Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/437ae5-c2ab-4c71-9d06-fec6c2701eda/1/prlrwENsP0XShm7WiJaiosrpyn4.roa
File:                     prlrwENsP0XShm7WiJaiosrpyn4.roa (raw, json)
Hash identifier:          N21LSr0oJqwv0f3injM4CthwAR4LuE5viTe41DT0nbI=
Subject key identifier:   A6:B9:6B:C0:43:6C:3F:45:D2:86:6E:D6:88:96:A2:A2:CA:E9:CA:7E
Certificate issuer:       /CN=748e99a31f3582400ab5dfa777c60d16acaeddb3
Certificate serial:       0197534CE5A807BC0FE4F0799DB41B211211
Authority key identifier: 74:8E:99:A3:1F:35:82:40:0A:B5:DF:A7:77:C6:0D:16:AC:AE:DD:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dI6Zox81gkAKtd-nd8YNFqyu3bM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/437ae5-c2ab-4c71-9d06-fec6c2701eda/1/prlrwENsP0XShm7WiJaiosrpyn4.roa
Signing time:             Mon 09 Jun 2025 06:07:17 +0000
ROA not before:           Mon 09 Jun 2025 06:07:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41174
IP address blocks:        185.84.54.0/24 maxlen: 24
                          185.84.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/437ae5-c2ab-4c71-9d06-fec6c2701eda/1/dI6Zox81gkAKtd-nd8YNFqyu3bM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/437ae5-c2ab-4c71-9d06-fec6c2701eda/1/dI6Zox81gkAKtd-nd8YNFqyu3bM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dI6Zox81gkAKtd-nd8YNFqyu3bM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:53:4c:e5:a8:07:bc:0f:e4:f0:79:9d:b4:1b:21:12:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=748e99a31f3582400ab5dfa777c60d16acaeddb3
        Validity
            Not Before: Jun  9 06:07:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6b96bc0436c3f45d2866ed68896a2a2cae9ca7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:99:23:6b:10:b6:f9:58:a9:31:8e:a5:1d:12:
                    15:42:a1:cf:f3:6b:39:c9:25:ef:6b:53:ff:08:c8:
                    fd:2e:89:79:cc:97:79:62:62:07:15:2d:f2:73:ed:
                    91:e2:8e:77:63:64:43:b4:52:ec:e5:aa:09:54:38:
                    f3:14:0f:a3:b6:5b:31:f9:95:03:0e:99:b3:67:6c:
                    ac:0a:70:e6:a1:42:56:dc:4c:7e:11:94:48:19:20:
                    4e:b8:21:0c:cc:e1:46:91:07:12:58:f7:97:7b:0b:
                    26:47:9d:93:aa:83:a4:af:01:01:5a:9d:c7:10:9e:
                    65:12:39:65:4a:57:96:8e:2b:2a:35:71:3f:a4:4e:
                    8e:18:f5:c2:c5:a4:3a:9a:14:04:4a:7b:b8:10:c3:
                    19:ac:08:f3:98:91:3f:d1:08:1d:f9:f1:29:aa:98:
                    70:97:10:88:60:14:b7:49:5e:60:08:51:5e:6c:56:
                    d9:61:f5:f9:55:87:7a:f6:b3:ff:b3:0e:79:c4:c7:
                    e0:67:d1:a0:bb:91:88:72:7c:6c:c8:d1:9d:b5:22:
                    49:2b:f4:8c:18:d7:08:4a:5f:f6:60:89:57:a9:84:
                    ab:7f:f8:6f:11:6d:09:2c:81:af:86:4e:cf:d8:3d:
                    01:9b:83:65:03:73:c8:a2:d6:d2:69:fd:cf:7a:b8:
                    c3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B9:6B:C0:43:6C:3F:45:D2:86:6E:D6:88:96:A2:A2:CA:E9:CA:7E
            X509v3 Authority Key Identifier:
