Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/kQkp36SbEQB7MU7q6cnQaUoCZaM.roa
File:                     kQkp36SbEQB7MU7q6cnQaUoCZaM.roa (raw, json)
Hash identifier:          n6V1Zj2QKNcqa6JYQoxZObwJco51jIWrlQ6TKDXJI7w=
Subject key identifier:   91:09:29:DF:A4:9B:11:00:7B:31:4E:EA:E9:C9:D0:69:4A:02:65:A3
Certificate issuer:       /CN=464d733de81fbd486d442358e0c15370520f9312
Certificate serial:       01971C8BD25F0C531FE36002C68A7550A782
Authority key identifier: 46:4D:73:3D:E8:1F:BD:48:6D:44:23:58:E0:C1:53:70:52:0F:93:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rk1zPegfvUhtRCNY4MFTcFIPkxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/kQkp36SbEQB7MU7q6cnQaUoCZaM.roa
Signing time:             Thu 29 May 2025 14:56:54 +0000
ROA not before:           Thu 29 May 2025 14:56:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8241
IP address blocks:        195.146.64.0/19 maxlen: 19
                          213.181.0.0/20 maxlen: 20
                          213.181.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/Rk1zPegfvUhtRCNY4MFTcFIPkxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/Rk1zPegfvUhtRCNY4MFTcFIPkxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rk1zPegfvUhtRCNY4MFTcFIPkxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 00:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:8b:d2:5f:0c:53:1f:e3:60:02:c6:8a:75:50:a7:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464d733de81fbd486d442358e0c15370520f9312
        Validity
            Not Before: May 29 14:56:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=910929dfa49b11007b314eeae9c9d0694a0265a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:96:b3:09:25:f8:42:c0:28:98:9b:2e:dd:50:
                    f6:d1:ef:90:85:9c:91:32:37:f2:83:72:7c:26:48:
                    29:e7:58:52:80:18:11:c3:7e:f4:3a:ee:95:84:35:
                    04:07:3d:ff:b5:34:3a:40:47:e1:0a:22:6b:67:12:
                    1e:3a:91:6b:31:10:d3:46:5f:ec:75:fe:bb:de:56:
                    8c:19:b6:0f:e8:de:9e:2b:d2:a6:7a:78:c3:e6:12:
                    d7:83:4a:6a:f5:9f:51:b4:28:76:97:10:3a:94:4f:
                    24:92:e8:2c:ee:c0:93:70:df:84:8b:7b:df:32:c0:
                    c6:3b:ad:94:42:c0:51:d3:93:f9:04:cc:99:8a:a0:
                    f2:32:d2:1a:c2:cc:6a:52:f9:de:f5:2d:af:2a:67:
                    bd:d1:1e:90:8f:8f:80:a7:5d:82:62:3b:6a:e8:5e:
                    2b:9f:9a:ba:53:99:f5:43:49:ca:15:09:35:71:3b:
                    06:4a:1e:7d:bb:dc:58:d5:e4:b4:01:5e:c2:a6:8f:
                    0b:d9:69:7d:eb:46:c2:95:64:b1:06:88:04:ea:d7:
                    2c:21:9b:3e:83:0a:87:59:01:95:64:7f:6e:95:26:
                    be:50:c8:c9:47:cd:8b:c5:d7:94:4f:91:aa:d0:51:
                    1a:e3:5a:d7:15:61:a9:13:6d:15:63:1a:17:26:10:
                    1f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:09:29:DF:A4:9B:11:00:7B:31:4E:EA:E9:C9:D0:69:4A:02:65:A3
            X509v3 Authority Key Identifier:
