Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ef56d2-632e-4816-a9ca-ab45e60071e2/1/kNzmfkRSfsPZfyUkp0lW7AHAG-c.roa
File:                     kNzmfkRSfsPZfyUkp0lW7AHAG-c.roa (raw, json)
Hash identifier:          P6poTIVQZa8F+UuuStCgTYtjT3XTXjtd8ThSIr53awM=
Subject key identifier:   90:DC:E6:7E:44:52:7E:C3:D9:7F:25:24:A7:49:56:EC:01:C0:1B:E7
Certificate issuer:       /CN=48559018adff16eadf5551b2cb74d8f6860cd044
Certificate serial:       0196D3C5148F7B74E31F01D836E4447B92E2
Authority key identifier: 48:55:90:18:AD:FF:16:EA:DF:55:51:B2:CB:74:D8:F6:86:0C:D0:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SFWQGK3_FurfVVGyy3TY9oYM0EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ef56d2-632e-4816-a9ca-ab45e60071e2/1/kNzmfkRSfsPZfyUkp0lW7AHAG-c.roa
Signing time:             Thu 15 May 2025 11:47:10 +0000
ROA not before:           Thu 15 May 2025 11:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        45.10.4.0/22 maxlen: 24
                          91.202.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ef56d2-632e-4816-a9ca-ab45e60071e2/1/SFWQGK3_FurfVVGyy3TY9oYM0EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ef56d2-632e-4816-a9ca-ab45e60071e2/1/SFWQGK3_FurfVVGyy3TY9oYM0EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SFWQGK3_FurfVVGyy3TY9oYM0EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:c5:14:8f:7b:74:e3:1f:01:d8:36:e4:44:7b:92:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48559018adff16eadf5551b2cb74d8f6860cd044
        Validity
            Not Before: May 15 11:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90dce67e44527ec3d97f2524a74956ec01c01be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d4:c8:80:dc:ed:de:f8:d7:fa:94:66:84:85:
                    d0:d8:28:2f:a4:4c:9a:6d:d4:62:c7:ff:1d:89:af:
                    58:52:41:90:ed:c0:3a:80:3c:13:27:b7:6d:6a:d5:
                    d0:85:a2:dc:42:80:9e:64:ab:87:06:81:24:3f:30:
                    3a:f4:04:3c:c9:24:95:cf:f5:91:86:49:11:5d:62:
                    14:d0:04:24:ff:50:a9:2c:e7:9d:55:db:8d:76:a4:
                    5b:2f:f3:1f:ae:e8:7e:56:fe:bf:ec:fa:f7:8e:4e:
                    a3:53:23:87:db:e2:eb:38:d6:f8:63:fe:b3:ef:6c:
                    53:8c:18:76:3d:94:ad:00:39:a0:26:d0:cd:82:c9:
                    a6:76:d7:f1:c2:2e:52:0e:09:7a:38:02:11:a0:6d:
                    eb:53:78:29:5f:12:a6:79:d9:27:84:c8:3d:1c:fe:
                    9c:f2:3f:fb:c0:f5:eb:fb:dc:81:74:69:01:91:e7:
                    25:94:c8:29:b0:5a:f1:08:b4:bd:ec:ce:46:ef:17:
                    50:05:9c:a9:c5:11:c6:7f:39:8e:ec:6a:f7:53:c4:
                    d2:43:c8:0f:8e:7c:7b:3c:5f:56:57:c4:2f:b8:a3:
                    14:9d:61:5a:7d:23:52:e2:bf:c4:03:5c:17:3c:19:
                    cc:cc:6d:8e:35:54:3d:9d:31:e0:84:a3:eb:20:c8:
                    e9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:DC:E6:7E:44:52:7E:C3:D9:7F:25:24:A7:49:56:EC:01:C0:1B:E7
            X509v3 Authority Key Identifier:
