Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/KQWIvRkUPfDI9UbToA1ZOCt6wGw.roa
File:                     KQWIvRkUPfDI9UbToA1ZOCt6wGw.roa (raw, json)
Hash identifier:          ReALyg40wpRA61FQrWQgXjMRadBzLsNR095IRjmcuPY=
Subject key identifier:   29:05:88:BD:19:14:3D:F0:C8:F5:46:D3:A0:0D:59:38:2B:7A:C0:6C
Certificate issuer:       /CN=50980fb6ade858f2652e736993126c85759f06d9
Certificate serial:       01996B28DB90A94E8AF1C62BD0A172DA8ABD
Authority key identifier: 50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/KQWIvRkUPfDI9UbToA1ZOCt6wGw.roa
Signing time:             Sun 21 Sep 2025 07:24:23 +0000
ROA not before:           Sun 21 Sep 2025 07:24:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        46.148.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Oct 2025 21:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6b:28:db:90:a9:4e:8a:f1:c6:2b:d0:a1:72:da:8a:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50980fb6ade858f2652e736993126c85759f06d9
        Validity
            Not Before: Sep 21 07:24:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=290588bd19143df0c8f546d3a00d59382b7ac06c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:41:da:c7:32:54:06:64:d7:74:ef:45:11:07:
                    b7:1f:5b:88:40:34:49:f2:5d:0b:83:b8:49:d9:d9:
                    22:4f:a5:ed:81:6c:7f:d0:69:52:a0:9c:3a:e3:25:
                    86:c7:ef:6f:88:47:f2:50:9d:07:56:67:57:48:89:
                    d0:0a:63:d8:d3:dc:4a:8e:d2:c7:9f:4a:8b:f9:e7:
                    e8:be:e4:1a:54:cd:f8:c5:c0:66:fa:64:0e:2f:5b:
                    78:03:79:a5:6f:e1:12:d7:82:b0:51:6d:cc:f8:4b:
                    0e:3c:91:4d:ed:35:ca:a7:6f:96:35:10:36:87:fb:
                    28:e3:4b:28:2d:d6:59:7e:93:8a:cb:b1:eb:fa:bb:
                    ed:9b:dd:13:3a:87:91:99:0d:cc:33:0c:04:cc:9f:
                    33:88:b6:b1:ed:05:62:83:b6:c4:24:13:78:83:93:
                    02:eb:8c:ac:91:85:db:24:2b:ba:03:27:14:3e:d5:
                    5d:d7:cf:51:26:d9:31:d6:99:19:57:2a:90:65:37:
                    3c:48:c8:c7:27:0b:9e:ef:03:40:15:dd:ac:13:12:
                    c8:f6:bd:7b:98:0e:c1:f4:f9:aa:67:91:76:83:57:
                    03:00:a1:ca:53:82:4d:8e:72:a1:e4:0c:e3:24:27:
                    67:84:3b:10:88:9a:b9:92:90:8c:31:cf:66:8e:6d:
                    0c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:05:88:BD:19:14:3D:F0:C8:F5:46:D3:A0:0D:59:38:2B:7A:C0:6C
            X509v3 Authority Key Identifier:
                keyid:50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/KQWIvRkUPfDI9UbToA1ZOCt6wGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:2c:9f:c0:ae:f7:85:c2:b0:ad:cf:51:cf:b1:08:cb:18:87:
         a9:b0:f9:d4:32:96:01:cb:52:19:df:a5:00:ff:12:0e:87:b6:
         e5:16:d8:8e:07:db:a3:fb:25:d2:30:f6:0c:30:a1:fb:17:10:
         b6:5d:f0:a5:32:54:3b:75:98:1d:8a:99:43:9b:01:c4:d6:05:
         d1:48:7b:84:de:2d:11:30:25:b5:8a:d8:58:ec:a6:df:6e:d0:
         e1:b6:0f:6b:39:e2:61:f7:5d:e0:4f:be:16:48:94:69:21:36:
         3a:84:2d:fc:3a:66:c3:5e:47:c3:ff:18:b7:4c:ab:f4:2e:55:
         32:e3:ba:bc:77:e2:d2:b4:28:86:54:05:6d:33:71:53:37:79:
         f4:a7:39:b0:5d:19:fe:f3:a8:5e:e2:2f:98:46:1a:29:a5:50:
         be:e6:d3:57:fc:45:19:d7:c3:cf:f7:4a:66:35:40:d3:0d:1f:
         3e:a1:89:85:f4:8b:fd:e4:d5:34:59:ba:94:72:f8:48:00:19:
         da:64:45:70:c8:bd:8f:2c:0b:ee:45:1c:63:93:e7:ea:34:a1:
         17:a8:8e:fb:2e:01:4b:82:6f:ef:64:51:b5:1e:89:d2:34:6f:
         c2:65:46:65:4c:0a:ac:03:f5:ca:e6:7b:32:39:72:34:d8:07:
         63:f4:99:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlrKNuQqU6K8cYr0KFy2oq9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOTgwZmI2YWRlODU4ZjI2NTJlNzM2OTkzMTI2Yzg1NzU5
ZjA2ZDkwHhcNMjUwOTIxMDcyNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTA1ODhiZDE5MTQzZGYwYzhmNTQ2ZDNhMDBkNTkzODJiN2FjMDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkHaxzJUBmTXdO9FEQe3H1uIQDRJ
8l0Lg7hJ2dkiT6XtgWx/0GlSoJw64yWGx+9viEfyUJ0HVmdXSInQCmPY09xKjtLH
n0qL+efovuQaVM34xcBm+mQOL1t4A3mlb+ES14KwUW3M+EsOPJFN7TXKp2+WNRA2
h/so40soLdZZfpOKy7Hr+rvtm90TOoeRmQ3MMwwEzJ8ziLax7QVig7bEJBN4g5MC
64yskYXbJCu6AycUPtVd189RJtkx1pkZVyqQZTc8SMjHJwue7wNAFd2sExLI9r17
mA7B9PmqZ5F2g1cDAKHKU4JNjnKh5AzjJCdnhDsQiJq5kpCMMc9mjm0MjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkFiL0ZFD3wyPVG06ANWTgresBsMB8GA1UdIwQY
MBaAFFCYD7at6FjyZS5zaZMSbIV1nwbZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEt
Y2NhNzlhNjk4MjBhLzEvS1FXSXZSa1VQZkRJOVViVG9BMVpPQ3Q2d0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEtY2NhNzlhNjk4MjBh
LzEvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpTRMA0G
CSqGSIb3DQEBCwUAA4IBAQB7LJ/ArveFwrCtz1HPsQjLGIepsPnUMpYBy1IZ36UA
/xIOh7blFtiOB9uj+yXSMPYMMKH7FxC2XfClMlQ7dZgdiplDmwHE1gXRSHuE3i0R
MCW1ithY7KbfbtDhtg9rOeJh913gT74WSJRpITY6hC38OmbDXkfD/xi3TKv0LlUy
47q8d+LStCiGVAVtM3FTN3n0pzmwXRn+86he4i+YRhoppVC+5tNX/EUZ18PP90pm
NUDTDR8+oYmF9Iv95NU0WbqUcvhIABnaZEVwyL2PLAvuRRxjk+fqNKEXqI77LgFL
gm/vZFG1HonSNG/CZUZlTAqsA/XK5nsyOXI02Adj9JkJ
-----END CERTIFICATE-----