Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/cuI5lIMGONC-zhkO0Br-gP7t3DM.roa
File:                     cuI5lIMGONC-zhkO0Br-gP7t3DM.roa (raw, json)
Hash identifier:          HgCokX5nX8AH6l8KDj8If1jUn+noyEm0cg4YnPECwI0=
Subject key identifier:   72:E2:39:94:83:06:38:D0:BE:CE:19:0E:D0:1A:FE:80:FE:ED:DC:33
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0198EB3966BADCBF8309D128D4D0C32334C5
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/cuI5lIMGONC-zhkO0Br-gP7t3DM.roa
Signing time:             Wed 27 Aug 2025 11:11:04 +0000
ROA not before:           Wed 27 Aug 2025 11:11:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138888
IP address blocks:        45.141.168.0/23 maxlen: 24
                          148.222.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:eb:39:66:ba:dc:bf:83:09:d1:28:d4:d0:c3:23:34:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Aug 27 11:11:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72e23994830638d0bece190ed01afe80feeddc33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:04:56:7c:db:d3:51:ae:61:f6:c9:51:a9:0e:
                    5d:2e:8e:6f:3a:fb:72:84:51:4d:ec:2b:d3:75:7e:
                    12:77:06:84:fc:69:5b:8f:3d:a8:16:a2:c3:ef:7a:
                    b6:ef:20:ed:ae:d2:2d:bf:2d:07:40:e6:1b:4e:e8:
                    ac:dd:1a:89:8f:32:38:43:7e:22:4d:64:a2:15:f4:
                    dd:ff:1b:cb:86:0a:b0:a0:bc:42:71:23:3a:d2:8d:
                    af:02:88:d9:eb:a3:a8:0f:14:2a:c5:ad:d8:5f:f6:
                    16:27:ea:dc:5e:e5:9d:d0:88:13:83:59:5b:30:3e:
                    3c:96:cc:4a:58:77:e9:91:70:53:43:df:67:56:17:
                    e4:d2:50:97:2d:93:fb:5b:01:c0:34:05:56:85:72:
                    b1:52:22:03:ce:e8:2d:cd:83:b6:98:94:98:9d:64:
                    76:11:e1:ee:25:f2:c0:8c:52:bb:fd:09:5c:36:ff:
                    7f:5a:eb:52:c6:bf:dd:05:70:06:32:37:6d:f6:25:
                    6f:7e:24:14:22:fc:b5:a7:0d:30:86:5e:43:7a:6b:
                    d4:0c:8e:1c:5f:25:48:f8:84:91:2e:09:d9:d8:fb:
                    f6:d2:81:00:99:58:b9:e2:70:25:dc:f4:35:6a:df:
                    fc:13:6e:4a:65:6b:dd:49:51:51:c7:3d:13:68:21:
                    7f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E2:39:94:83:06:38:D0:BE:CE:19:0E:D0:1A:FE:80:FE:ED:DC:33
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/cuI5lIMGONC-zhkO0Br-gP7t3DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.168.0/23
                  148.222.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:e8:65:4b:f8:f5:1a:c6:f1:b9:b3:dc:d8:61:3b:54:ba:5a:
         3c:20:29:b8:f6:56:98:86:7e:ef:58:df:6b:8b:83:74:c3:4d:
         63:f1:7e:97:80:07:e2:2c:3c:0e:4a:4a:c2:ac:a2:80:da:ba:
         ab:90:25:0a:0b:b2:a1:3f:fc:95:24:5b:32:f3:29:21:1d:25:
         fe:82:3d:fc:4e:d6:fd:a8:03:ad:cf:0b:a3:73:25:c5:8e:9b:
         24:f2:79:27:83:04:40:ad:48:ca:35:c9:41:d1:21:ae:b9:d2:
         0a:8e:25:9a:9c:f8:e4:22:7a:dc:7e:0d:c3:23:45:fe:ae:6c:
         2c:af:d5:fd:20:63:52:d0:21:5f:dc:23:f0:d5:80:08:cf:2c:
         44:02:91:c3:7b:a0:2a:59:80:8a:c9:5e:84:ab:d3:51:62:5b:
         3c:63:c1:89:c3:56:a2:ba:5f:02:86:6a:a4:67:f9:96:b2:ac:
         a7:54:a4:01:ae:44:c9:c7:4a:5b:b1:75:a5:2b:93:b7:41:ad:
         1b:9a:15:75:d0:c1:05:70:bd:09:33:bf:8f:95:be:47:b7:11:
         b3:24:ca:e1:28:63:d5:61:c6:48:73:ee:dd:fe:d2:fa:98:4e:
         2b:04:16:da:65:e1:ae:53:bd:c7:02:f8:a8:93:dd:20:77:1e:
         9e:9a:f8:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjrOWa63L+DCdEo1NDDIzTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwODI3MTExMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmUyMzk5NDgzMDYzOGQwYmVjZTE5MGVkMDFhZmU4MGZlZWRkYzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgRWfNvTUa5h9slRqQ5dLo5vOvty
hFFN7CvTdX4SdwaE/Glbjz2oFqLD73q27yDtrtItvy0HQOYbTuis3RqJjzI4Q34i
TWSiFfTd/xvLhgqwoLxCcSM60o2vAojZ66OoDxQqxa3YX/YWJ+rcXuWd0IgTg1lb
MD48lsxKWHfpkXBTQ99nVhfk0lCXLZP7WwHANAVWhXKxUiIDzugtzYO2mJSYnWR2
EeHuJfLAjFK7/QlcNv9/WutSxr/dBXAGMjdt9iVvfiQUIvy1pw0whl5DemvUDI4c
XyVI+ISRLgnZ2Pv20oEAmVi54nAl3PQ1at/8E25KZWvdSVFRxz0TaCF/lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHLiOZSDBjjQvs4ZDtAa/oD+7dwzMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvY3VJNWxJTUdPTkMtemhrTzBCci1nUDd0M0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLY2oAwQC
lN7wMA0GCSqGSIb3DQEBCwUAA4IBAQAK6GVL+PUaxvG5s9zYYTtUulo8ICm49laY
hn7vWN9ri4N0w01j8X6XgAfiLDwOSkrCrKKA2rqrkCUKC7KhP/yVJFsy8ykhHSX+
gj38Ttb9qAOtzwujcyXFjpsk8nkngwRArUjKNclB0SGuudIKjiWanPjkInrcfg3D
I0X+rmwsr9X9IGNS0CFf3CPw1YAIzyxEApHDe6AqWYCKyV6Eq9NRYls8Y8GJw1ai
ul8ChmqkZ/mWsqynVKQBrkTJx0pbsXWlK5O3Qa0bmhV10MEFcL0JM7+Plb5HtxGz
JMrhKGPVYcZIc+7d/tL6mE4rBBbaZeGuU73HAviok90gdx6emvha
-----END CERTIFICATE-----