                keyid:46:4D:73:3D:E8:1F:BD:48:6D:44:23:58:E0:C1:53:70:52:0F:93:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rk1zPegfvUhtRCNY4MFTcFIPkxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/kQkp36SbEQB7MU7q6cnQaUoCZaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d7ffed-6c1d-4131-950f-a49d1a006dc9/1/Rk1zPegfvUhtRCNY4MFTcFIPkxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.146.64.0/19
                  213.181.0.0-213.181.19.255

    Signature Algorithm: sha256WithRSAEncryption
         57:3b:8c:65:2b:bb:6d:ec:4c:e7:e6:59:3d:2f:e9:30:ac:a7:
         48:aa:57:34:c7:9a:30:47:d4:3d:32:84:39:59:c8:2f:a4:74:
         33:f9:cd:18:36:4f:e8:c1:d4:ab:00:14:25:1a:64:f0:73:05:
         02:7d:e9:45:9a:d0:f9:80:39:07:7c:b0:45:19:47:de:00:f6:
         07:d7:7f:06:a4:6b:35:b4:7d:aa:eb:fb:bc:7d:5e:75:d5:68:
         98:84:86:4a:9f:6a:64:4d:dd:de:b7:25:82:57:b4:ac:93:33:
         f7:32:27:6b:9e:02:c0:cb:4c:a7:ff:0a:f1:47:40:a6:6a:ab:
         1b:c2:94:18:aa:1d:91:e5:08:a2:d1:2c:ae:23:d5:da:1c:d6:
         09:1d:f2:f5:46:ad:58:91:fc:9f:a5:2c:a5:5e:bf:81:d2:a8:
         9c:91:55:02:ae:f2:c3:63:a1:f5:55:2a:7f:1f:08:2b:7f:ac:
         c1:2b:80:76:eb:90:23:55:ab:6e:33:86:96:b7:72:dc:54:d5:
         e1:ff:ac:5b:15:0f:2b:d5:7d:0e:45:75:4d:b6:ca:1e:b6:ec:
         4b:62:7a:cd:ee:ea:36:f4:ef:28:53:32:53:fc:4f:d1:0f:33:
         78:70:b1:fd:40:af:f3:a4:ab:2c:12:7f:6a:fc:c4:02:1b:02:
         82:fa:6f:01
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZcci9JfDFMf42ACxop1UKeCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NGQ3MzNkZTgxZmJkNDg2ZDQ0MjM1OGUwYzE1MzcwNTIw
ZjkzMTIwHhcNMjUwNTI5MTQ1NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTA5MjlkZmE0OWIxMTAwN2IzMTRlZWFlOWM5ZDA2OTRhMDI2NWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5azCSX4QsAomJsu3VD20e+QhZyR
Mjfyg3J8Jkgp51hSgBgRw370Ou6VhDUEBz3/tTQ6QEfhCiJrZxIeOpFrMRDTRl/s
df673laMGbYP6N6eK9KmenjD5hLXg0pq9Z9RtCh2lxA6lE8kkugs7sCTcN+Ei3vf
MsDGO62UQsBR05P5BMyZiqDyMtIawsxqUvne9S2vKme90R6Qj4+Ap12CYjtq6F4r
n5q6U5n1Q0nKFQk1cTsGSh59u9xY1eS0AV7Cpo8L2Wl960bClWSxBogE6tcsIZs+
gwqHWQGVZH9ulSa+UMjJR82LxdeUT5Gq0FEa41rXFWGpE20VYxoXJhAf/wIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFJEJKd+kmxEAezFO6unJ0GlKAmWjMB8GA1UdIwQY
MBaAFEZNcz3oH71IbUQjWODBU3BSD5MSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmsxelBlZ2Z2VWh0UkNOWTRNRlRjRklQa3hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9kN2ZmZWQtNmMxZC00MTMxLTk1MGYt
YTQ5ZDFhMDA2ZGM5LzEva1FrcDM2U2JFUUI3TVU3cTZjblFhVW9DWmFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9kN2ZmZWQtNmMxZC00MTMxLTk1MGYtYTQ5ZDFhMDA2ZGM5
LzEvUmsxelBlZ2Z2VWh0UkNOWTRNRlRjRklQa3hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwQFw5JAMAsD
AwDVtQMEAtW1EDANBgkqhkiG9w0BAQsFAAOCAQEAVzuMZSu7bexM5+ZZPS/pMKyn
SKpXNMeaMEfUPTKEOVnIL6R0M/nNGDZP6MHUqwAUJRpk8HMFAn3pRZrQ+YA5B3yw
RRlH3gD2B9d/BqRrNbR9quv7vH1eddVomISGSp9qZE3d3rclgle0rJMz9zIna54C
wMtMp/8K8UdApmqrG8KUGKodkeUIotEsriPV2hzWCR3y9UatWJH8n6UspV6/gdKo
nJFVAq7yw2Oh9VUqfx8IK3+swSuAduuQI1WrbjOGlrdy3FTV4f+sWxUPK9V9DkV1
TbbKHrbsS2J6ze7qNvTvKFMyU/xP0Q8zeHCx/UCv86SrLBJ/avzEAhsCgvpvAQ==
-----END CERTIFICATE-----