                keyid:48:55:90:18:AD:FF:16:EA:DF:55:51:B2:CB:74:D8:F6:86:0C:D0:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SFWQGK3_FurfVVGyy3TY9oYM0EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ef56d2-632e-4816-a9ca-ab45e60071e2/1/kNzmfkRSfsPZfyUkp0lW7AHAG-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ef56d2-632e-4816-a9ca-ab45e60071e2/1/SFWQGK3_FurfVVGyy3TY9oYM0EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.4.0/22
                  91.202.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c3:b9:13:dd:bc:a6:15:00:5a:73:dc:6e:29:f8:fe:87:3b:09:
         f1:44:f3:7e:44:2d:6a:03:1c:7e:0a:a9:97:90:34:1a:68:d9:
         54:b0:d2:b4:e8:44:f3:a6:7d:19:97:28:90:17:da:30:63:71:
         c3:d1:62:a7:22:f5:fe:16:3c:3d:60:0b:57:f2:22:0d:c2:7f:
         98:6f:8b:3b:26:df:08:7b:ea:74:a7:4c:95:63:9b:18:e5:31:
         a5:a7:b3:b4:37:af:e5:cc:c3:ce:92:de:28:24:e3:5f:9f:d1:
         98:ac:82:f1:a6:ed:08:98:8c:f6:6e:05:63:e0:06:a8:31:73:
         95:d1:a0:95:ee:eb:52:f0:fa:a3:a9:55:46:e2:51:65:b9:de:
         a1:62:66:30:db:39:c8:d0:d8:d9:e5:7e:04:df:1e:20:7b:21:
         75:39:e5:52:0c:8d:c3:2e:0e:e5:17:54:ef:ee:3b:e7:8b:28:
         dd:68:46:48:16:9f:54:6a:82:ee:92:10:a6:62:13:57:fe:99:
         d2:ee:57:a0:c7:74:da:25:4a:77:0f:0c:c6:e8:ca:5a:21:26:
         31:86:8d:25:1e:61:13:a6:43:e2:fc:7f:bb:43:a9:03:0b:69:
         fd:2d:b6:38:a9:52:19:df:c1:7c:02:76:d3:6a:f9:13:72:f2:
         29:64:cf:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbTxRSPe3TjHwHYNuREe5LiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NTU5MDE4YWRmZjE2ZWFkZjU1NTFiMmNiNzRkOGY2ODYw
Y2QwNDQwHhcNMjUwNTE1MTE0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGRjZTY3ZTQ0NTI3ZWMzZDk3ZjI1MjRhNzQ5NTZlYzAxYzAxYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tTIgNzt3vjX+pRmhIXQ2CgvpEya
bdRix/8dia9YUkGQ7cA6gDwTJ7dtatXQhaLcQoCeZKuHBoEkPzA69AQ8ySSVz/WR
hkkRXWIU0AQk/1CpLOedVduNdqRbL/Mfruh+Vv6/7Pr3jk6jUyOH2+LrONb4Y/6z
72xTjBh2PZStADmgJtDNgsmmdtfxwi5SDgl6OAIRoG3rU3gpXxKmedknhMg9HP6c
8j/7wPXr+9yBdGkBkecllMgpsFrxCLS97M5G7xdQBZypxRHGfzmO7Gr3U8TSQ8gP
jnx7PF9WV8QvuKMUnWFafSNS4r/EA1wXPBnMzG2ONVQ9nTHghKPrIMjpLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJDc5n5EUn7D2X8lJKdJVuwBwBvnMB8GA1UdIwQY
MBaAFEhVkBit/xbq31VRsst02PaGDNBEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0ZXUUdLM19GdXJmVlZHeXkzVFk5b1lNMEVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lZjU2ZDItNjMyZS00ODE2LWE5Y2Et
YWI0NWU2MDA3MWUyLzEva056bWZrUlNmc1BaZnlVa3AwbFc3QUhBRy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lZjU2ZDItNjMyZS00ODE2LWE5Y2EtYWI0NWU2MDA3MWUy
LzEvU0ZXUUdLM19GdXJmVlZHeXkzVFk5b1lNMEVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLQoEAwQC
W8q8MA0GCSqGSIb3DQEBCwUAA4IBAQDDuRPdvKYVAFpz3G4p+P6HOwnxRPN+RC1q
Axx+CqmXkDQaaNlUsNK06ETzpn0ZlyiQF9owY3HD0WKnIvX+Fjw9YAtX8iINwn+Y
b4s7Jt8Ie+p0p0yVY5sY5TGlp7O0N6/lzMPOkt4oJONfn9GYrILxpu0ImIz2bgVj
4AaoMXOV0aCV7utS8PqjqVVG4lFlud6hYmYw2znI0NjZ5X4E3x4geyF1OeVSDI3D
Lg7lF1Tv7jvniyjdaEZIFp9UaoLukhCmYhNX/pnS7legx3TaJUp3DwzG6MpaISYx
ho0lHmETpkPi/H+7Q6kDC2n9LbY4qVIZ38F8AnbTavkTcvIpZM/W
-----END CERTIFICATE-----