Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/jFuP-GeZY6Z37SVSGqClEWTPyy4.roa
File:                     jFuP-GeZY6Z37SVSGqClEWTPyy4.roa (raw, json)
Hash identifier:          65ZwPuCoL1Qqn8JPgxAd7UOuJekWTxCoLNYfjh3KVJo=
Subject key identifier:   8C:5B:8F:F8:67:99:63:A6:77:ED:25:52:1A:A0:A5:11:64:CF:CB:2E
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       0198C26EE52D4D69B50E020A301AE1C209C4
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/jFuP-GeZY6Z37SVSGqClEWTPyy4.roa
Signing time:             Tue 19 Aug 2025 13:05:04 +0000
ROA not before:           Tue 19 Aug 2025 13:05:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23532
IP address blocks:        45.156.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c2:6e:e5:2d:4d:69:b5:0e:02:0a:30:1a:e1:c2:09:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Aug 19 13:05:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c5b8ff8679963a677ed25521aa0a51164cfcb2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:76:0f:c4:d6:e3:fb:cd:d9:a3:87:b7:b0:e3:
                    85:af:40:19:47:12:7e:6e:5f:bc:8d:0a:dd:47:78:
                    a6:3d:f1:9f:9c:21:e3:94:56:f6:34:20:22:5f:36:
                    d8:7e:a1:6b:7b:de:b8:23:92:34:3d:3e:26:f8:5e:
                    14:7a:06:c3:d5:75:c1:65:12:44:20:cf:73:2d:54:
                    a4:93:d2:25:ee:0a:4a:7d:65:5f:2b:c6:a0:68:f4:
                    23:f2:90:44:d7:ba:3f:5d:b0:a4:30:74:ce:d1:19:
                    6d:13:30:82:92:41:db:81:60:ef:e6:c2:36:75:ec:
                    3b:16:88:1c:20:52:98:ce:de:36:81:f6:64:82:1e:
                    93:bf:dc:97:97:a2:d7:70:c2:17:98:ae:b1:76:3d:
                    d7:14:38:62:d0:72:b2:29:6c:e5:a7:0b:13:ae:dc:
                    a6:a6:67:c2:55:18:01:db:60:fb:56:41:4f:dd:3a:
                    dc:94:d1:3f:8a:93:30:f6:90:45:27:79:ec:d7:17:
                    10:43:f3:ae:96:c4:0b:e9:73:76:ce:61:a3:23:40:
                    6e:f2:8e:ad:68:ff:29:d6:62:11:a5:95:5b:a9:a0:
                    07:24:3f:5e:cb:43:dd:45:96:0c:8b:89:00:ee:c9:
                    77:a3:c6:a3:93:3c:fa:98:d6:90:81:fa:fe:a4:ba:
                    91:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:5B:8F:F8:67:99:63:A6:77:ED:25:52:1A:A0:A5:11:64:CF:CB:2E
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/jFuP-GeZY6Z37SVSGqClEWTPyy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:0c:f9:67:83:cd:5b:bd:b3:e0:de:bc:99:b5:56:ac:8a:95:
         09:53:6e:b0:78:d3:02:67:c4:40:0d:cb:5f:3c:9c:7f:fb:74:
         03:5e:79:63:5a:6a:13:ed:5b:b0:1b:e7:ad:60:a3:47:91:a1:
         8b:cc:e6:6a:7b:b8:25:65:eb:1e:ca:e7:ec:7d:b7:5d:9b:29:
         62:5f:16:75:91:a9:b9:15:35:7e:19:18:21:44:6f:4d:bc:c0:
         65:9c:e2:40:50:4a:53:97:1f:6e:2f:73:e1:5f:f2:13:61:8f:
         a2:fd:da:b7:3e:b2:2f:c5:ad:d5:3c:40:40:0e:de:aa:d6:12:
         07:5a:df:46:6d:ef:20:25:0c:35:95:5f:c3:96:ba:b9:7d:29:
         6b:bf:9d:92:39:1b:67:78:3b:a7:d9:52:f2:a1:2a:55:32:26:
         a1:00:4f:0c:79:ed:8e:04:da:ad:c3:1b:19:9f:da:2c:23:c3:
         8f:e1:f5:2d:3b:bb:d9:8d:d2:50:4f:bc:fc:5e:f4:94:66:be:
         a1:5c:13:6e:2f:d5:fb:76:cb:8c:4e:a3:7f:d9:d4:da:a0:56:
         52:b0:1b:79:44:a4:9d:86:79:78:69:82:0d:0a:7f:46:01:28:
         37:f0:74:6a:93:72:1a:dc:a3:ac:95:d8:e4:61:75:23:ec:2e:
         f8:58:f1:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjCbuUtTWm1DgIKMBrhwgnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjUwODE5MTMwNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzViOGZmODY3OTk2M2E2NzdlZDI1NTIxYWEwYTUxMTY0Y2ZjYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3YPxNbj+83Zo4e3sOOFr0AZRxJ+
bl+8jQrdR3imPfGfnCHjlFb2NCAiXzbYfqFre964I5I0PT4m+F4UegbD1XXBZRJE
IM9zLVSkk9Il7gpKfWVfK8agaPQj8pBE17o/XbCkMHTO0RltEzCCkkHbgWDv5sI2
dew7FogcIFKYzt42gfZkgh6Tv9yXl6LXcMIXmK6xdj3XFDhi0HKyKWzlpwsTrtym
pmfCVRgB22D7VkFP3TrclNE/ipMw9pBFJ3ns1xcQQ/OulsQL6XN2zmGjI0Bu8o6t
aP8p1mIRpZVbqaAHJD9ey0PdRZYMi4kA7sl3o8ajkzz6mNaQgfr+pLqRrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxbj/hnmWOmd+0lUhqgpRFkz8suMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvakZ1UC1HZVpZNlozN1NWU0dxQ2xFV1RQeXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyTMA0G
CSqGSIb3DQEBCwUAA4IBAQBdDPlng81bvbPg3ryZtVasipUJU26weNMCZ8RADctf
PJx/+3QDXnljWmoT7VuwG+etYKNHkaGLzOZqe7glZeseyufsfbddmyliXxZ1kam5
FTV+GRghRG9NvMBlnOJAUEpTlx9uL3PhX/ITYY+i/dq3PrIvxa3VPEBADt6q1hIH
Wt9Gbe8gJQw1lV/Dlrq5fSlrv52SORtneDun2VLyoSpVMiahAE8Mee2OBNqtwxsZ
n9osI8OP4fUtO7vZjdJQT7z8XvSUZr6hXBNuL9X7dsuMTqN/2dTaoFZSsBt5RKSd
hnl4aYINCn9GASg38HRqk3Ia3KOsldjkYXUj7C74WPEx
-----END CERTIFICATE-----