Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/SpwpOai_FtguiEb6EOg32FrVvwo.roa
File:                     SpwpOai_FtguiEb6EOg32FrVvwo.roa (raw, json)
Hash identifier:          HeWT4ZC3Atk3KoLa4nB04v2Zk03ppgVqDGcFZo3oFnU=
Subject key identifier:   4A:9C:29:39:A8:BF:16:D8:2E:88:46:FA:10:E8:37:D8:5A:D5:BF:0A
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       0198F15C05594E2D61B572AEA82D2E3F60F6
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/SpwpOai_FtguiEb6EOg32FrVvwo.roa
Signing time:             Thu 28 Aug 2025 15:46:36 +0000
ROA not before:           Thu 28 Aug 2025 15:46:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33651
IP address blocks:        138.226.48.0/21 maxlen: 21
                          138.226.64.0/20 maxlen: 20
                          138.226.112.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f1:5c:05:59:4e:2d:61:b5:72:ae:a8:2d:2e:3f:60:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Aug 28 15:46:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a9c2939a8bf16d82e8846fa10e837d85ad5bf0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:02:6a:5b:2e:31:44:ec:2d:6f:6a:d0:f4:9d:
                    e1:93:7c:eb:d8:29:54:56:34:bb:85:29:3e:7b:b7:
                    84:97:f2:f7:f9:ae:64:4f:6a:d1:e4:06:af:e4:a5:
                    36:e1:2e:da:0e:59:29:97:9e:ca:89:55:6e:95:c0:
                    43:cd:b9:6a:74:3a:27:41:d6:e9:a8:cd:5b:90:e9:
                    6f:97:43:82:68:90:63:33:94:a1:2a:a3:9b:26:a2:
                    62:4d:a7:e3:90:26:d4:87:a0:92:2c:4e:c1:cb:d1:
                    49:2d:3a:3c:c0:c7:06:4b:91:94:ba:0a:eb:58:88:
                    39:f4:2c:7d:21:68:3b:69:1b:0a:8d:97:6e:12:08:
                    1a:4d:2f:66:5e:33:e5:c9:1b:62:2e:2c:62:95:36:
                    72:25:80:4c:88:89:58:e6:14:e7:75:16:44:13:38:
                    08:ce:2c:2c:17:ed:44:24:c0:97:ad:df:4c:cb:6a:
                    c0:1a:9e:d4:c8:bc:68:da:d1:f3:aa:32:f8:68:f5:
                    f5:b8:3f:df:e5:2b:bb:b1:33:b8:27:61:ae:03:61:
                    17:52:05:d5:d2:89:44:92:36:4c:7e:f0:1d:0a:a4:
                    c7:33:ed:14:54:59:20:43:e6:52:8b:b4:54:22:3d:
                    2b:26:90:65:61:03:3c:f6:0f:fc:96:d7:3a:c9:4c:
                    37:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:9C:29:39:A8:BF:16:D8:2E:88:46:FA:10:E8:37:D8:5A:D5:BF:0A
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/SpwpOai_FtguiEb6EOg32FrVvwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.226.48.0/21
                  138.226.64.0/20
                  138.226.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         58:51:04:0a:a3:57:71:27:b2:5b:d1:fe:3f:65:39:50:e6:62:
         cb:0a:07:b7:14:6f:dc:62:8a:6d:c6:9b:21:d0:3d:96:2c:b6:
         f0:8e:b8:92:5f:2a:69:e5:be:94:e3:fa:96:5e:92:eb:04:d4:
         b5:86:ef:9e:ea:c1:23:2f:6f:26:96:07:98:2d:7f:20:8e:95:
         ca:62:ef:98:99:69:0f:4c:75:7a:5f:1f:44:47:26:aa:9a:72:
         7b:27:5a:1a:7f:03:33:ac:a9:b8:b3:ad:bf:69:51:ab:cb:6f:
         b4:dc:15:cf:71:f4:50:a4:dd:2e:a6:8d:37:5a:72:4b:cd:5f:
         43:8b:dd:ef:e0:7a:33:d4:e3:f6:27:bf:e6:51:b1:02:27:2a:
         0b:b9:d5:53:d2:97:1d:ea:36:4f:48:8c:0a:22:ee:1b:12:1b:
         76:79:e9:f9:f7:ad:b6:58:05:41:00:1d:13:c1:29:0b:7a:0a:
         40:b3:b1:bd:03:41:d3:4e:36:71:53:14:c0:c8:97:9e:42:d8:
         fc:38:ae:87:82:d0:5e:8a:ee:3b:27:14:82:95:f6:3c:99:41:
         c0:b7:26:c0:1d:dd:33:6d:28:7b:3d:e3:cc:53:15:93:c0:18:
         ac:20:16:6a:18:3d:65:ef:02:c5:c9:df:de:02:d1:43:de:3c:
         49:cd:fa:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZjxXAVZTi1htXKuqC0uP2D2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjUwODI4MTU0NjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTljMjkzOWE4YmYxNmQ4MmU4ODQ2ZmExMGU4MzdkODVhZDViZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gJqWy4xROwtb2rQ9J3hk3zr2ClU
VjS7hSk+e7eEl/L3+a5kT2rR5Aav5KU24S7aDlkpl57KiVVulcBDzblqdDonQdbp
qM1bkOlvl0OCaJBjM5ShKqObJqJiTafjkCbUh6CSLE7By9FJLTo8wMcGS5GUugrr
WIg59Cx9IWg7aRsKjZduEggaTS9mXjPlyRtiLixilTZyJYBMiIlY5hTndRZEEzgI
ziwsF+1EJMCXrd9My2rAGp7UyLxo2tHzqjL4aPX1uD/f5Su7sTO4J2GuA2EXUgXV
0olEkjZMfvAdCqTHM+0UVFkgQ+ZSi7RUIj0rJpBlYQM89g/8ltc6yUw31wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEqcKTmovxbYLohG+hDoN9ha1b8KMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvU3B3cE9haV9GdGd1aUViNkVPZzMyRnJWdndvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDiuIwAwQE
iuJAAwQDiuJwMA0GCSqGSIb3DQEBCwUAA4IBAQBYUQQKo1dxJ7Jb0f4/ZTlQ5mLL
Cge3FG/cYoptxpsh0D2WLLbwjriSXypp5b6U4/qWXpLrBNS1hu+e6sEjL28mlgeY
LX8gjpXKYu+YmWkPTHV6Xx9ERyaqmnJ7J1oafwMzrKm4s62/aVGry2+03BXPcfRQ
pN0upo03WnJLzV9Di93v4Hoz1OP2J7/mUbECJyoLudVT0pcd6jZPSIwKIu4bEht2
een59622WAVBAB0TwSkLegpAs7G9A0HTTjZxUxTAyJeeQtj8OK6HgtBeiu47JxSC
lfY8mUHAtybAHd0zbSh7PePMUxWTwBisIBZqGD1l7wLFyd/eAtFD3jxJzfrR
-----END CERTIFICATE-----