Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/1-78e97Jrk9Uh_jE37kqFne1h0ac.roa
File:                     1-78e97Jrk9Uh_jE37kqFne1h0ac.roa (raw, json)
Hash identifier:          z20HWJG9MeJX/qHD5qtfUrm0n+lWcEMp1qD7mshzZJo=
Subject key identifier:   FB:BF:1E:F7:B2:6B:93:D5:21:FE:31:37:EE:4A:85:9D:ED:61:D1:A7
Certificate issuer:       /CN=4ce90379bd8d04374b3adef060d51ae215710935
Certificate serial:       01990A8B28ED346E8C846976C75211C15B4F
Authority key identifier: 4C:E9:03:79:BD:8D:04:37:4B:3A:DE:F0:60:D5:1A:E2:15:71:09:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TOkDeb2NBDdLOt7wYNUa4hVxCTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/1-78e97Jrk9Uh_jE37kqFne1h0ac.roa
Signing time:             Tue 02 Sep 2025 13:08:36 +0000
ROA not before:           Tue 02 Sep 2025 13:08:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206658
IP address blocks:        45.137.232.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/TOkDeb2NBDdLOt7wYNUa4hVxCTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/TOkDeb2NBDdLOt7wYNUa4hVxCTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TOkDeb2NBDdLOt7wYNUa4hVxCTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:8b:28:ed:34:6e:8c:84:69:76:c7:52:11:c1:5b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ce90379bd8d04374b3adef060d51ae215710935
        Validity
            Not Before: Sep  2 13:08:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbbf1ef7b26b93d521fe3137ee4a859ded61d1a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f0:71:8e:5f:43:18:be:61:95:8c:93:72:28:
                    53:f6:16:7c:03:00:9a:33:73:d3:5a:c7:f2:9f:24:
                    dd:fc:39:31:46:12:5c:d7:a4:e2:ef:0a:44:97:a3:
                    54:fd:e2:8b:a7:ff:59:55:a5:c8:cf:29:db:62:18:
                    6b:c6:cf:a3:3b:6b:a8:88:3f:22:4a:f8:d3:5a:91:
                    65:80:4a:ee:15:ac:49:70:7a:d5:a5:93:97:23:04:
                    28:af:05:86:dc:b5:59:51:48:30:5b:27:7d:c3:5e:
                    dc:7a:6f:fe:20:45:4f:25:89:61:d0:3f:30:b2:42:
                    d9:d0:90:52:be:65:10:5d:33:3a:92:e0:f5:68:99:
                    ab:7c:5b:a1:2d:32:a2:49:82:a9:80:38:e1:b5:22:
                    9c:a6:62:25:91:4a:58:d5:8f:9c:04:9e:1b:71:21:
                    5b:c3:3c:8c:a8:fc:cb:a8:1f:95:2d:38:c5:52:35:
                    29:5b:14:10:47:eb:5f:a0:5a:57:51:60:23:6f:7f:
                    74:57:b1:cc:b4:21:73:30:f2:7a:7d:3d:65:63:8a:
                    c7:9b:9c:21:13:25:85:b4:26:ac:d7:08:38:19:a2:
                    39:fe:0a:44:c1:e8:8c:b0:38:ef:13:9f:9e:f4:fe:
                    05:fb:ae:13:5b:99:b6:95:42:3c:96:27:5b:f3:a4:
                    30:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:BF:1E:F7:B2:6B:93:D5:21:FE:31:37:EE:4A:85:9D:ED:61:D1:A7
            X509v3 Authority Key Identifier:
