Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/UwSX5skbnYWCODti--d_CrlRLPQ.roa
File:                     UwSX5skbnYWCODti--d_CrlRLPQ.roa (raw, json)
Hash identifier:          /UxS/W2x6BIK1JMEkMqtBl0tDdobykbVlNGkDRtr4R0=
Subject key identifier:   53:04:97:E6:C9:1B:9D:85:82:38:3B:62:FB:E7:7F:0A:B9:51:2C:F4
Certificate issuer:       /CN=692cf8572344c0a674a67d0f4b51f186e8a71c4b
Certificate serial:       0196F863D6D55A901CA3856052A1EC19A2AD
Authority key identifier: 69:2C:F8:57:23:44:C0:A6:74:A6:7D:0F:4B:51:F1:86:E8:A7:1C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aSz4VyNEwKZ0pn0PS1HxhuinHEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/UwSX5skbnYWCODti--d_CrlRLPQ.roa
Signing time:             Thu 22 May 2025 14:26:54 +0000
ROA not before:           Thu 22 May 2025 14:26:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        159.46.64.0/18 maxlen: 18
                          159.46.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aSz4VyNEwKZ0pn0PS1HxhuinHEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aSz4VyNEwKZ0pn0PS1HxhuinHEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aSz4VyNEwKZ0pn0PS1HxhuinHEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f8:63:d6:d5:5a:90:1c:a3:85:60:52:a1:ec:19:a2:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=692cf8572344c0a674a67d0f4b51f186e8a71c4b
        Validity
            Not Before: May 22 14:26:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=530497e6c91b9d8582383b62fbe77f0ab9512cf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9d:f8:65:f8:63:96:e2:82:3f:7c:d2:80:20:
                    fd:ce:47:2f:0e:75:3b:21:9f:7c:53:82:78:7a:1d:
                    d4:77:3f:05:26:fa:fa:09:35:11:11:31:2e:fd:4a:
                    f0:02:58:4e:05:e7:ac:0d:c9:ea:32:40:10:92:1b:
                    fc:7b:4b:72:31:ae:f5:66:7e:e2:53:4a:72:d2:53:
                    ac:5c:ac:41:3a:1e:b9:a8:15:99:a2:b4:80:5a:95:
                    67:1a:37:ef:23:90:d3:0a:cc:ed:15:6c:1e:42:83:
                    c7:46:09:70:0b:0b:88:19:00:5b:bf:43:b3:a7:e3:
                    db:af:7e:5c:e9:4a:1b:9b:dc:c0:06:58:80:7e:c8:
                    ee:0b:a1:05:b7:15:ee:e3:61:9c:35:90:16:f0:ae:
                    14:08:14:41:ba:57:50:9c:c9:0f:b3:56:ff:ae:83:
                    60:6d:d3:b9:30:38:64:4b:eb:0e:2b:43:e2:3a:91:
                    17:98:78:e4:ff:0c:40:35:4d:71:1c:cd:bd:14:60:
                    33:b8:27:20:a4:b7:a7:73:c7:d3:98:b1:b8:15:85:
                    0d:eb:10:e4:5f:19:0e:41:92:bd:ac:2c:d7:16:d6:
                    33:e7:24:7a:61:bd:3e:88:bc:f1:16:a6:3a:af:ac:
                    b6:d0:ef:b0:6f:3a:69:b3:74:ac:bc:fd:1e:25:db:
                    b5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:04:97:E6:C9:1B:9D:85:82:38:3B:62:FB:E7:7F:0A:B9:51:2C:F4
            X509v3 Authority Key Identifier:
