Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/rTKSwyD4bSu0V_OTB6JmkjQohdI.roa
File:                     rTKSwyD4bSu0V_OTB6JmkjQohdI.roa (raw, json)
Hash identifier:          F3/bo+ceS2+kTH3oRunm6ME2Zkm2RRhJyAWZ0mxY7dQ=
Subject key identifier:   AD:32:92:C3:20:F8:6D:2B:B4:57:F3:93:07:A2:66:92:34:28:85:D2
Certificate issuer:       /CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
Certificate serial:       0198F52EB8E87DE54C963BAF5EF6AF92B08E
Authority key identifier: 83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/rTKSwyD4bSu0V_OTB6JmkjQohdI.roa
Signing time:             Fri 29 Aug 2025 09:35:36 +0000
ROA not before:           Fri 29 Aug 2025 09:35:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196620
IP address blocks:        45.80.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f5:2e:b8:e8:7d:e5:4c:96:3b:af:5e:f6:af:92:b0:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
        Validity
            Not Before: Aug 29 09:35:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad3292c320f86d2bb457f39307a26692342885d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:51:4f:c1:01:54:96:39:b6:7f:03:00:9e:69:
                    2a:c5:d9:c6:b1:f9:48:bb:b1:03:6b:13:4f:d8:49:
                    06:a8:e7:8f:e3:ca:42:fe:1e:ff:7b:eb:c3:ee:99:
                    3f:4c:02:da:44:6c:98:1e:c8:4b:8d:1e:73:9f:35:
                    a6:d4:a0:3f:63:14:cd:0e:59:1b:e5:10:c8:e4:31:
                    3f:b7:e9:ac:29:68:71:c6:39:6d:8d:66:05:23:43:
                    61:25:64:d9:76:c6:41:44:2b:07:d3:30:83:8b:f5:
                    75:43:cc:e8:15:3d:3d:31:4a:b1:ab:e2:aa:d2:ca:
                    74:be:14:1b:4e:b8:65:c8:a9:ec:01:41:de:86:42:
                    d9:71:68:6e:76:22:5b:40:74:9d:a3:37:ec:1f:87:
                    39:bc:fa:60:a5:dc:59:46:ec:db:5c:1e:59:2d:3d:
                    bf:1c:a9:f1:41:e2:f9:6d:6f:62:38:d3:8a:74:cb:
                    36:26:36:93:2f:32:d2:0b:7d:39:a5:cb:fd:c3:e5:
                    84:60:8b:26:40:ef:39:bf:3d:ed:55:e7:22:a2:af:
                    5a:fb:d1:44:df:ac:2e:13:94:f7:ee:8d:4d:c1:05:
                    ac:5b:0a:c6:0d:69:c9:b4:61:4f:d6:3e:79:98:ce:
                    8f:4f:ba:0c:da:ae:77:8d:78:aa:aa:f4:f7:1d:c7:
                    d5:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:32:92:C3:20:F8:6D:2B:B4:57:F3:93:07:A2:66:92:34:28:85:D2
            X509v3 Authority Key Identifier:
                keyid:83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/rTKSwyD4bSu0V_OTB6JmkjQohdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:89:7a:64:8e:a3:97:02:08:e4:a0:3f:96:f5:2d:3c:95:73:
         10:4d:04:50:fc:6e:a9:c9:6c:05:24:84:ee:27:e0:9f:29:26:
         92:e4:20:73:a4:48:15:a7:b9:55:83:43:8c:fe:2a:83:91:ba:
         89:d9:7c:13:e2:1a:cf:1d:1d:0a:12:ae:45:66:b8:5b:9f:56:
         43:11:8d:17:43:20:6c:f6:d7:03:af:a3:ba:e2:0a:97:e0:5d:
         2f:30:b2:15:ba:2e:d2:f7:aa:ed:a6:39:ce:16:ba:40:53:2f:
         10:31:41:c8:90:c0:bd:33:41:45:be:27:9e:73:da:92:1b:bf:
         a8:eb:8e:ed:20:1b:5b:64:06:e4:ee:28:fb:eb:49:c2:86:ee:
         47:52:83:aa:4c:93:cf:07:5c:76:0d:7a:08:10:55:08:5c:fd:
         30:aa:ad:b9:65:1d:12:07:bb:ac:f2:8c:f2:3d:20:d6:e6:67:
         d2:b7:33:6e:55:2d:9f:9e:45:06:46:90:4b:be:67:17:f4:98:
         e9:75:de:be:d1:ba:49:29:e1:07:fb:28:99:94:d0:6b:4a:52:
         70:8c:bf:4d:7f:33:61:13:79:fc:7d:28:d0:a7:35:8b:96:70:
         1d:e2:8f:0c:b7:fb:60:44:1e:94:14:7c:42:f7:88:50:61:dd:
         5f:14:a7:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj1LrjofeVMljuvXvavkrCOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDc5NTE0OTU5Mzk3YzVlM2ZhNzZlMWVhNDk1ZThlMWY2
YzMxOWIwHhcNMjUwODI5MDkzNTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDMyOTJjMzIwZjg2ZDJiYjQ1N2YzOTMwN2EyNjY5MjM0Mjg4NWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFFPwQFUljm2fwMAnmkqxdnGsflI
u7EDaxNP2EkGqOeP48pC/h7/e+vD7pk/TALaRGyYHshLjR5znzWm1KA/YxTNDlkb
5RDI5DE/t+msKWhxxjltjWYFI0NhJWTZdsZBRCsH0zCDi/V1Q8zoFT09MUqxq+Kq
0sp0vhQbTrhlyKnsAUHehkLZcWhudiJbQHSdozfsH4c5vPpgpdxZRuzbXB5ZLT2/
HKnxQeL5bW9iONOKdMs2JjaTLzLSC305pcv9w+WEYIsmQO85vz3tVecioq9a+9FE
36wuE5T37o1NwQWsWwrGDWnJtGFP1j55mM6PT7oM2q53jXiqqvT3HcfV8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0yksMg+G0rtFfzkweiZpI0KIXSMB8GA1UdIwQY
MBaAFINHlRSVk5fF4/p24epJXo4fbDGbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUt
MWU1ZTQzMGRkNzExLzEvclRLU3d5RDRiU3UwVl9PVEI2Sm1ralFvaGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUtMWU1ZTQzMGRkNzEx
LzEvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVCIMA0G
CSqGSIb3DQEBCwUAA4IBAQB1iXpkjqOXAgjkoD+W9S08lXMQTQRQ/G6pyWwFJITu
J+CfKSaS5CBzpEgVp7lVg0OM/iqDkbqJ2XwT4hrPHR0KEq5FZrhbn1ZDEY0XQyBs
9tcDr6O64gqX4F0vMLIVui7S96rtpjnOFrpAUy8QMUHIkMC9M0FFvieec9qSG7+o
647tIBtbZAbk7ij760nChu5HUoOqTJPPB1x2DXoIEFUIXP0wqq25ZR0SB7us8ozy
PSDW5mfStzNuVS2fnkUGRpBLvmcX9Jjpdd6+0bpJKeEH+yiZlNBrSlJwjL9NfzNh
E3n8fSjQpzWLlnAd4o8Mt/tgRB6UFHxC94hQYd1fFKe1
-----END CERTIFICATE-----