                keyid:4C:E9:03:79:BD:8D:04:37:4B:3A:DE:F0:60:D5:1A:E2:15:71:09:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TOkDeb2NBDdLOt7wYNUa4hVxCTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/1-78e97Jrk9Uh_jE37kqFne1h0ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/TOkDeb2NBDdLOt7wYNUa4hVxCTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:e0:e1:d9:88:2d:f4:91:a8:b6:83:fa:96:a9:f5:27:e1:6f:
         be:2a:94:85:6b:e6:b4:bf:a3:66:15:4a:0b:1f:21:a1:1d:ad:
         0d:b7:31:1f:4f:fb:ef:e0:36:88:80:2a:30:55:e1:40:f9:3a:
         90:d0:a3:44:62:21:68:9f:a1:73:90:ae:7f:c8:e6:7a:d6:1f:
         22:49:88:51:74:57:3f:cc:59:d7:38:c2:e4:50:cc:82:f2:dd:
         db:fd:0d:a5:26:25:d7:8d:4d:4f:7d:c2:a7:94:f7:ea:ba:57:
         f0:b8:78:82:86:3a:92:93:6d:88:e7:ff:65:23:c3:1d:96:79:
         8f:85:4d:f9:f9:22:63:23:14:ea:d5:12:53:51:2c:e2:e9:55:
         fc:4b:a3:68:9d:f0:d7:05:0e:81:e8:ef:3b:0c:d3:22:f0:9b:
         a9:a5:18:1f:27:89:57:e1:a8:74:03:f1:2b:bb:07:0e:69:c6:
         3c:15:d8:e9:78:da:f7:78:70:f5:41:96:31:f9:ac:87:cb:e9:
         6d:85:72:e2:54:17:0a:a8:bc:b1:a6:5b:ac:e1:dd:b2:9c:3e:
         70:67:35:b9:80:12:4e:ae:5d:ed:b5:35:b8:cb:80:80:22:5c:
         c1:aa:16:48:de:cb:2c:7e:c1:f6:71:f7:10:f0:39:3e:cf:e8:
         93:e0:94:bc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkKiyjtNG6MhGl2x1IRwVtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZTkwMzc5YmQ4ZDA0Mzc0YjNhZGVmMDYwZDUxYWUyMTU3
MTA5MzUwHhcNMjUwOTAyMTMwODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmJmMWVmN2IyNmI5M2Q1MjFmZTMxMzdlZTRhODU5ZGVkNjFkMWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvBxjl9DGL5hlYyTcihT9hZ8AwCa
M3PTWsfynyTd/DkxRhJc16Ti7wpEl6NU/eKLp/9ZVaXIzynbYhhrxs+jO2uoiD8i
SvjTWpFlgEruFaxJcHrVpZOXIwQorwWG3LVZUUgwWyd9w17cem/+IEVPJYlh0D8w
skLZ0JBSvmUQXTM6kuD1aJmrfFuhLTKiSYKpgDjhtSKcpmIlkUpY1Y+cBJ4bcSFb
wzyMqPzLqB+VLTjFUjUpWxQQR+tfoFpXUWAjb390V7HMtCFzMPJ6fT1lY4rHm5wh
EyWFtCas1wg4GaI5/gpEweiMsDjvE5+e9P4F+64TW5m2lUI8lidb86QwEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPu/Hveya5PVIf4xN+5KhZ3tYdGnMB8GA1UdIwQY
MBaAFEzpA3m9jQQ3Szre8GDVGuIVcQk1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE9rRGViMk5CRGRMT3Q3d1lOVWE0aFZ4Q1RVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85YmFjZjgtMTQ2Yy00YjYzLTlkMzYt
ODIwMGI4NjYwM2IxLzEvMS03OGU5N0pyazlVaF9qRTM3a3FGbmUxaDBhYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODYvOWJhY2Y4LTE0NmMtNGI2My05ZDM2LTgyMDBiODY2MDNi
MS8xL1RPa0RlYjJOQkRkTE90N3dZTlVhNGhWeENUVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS2J6DAN
BgkqhkiG9w0BAQsFAAOCAQEATODh2Ygt9JGotoP6lqn1J+FvviqUhWvmtL+jZhVK
Cx8hoR2tDbcxH0/77+A2iIAqMFXhQPk6kNCjRGIhaJ+hc5Cuf8jmetYfIkmIUXRX
P8xZ1zjC5FDMgvLd2/0NpSYl141NT33Cp5T36rpX8Lh4goY6kpNtiOf/ZSPDHZZ5
j4VN+fkiYyMU6tUSU1Es4ulV/EujaJ3w1wUOgejvOwzTIvCbqaUYHyeJV+GodAPx
K7sHDmnGPBXY6Xja93hw9UGWMfmsh8vpbYVy4lQXCqi8saZbrOHdspw+cGc1uYAS
Tq5d7bU1uMuAgCJcwaoWSN7LLH7B9nH3EPA5Ps/ok+CUvA==
-----END CERTIFICATE-----