                keyid:69:2C:F8:57:23:44:C0:A6:74:A6:7D:0F:4B:51:F1:86:E8:A7:1C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aSz4VyNEwKZ0pn0PS1HxhuinHEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/UwSX5skbnYWCODti--d_CrlRLPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/054b50-a7b1-46f3-9d18-af39bb03097f/1/aSz4VyNEwKZ0pn0PS1HxhuinHEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.46.64.0-159.46.191.255

    Signature Algorithm: sha256WithRSAEncryption
         67:5f:2c:57:dc:34:21:60:a3:b5:81:d4:c9:38:b1:c0:85:b4:
         b6:83:d8:cb:7e:37:a0:e2:c6:fd:87:25:4f:84:d2:da:34:f5:
         75:e6:32:01:6b:3c:16:45:92:29:e5:8e:cc:e5:be:31:62:55:
         60:d3:18:cc:83:55:ac:75:76:dd:0e:bd:7d:b4:df:11:59:7f:
         51:91:a1:61:09:9a:3d:3c:14:0e:c3:a2:2f:46:bf:9c:f7:ea:
         eb:57:2a:f2:d8:f2:82:b4:99:ae:90:80:01:2d:c5:29:da:e1:
         fa:c4:6e:f1:c4:33:5e:ff:84:d9:84:84:68:c2:1d:7e:75:67:
         87:ec:c4:cb:4e:23:16:a4:4e:ae:aa:38:04:fb:6d:d8:6e:a1:
         dd:ed:f1:6c:28:9c:9b:2f:b8:bb:ba:63:ca:d1:ef:5b:cc:4a:
         f1:3f:a7:ff:3d:43:e0:24:58:c6:60:9e:55:4d:0a:b5:7c:ac:
         c1:cb:58:12:29:0c:0c:7d:8b:d2:75:2c:60:8f:ba:fb:79:45:
         c2:1a:0a:fa:18:2d:9b:9f:5f:65:5f:97:63:90:28:ec:c1:b0:
         73:0d:82:df:bc:bf:0f:6e:c6:dd:a5:ac:46:29:fc:a8:66:f4:
         82:dc:f5:dc:94:bd:e0:d8:5d:15:be:57:20:1d:95:b3:ab:7f:
         8f:f0:11:df
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZb4Y9bVWpAco4VgUqHsGaKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MmNmODU3MjM0NGMwYTY3NGE2N2QwZjRiNTFmMTg2ZThh
NzFjNGIwHhcNMjUwNTIyMTQyNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzA0OTdlNmM5MWI5ZDg1ODIzODNiNjJmYmU3N2YwYWI5NTEyY2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt534ZfhjluKCP3zSgCD9zkcvDnU7
IZ98U4J4eh3Udz8FJvr6CTURETEu/UrwAlhOBeesDcnqMkAQkhv8e0tyMa71Zn7i
U0py0lOsXKxBOh65qBWZorSAWpVnGjfvI5DTCsztFWweQoPHRglwCwuIGQBbv0Oz
p+Pbr35c6Uobm9zABliAfsjuC6EFtxXu42GcNZAW8K4UCBRBuldQnMkPs1b/roNg
bdO5MDhkS+sOK0PiOpEXmHjk/wxANU1xHM29FGAzuCcgpLenc8fTmLG4FYUN6xDk
XxkOQZK9rCzXFtYz5yR6Yb0+iLzxFqY6r6y20O+wbzpps3SsvP0eJdu1SQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFMEl+bJG52Fgjg7Yvvnfwq5USz0MB8GA1UdIwQY
MBaAFGks+FcjRMCmdKZ9D0tR8YbopxxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVN6NFZ5TkV3S1owcG4wUFMxSHhodWluSEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wNTRiNTAtYTdiMS00NmYzLTlkMTgt
YWYzOWJiMDMwOTdmLzEvVXdTWDVza2JuWVdDT0R0aS0tZF9DcmxSTFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wNTRiNTAtYTdiMS00NmYzLTlkMTgtYWYzOWJiMDMwOTdm
LzEvYVN6NFZ5TkV3S1owcG4wUFMxSHhodWluSEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAafLkAD
BAafLoAwDQYJKoZIhvcNAQELBQADggEBAGdfLFfcNCFgo7WB1Mk4scCFtLaD2Mt+
N6Dixv2HJU+E0to09XXmMgFrPBZFkinljszlvjFiVWDTGMyDVax1dt0OvX203xFZ
f1GRoWEJmj08FA7Doi9Gv5z36utXKvLY8oK0ma6QgAEtxSna4frEbvHEM17/hNmE
hGjCHX51Z4fsxMtOIxakTq6qOAT7bdhuod3t8WwonJsvuLu6Y8rR71vMSvE/p/89
Q+AkWMZgnlVNCrV8rMHLWBIpDAx9i9J1LGCPuvt5RcIaCvoYLZufX2Vfl2OQKOzB
sHMNgt+8vw9uxt2lrEYp/Khm9ILc9dyUveDYXRW+VyAdlbOrf4/wEd8=
-----END CERTIFICATE-----