                keyid:74:8E:99:A3:1F:35:82:40:0A:B5:DF:A7:77:C6:0D:16:AC:AE:DD:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dI6Zox81gkAKtd-nd8YNFqyu3bM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/437ae5-c2ab-4c71-9d06-fec6c2701eda/1/prlrwENsP0XShm7WiJaiosrpyn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/437ae5-c2ab-4c71-9d06-fec6c2701eda/1/dI6Zox81gkAKtd-nd8YNFqyu3bM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:46:0a:ec:3c:58:60:b2:c2:53:61:62:d2:a1:12:b2:6c:e2:
         62:ff:cc:47:22:74:ab:b7:44:97:7d:ea:af:3d:f3:be:9d:47:
         9d:d0:fa:98:50:04:62:03:97:71:6a:bd:65:47:e5:95:64:78:
         0a:dd:0f:88:9a:2a:8e:43:38:61:31:54:90:7f:0c:bf:5f:b6:
         45:cd:0c:f1:a9:9e:1a:da:14:77:6a:f0:2c:59:5d:c1:95:7c:
         ff:cb:a7:77:61:5d:0b:bb:09:b4:f9:1e:5c:3d:33:7b:84:e6:
         65:97:df:be:3f:a7:50:ac:ec:8f:2b:80:9c:9e:8c:4c:7c:6e:
         fc:48:8c:6a:1b:94:3d:d5:0f:4e:c5:82:1e:f6:a0:2a:e8:86:
         07:69:23:fc:e0:c1:e5:fd:bc:a4:29:5f:45:c4:4d:1a:98:2b:
         c5:4c:19:14:39:fc:b9:47:da:65:4c:1b:60:e8:18:02:c3:cf:
         b4:d1:0e:55:11:52:50:e3:56:f8:c7:44:41:93:2c:c2:a8:23:
         38:b3:ea:28:4b:b4:67:e0:11:12:49:a0:5e:80:bc:3c:dc:1e:
         86:48:5e:a8:fa:b8:09:54:fc:93:ab:04:ed:c4:04:46:9f:18:
         7a:a4:ff:e6:46:40:e3:31:7c:d9:d2:20:a0:e6:d5:6d:83:e0:
         8e:6f:5a:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdTTOWoB7wP5PB5nbQbIRIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OGU5OWEzMWYzNTgyNDAwYWI1ZGZhNzc3YzYwZDE2YWNh
ZWRkYjMwHhcNMjUwNjA5MDYwNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmI5NmJjMDQzNmMzZjQ1ZDI4NjZlZDY4ODk2YTJhMmNhZTljYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5kjaxC2+VipMY6lHRIVQqHP82s5
ySXva1P/CMj9Lol5zJd5YmIHFS3yc+2R4o53Y2RDtFLs5aoJVDjzFA+jtlsx+ZUD
DpmzZ2ysCnDmoUJW3Ex+EZRIGSBOuCEMzOFGkQcSWPeXewsmR52TqoOkrwEBWp3H
EJ5lEjllSleWjisqNXE/pE6OGPXCxaQ6mhQESnu4EMMZrAjzmJE/0Qgd+fEpqphw
lxCIYBS3SV5gCFFebFbZYfX5VYd69rP/sw55xMfgZ9Ggu5GIcnxsyNGdtSJJK/SM
GNcISl/2YIlXqYSrf/hvEW0JLIGvhk7P2D0Bm4NlA3PIotbSaf3PerjDpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKa5a8BDbD9F0oZu1oiWoqLK6cp+MB8GA1UdIwQY
MBaAFHSOmaMfNYJACrXfp3fGDRasrt2zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEk2Wm94ODFna0FLdGQtbmQ4WU5GcXl1M2JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80MzdhZTUtYzJhYi00YzcxLTlkMDYt
ZmVjNmMyNzAxZWRhLzEvcHJscndFTnNQMFhTaG03V2lKYWlvc3JweW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80MzdhZTUtYzJhYi00YzcxLTlkMDYtZmVjNmMyNzAxZWRh
LzEvZEk2Wm94ODFna0FLdGQtbmQ4WU5GcXl1M2JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVQ2MA0G
CSqGSIb3DQEBCwUAA4IBAQBnRgrsPFhgssJTYWLSoRKybOJi/8xHInSrt0SXfeqv
PfO+nUed0PqYUARiA5dxar1lR+WVZHgK3Q+ImiqOQzhhMVSQfwy/X7ZFzQzxqZ4a
2hR3avAsWV3BlXz/y6d3YV0Luwm0+R5cPTN7hOZll9++P6dQrOyPK4CcnoxMfG78
SIxqG5Q91Q9OxYIe9qAq6IYHaSP84MHl/bykKV9FxE0amCvFTBkUOfy5R9plTBtg
6BgCw8+00Q5VEVJQ41b4x0RBkyzCqCM4s+ooS7Rn4BESSaBegLw83B6GSF6o+rgJ
VPyTqwTtxARGnxh6pP/mRkDjMXzZ0iCg5tVtg+COb1r7
-----END CERTIFICATE-----