Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/rDc-BbeC7z8Hr1Lie3DwLJ4Kh5E.roa
File:                     rDc-BbeC7z8Hr1Lie3DwLJ4Kh5E.roa (raw, json)
Hash identifier:          zTil+hreb/OiwpLR4xge1Ju/PjvabaGKYbWp7fnLB6E=
Subject key identifier:   AC:37:3E:05:B7:82:EF:3F:07:AF:52:E2:7B:70:F0:2C:9E:0A:87:91
Certificate issuer:       /CN=13e281475b7bf8d0fa1f669d5ad2de1635e8c04f
Certificate serial:       01986CB8D43F6222184AC02881C879EC106E
Authority key identifier: 13:E2:81:47:5B:7B:F8:D0:FA:1F:66:9D:5A:D2:DE:16:35:E8:C0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/rDc-BbeC7z8Hr1Lie3DwLJ4Kh5E.roa
Signing time:             Sat 02 Aug 2025 21:38:28 +0000
ROA not before:           Sat 02 Aug 2025 21:38:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        45.80.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6c:b8:d4:3f:62:22:18:4a:c0:28:81:c8:79:ec:10:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13e281475b7bf8d0fa1f669d5ad2de1635e8c04f
        Validity
            Not Before: Aug  2 21:38:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac373e05b782ef3f07af52e27b70f02c9e0a8791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:53:40:7b:b1:0f:c3:aa:95:be:29:0a:34:23:
                    4f:ff:c1:bd:ab:59:52:e2:21:45:54:4b:77:b0:c5:
                    f4:19:a2:b6:09:71:51:c5:9c:7a:2e:77:c8:b5:ed:
                    8d:8f:1d:55:49:df:8f:f6:41:54:06:b8:2b:c8:6d:
                    bd:c4:18:8b:6e:13:f4:2e:f4:ab:ab:10:c9:d3:f4:
                    90:37:8b:bb:b6:84:e9:eb:fc:8d:07:c9:6f:ad:f2:
                    e8:24:94:2c:91:e0:30:73:48:66:46:da:98:71:e0:
                    b6:a6:7d:30:0f:c1:a3:5c:eb:7d:76:6f:e0:8d:bf:
                    ca:83:29:48:f4:47:cf:34:28:5c:e3:6e:f2:44:29:
                    bb:04:46:ef:4c:ac:ec:dc:7b:83:f4:28:3f:ba:6d:
                    a2:80:ef:3a:95:1e:80:ae:e1:c1:fd:00:16:af:cb:
                    71:c2:e7:49:62:34:ed:ab:85:f5:e1:ac:50:99:3f:
                    79:39:b8:20:4e:0a:71:97:df:db:1b:14:6c:a2:c7:
                    8b:54:8d:dc:a6:4a:4f:10:09:43:b2:0b:9a:0f:3f:
                    a4:6b:52:71:04:22:cc:09:ca:09:f7:3c:db:1c:41:
                    0f:27:27:37:1a:f3:4b:85:19:29:90:11:9d:d3:57:
                    5b:ef:a3:0b:a2:c4:21:d8:b9:92:d3:3f:9e:6a:d7:
                    28:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:37:3E:05:B7:82:EF:3F:07:AF:52:E2:7B:70:F0:2C:9E:0A:87:91
            X509v3 Authority Key Identifier:
                keyid:13:E2:81:47:5B:7B:F8:D0:FA:1F:66:9D:5A:D2:DE:16:35:E8:C0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/rDc-BbeC7z8Hr1Lie3DwLJ4Kh5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:76:95:19:07:ba:c7:3c:64:9a:4f:b0:c7:81:3d:9e:69:3b:
         f8:c5:2a:89:e0:2b:b9:83:d4:d8:26:fa:df:b9:22:67:68:59:
         fa:54:a7:8e:aa:a7:16:b4:93:8f:5a:79:7d:48:91:34:ed:0a:
         bf:30:c7:2d:39:ec:f3:2f:65:2c:11:12:f5:0d:fe:50:38:21:
         74:cb:7f:36:50:fc:26:30:22:ea:5d:a4:14:0e:b7:82:23:57:
         de:6d:cf:45:cb:36:27:5f:6d:61:58:25:82:01:03:50:ba:dc:
         3a:1e:de:60:b4:7b:5c:50:92:af:6e:3d:0c:12:e2:81:95:ef:
         74:c2:89:29:23:2c:60:41:d5:27:ec:89:71:0d:e8:a5:c1:57:
         37:fa:68:50:5a:d7:6f:bc:d4:9f:f3:e4:81:1d:8d:cf:2b:77:
         69:1d:78:a9:3e:8a:8c:9d:3d:28:ec:f0:f3:5f:66:12:a6:59:
         9b:74:94:0c:81:48:d3:98:0e:d1:bb:f9:72:37:31:5c:83:8a:
         f7:73:e1:46:46:3a:31:79:38:2e:b7:92:c7:a8:f5:2a:d0:62:
         bb:4b:40:91:76:a7:50:df:40:9c:98:45:2b:3f:82:98:9d:f9:
         dc:16:80:24:24:7a:7b:7f:13:63:e2:fb:f5:2a:bf:9d:72:ad:
         55:9c:79:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhsuNQ/YiIYSsAogch57BBuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZTI4MTQ3NWI3YmY4ZDBmYTFmNjY5ZDVhZDJkZTE2MzVl
OGMwNGYwHhcNMjUwODAyMjEzODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzM3M2UwNWI3ODJlZjNmMDdhZjUyZTI3YjcwZjAyYzllMGE4NzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lNAe7EPw6qVvikKNCNP/8G9q1lS
4iFFVEt3sMX0GaK2CXFRxZx6LnfIte2Njx1VSd+P9kFUBrgryG29xBiLbhP0LvSr
qxDJ0/SQN4u7toTp6/yNB8lvrfLoJJQskeAwc0hmRtqYceC2pn0wD8GjXOt9dm/g
jb/KgylI9EfPNChc427yRCm7BEbvTKzs3HuD9Cg/um2igO86lR6AruHB/QAWr8tx
wudJYjTtq4X14axQmT95ObggTgpxl9/bGxRsoseLVI3cpkpPEAlDsguaDz+ka1Jx
BCLMCcoJ9zzbHEEPJyc3GvNLhRkpkBGd01db76MLosQh2LmS0z+eatcoNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKw3PgW3gu8/B69S4ntw8CyeCoeRMB8GA1UdIwQY
MBaAFBPigUdbe/jQ+h9mnVrS3hY16MBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1LQlIxdDctTkQ2SDJhZFd0TGVGalhvd0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8wNWI1ZDgtNDU0MS00OGE5LThjMGEt
NDRmZDA0MzkzZTJiLzEvckRjLUJiZUM3ejhIcjFMaWUzRHdMSjRLaDVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8wNWI1ZDgtNDU0MS00OGE5LThjMGEtNDRmZDA0MzkzZTJi
LzEvRS1LQlIxdDctTkQ2SDJhZFd0TGVGalhvd0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVAyMA0G
CSqGSIb3DQEBCwUAA4IBAQCvdpUZB7rHPGSaT7DHgT2eaTv4xSqJ4Cu5g9TYJvrf
uSJnaFn6VKeOqqcWtJOPWnl9SJE07Qq/MMctOezzL2UsERL1Df5QOCF0y382UPwm
MCLqXaQUDreCI1febc9FyzYnX21hWCWCAQNQutw6Ht5gtHtcUJKvbj0MEuKBle90
wokpIyxgQdUn7IlxDeilwVc3+mhQWtdvvNSf8+SBHY3PK3dpHXipPoqMnT0o7PDz
X2YSplmbdJQMgUjTmA7Ru/lyNzFcg4r3c+FGRjoxeTgut5LHqPUq0GK7S0CRdqdQ
30CcmEUrP4KYnfncFoAkJHp7fxNj4vv1Kr+dcq1VnHkd
-----END CERTIFICATE-----