Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/RmPUZU9rgiug_5WIY_aOFDQOqq4.roa
File:                     RmPUZU9rgiug_5WIY_aOFDQOqq4.roa (raw, json)
Hash identifier:          Z4A1GoFiN/7vwrzFbweE6fGSkI6jo7WoF/vQ8o3WdYI=
Subject key identifier:   46:63:D4:65:4F:6B:82:2B:A0:FF:95:88:63:F6:8E:14:34:0E:AA:AE
Certificate issuer:       /CN=37431f1be9fdc2419098479cde457bbf79571759
Certificate serial:       019937E93A170D944F8BD0B62E03F59F39DD
Authority key identifier: 37:43:1F:1B:E9:FD:C2:41:90:98:47:9C:DE:45:7B:BF:79:57:17:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N0MfG-n9wkGQmEec3kV7v3lXF1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/RmPUZU9rgiug_5WIY_aOFDQOqq4.roa
Signing time:             Thu 11 Sep 2025 08:34:15 +0000
ROA not before:           Thu 11 Sep 2025 08:34:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41717
IP address blocks:        185.211.133.0/24 maxlen: 32
                          185.211.135.0/24 maxlen: 32
                          2a0b:65c0:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/N0MfG-n9wkGQmEec3kV7v3lXF1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/N0MfG-n9wkGQmEec3kV7v3lXF1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N0MfG-n9wkGQmEec3kV7v3lXF1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:37:e9:3a:17:0d:94:4f:8b:d0:b6:2e:03:f5:9f:39:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37431f1be9fdc2419098479cde457bbf79571759
        Validity
            Not Before: Sep 11 08:34:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4663d4654f6b822ba0ff958863f68e14340eaaae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d6:95:81:eb:5c:96:d6:6a:de:27:f7:d8:b9:
                    aa:65:12:78:87:52:cb:ef:38:52:b6:48:7e:a6:85:
                    44:9e:b7:94:db:da:c6:b5:98:5e:5f:87:93:5e:24:
                    9a:b6:43:5e:05:a0:6b:2a:54:ce:58:af:d0:eb:58:
                    5d:0f:43:7b:70:3e:72:a7:8f:25:0a:84:14:2a:15:
                    ec:26:73:c1:89:63:77:ce:29:c0:d3:7c:0d:d2:70:
                    49:3a:43:f9:c7:c9:93:b7:95:c0:d2:9c:31:40:b4:
                    08:fd:37:6c:ab:1b:50:63:6d:e7:71:e0:3a:90:2d:
                    0d:76:3a:c1:b5:3a:67:be:47:da:66:04:2b:2e:d4:
                    64:3d:0c:ca:fa:80:fd:3a:2e:d4:a7:93:7f:2c:3b:
                    10:aa:db:b8:f9:99:83:6f:32:fb:5d:9d:b9:1f:f5:
                    0d:3f:a8:02:ce:a7:ff:11:bb:a8:f2:49:80:8e:0b:
                    48:31:84:c2:9c:11:d6:b9:f3:91:31:9f:eb:8c:cb:
                    a7:fa:3e:d9:a9:1a:85:60:f8:1b:cb:d6:ed:ac:81:
                    aa:7a:f8:55:74:0d:c7:f3:d2:16:fd:95:04:09:e5:
                    16:3c:aa:eb:e9:43:f2:38:e4:7f:64:43:a0:c6:1f:
                    7d:eb:58:40:35:aa:02:d0:0e:87:66:2c:fa:bf:af:
                    96:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:63:D4:65:4F:6B:82:2B:A0:FF:95:88:63:F6:8E:14:34:0E:AA:AE
            X509v3 Authority Key Identifier:
                keyid:37:43:1F:1B:E9:FD:C2:41:90:98:47:9C:DE:45:7B:BF:79:57:17:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N0MfG-n9wkGQmEec3kV7v3lXF1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/RmPUZU9rgiug_5WIY_aOFDQOqq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b53547-d340-4392-af46-615961312b52/1/N0MfG-n9wkGQmEec3kV7v3lXF1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.133.0/24
                  185.211.135.0/24
                IPv6:
                  2a0b:65c0:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:b6:fe:c7:f3:c4:3b:02:e9:20:6f:5b:13:61:ae:1f:67:c1:
         d2:56:73:b6:a0:d9:84:c6:10:30:56:96:78:00:7f:8c:8a:a0:
         c0:c2:2b:98:28:7c:90:4e:3c:62:de:5e:1d:cc:a7:d1:e6:15:
         95:7d:75:72:7e:12:2c:39:6f:27:61:56:3a:37:43:f9:fb:62:
         42:7f:6a:56:4c:7e:dc:5c:c7:f1:38:90:4f:17:40:28:79:12:
         e3:b4:ee:3c:a1:bd:65:8b:33:52:ac:1b:60:f0:52:fd:1a:9c:
         1a:70:bd:1f:ed:18:ca:56:8f:52:57:bc:ff:2b:76:f9:7a:80:
         88:b9:15:9f:bb:50:a3:30:09:96:90:c0:1e:ec:a4:f8:ec:4c:
         80:09:8f:3b:07:9f:c3:ef:07:76:f7:4d:e5:16:d7:11:99:47:
         62:97:9c:e9:0a:6d:05:a2:8e:96:59:51:30:b4:d9:1b:71:10:
         66:c4:8b:84:d0:66:db:7c:bc:10:17:2b:b5:cf:31:86:b2:c7:
         bf:15:bb:18:f1:ca:de:0e:f8:e6:c2:48:81:c0:b6:31:ca:c5:
         96:1c:dc:b1:72:1a:03:60:47:bb:3d:3d:1c:10:3a:ba:52:49:
         b2:99:dc:72:1a:05:95:9a:da:4a:0e:4a:86:64:6f:06:ca:92:
         36:89:73:e8
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZk36ToXDZRPi9C2LgP1nzndMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NDMxZjFiZTlmZGMyNDE5MDk4NDc5Y2RlNDU3YmJmNzk1
NzE3NTkwHhcNMjUwOTExMDgzNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjYzZDQ2NTRmNmI4MjJiYTBmZjk1ODg2M2Y2OGUxNDM0MGVhYWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNaVgetcltZq3if32LmqZRJ4h1LL
7zhStkh+poVEnreU29rGtZheX4eTXiSatkNeBaBrKlTOWK/Q61hdD0N7cD5yp48l
CoQUKhXsJnPBiWN3zinA03wN0nBJOkP5x8mTt5XA0pwxQLQI/TdsqxtQY23nceA6
kC0NdjrBtTpnvkfaZgQrLtRkPQzK+oD9Oi7Up5N/LDsQqtu4+ZmDbzL7XZ25H/UN
P6gCzqf/Ebuo8kmAjgtIMYTCnBHWufORMZ/rjMun+j7ZqRqFYPgby9btrIGqevhV
dA3H89IW/ZUECeUWPKrr6UPyOOR/ZEOgxh9961hANaoC0A6HZiz6v6+WoQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFEZj1GVPa4IroP+ViGP2jhQ0DqquMB8GA1UdIwQY
MBaAFDdDHxvp/cJBkJhHnN5Fe795VxdZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjBNZkctbjl3a0dRbUVlYzNrVjd2M2xYRjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iNTM1NDctZDM0MC00MzkyLWFmNDYt
NjE1OTYxMzEyYjUyLzEvUm1QVVpVOXJnaXVnXzVXSVlfYU9GRFFPcXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iNTM1NDctZDM0MC00MzkyLWFmNDYtNjE1OTYxMzEyYjUy
LzEvTjBNZkctbjl3a0dRbUVlYzNrVjd2M2xYRjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAudOFAwQA
udOHMA8EAgACMAkDBwAqC2XAAAQwDQYJKoZIhvcNAQELBQADggEBAIW2/sfzxDsC
6SBvWxNhrh9nwdJWc7ag2YTGEDBWlngAf4yKoMDCK5gofJBOPGLeXh3Mp9HmFZV9
dXJ+Eiw5bydhVjo3Q/n7YkJ/alZMftxcx/E4kE8XQCh5EuO07jyhvWWLM1KsG2Dw
Uv0anBpwvR/tGMpWj1JXvP8rdvl6gIi5FZ+7UKMwCZaQwB7spPjsTIAJjzsHn8Pv
B3b3TeUW1xGZR2KXnOkKbQWijpZZUTC02RtxEGbEi4TQZtt8vBAXK7XPMYayx78V
uxjxyt4O+ObCSIHAtjHKxZYc3LFyGgNgR7s9PRwQOrpSSbKZ3HIaBZWa2koOSoZk
bwbKkjaJc+g=
-----END CERTIFICATE-----