ0LTg2NTAt
NzY4MDNkODJjZThlLzEvUDBXM1gteUR3bUwzamRXRXl5RlBibFpXSjQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hYTMwYzgtMTU3ZS00ODQ0LTg2NTAtNzY4MDNkODJjZThl
LzEvQlRVaEdiUzZSd2p4R2VUUi0wZFN2SWdhOUpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+PEAwQC
wiPsMA0GCSqGSIb3DQEBCwUAA4IBAQCScirQNQB0A6VPXvUg+2t/IRkIw2psyX3G
JztSvWgH30NxvHRi53/OJy/NvXAa5BjydghFMwoadVmvcAoY9I1n6qGyz7kLBJSK
hCxVCgZTBwHrea3uFLYybnwizTu5zHOyf4C/2Oefv9y+qGKquPaPFWS7O4K3Yd72
f3hHnAIXLpcoSRoZnivrjDTz7ZBm4VDBV4XlFwZ0sg+jQDjX/IzQW6/bYFfYI4h/
c4/mzdT0aUJPh46ojytls8CR4VlMHS0dVIHBDx5Ve/vYhVdZG6wvmSThpJGykuC/
vzTFhOzmH9S4Zi4kdRGMEfRPS3titu84kUwATjQmq+rQeZEpzZ3I
-----END CERTIFICATE-----