Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/PVMrmWPj6xeO81TIrGdGojLfBCM.roa
File:                     PVMrmWPj6xeO81TIrGdGojLfBCM.roa (raw, json)
Hash identifier:          +TVDRsngs5DpdDV0cFt/8whEZuvxNf/J3lukorloTuc=
Subject key identifier:   3D:53:2B:99:63:E3:EB:17:8E:F3:54:C8:AC:67:46:A2:32:DF:04:23
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       019996595D9725A4FE49698C060B0578D991
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/PVMrmWPj6xeO81TIrGdGojLfBCM.roa
Signing time:             Mon 29 Sep 2025 16:41:02 +0000
ROA not before:           Mon 29 Sep 2025 16:41:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.85.13.0/24 maxlen: 24
                          45.85.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Oct 2025 20:35:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:96:59:5d:97:25:a4:fe:49:69:8c:06:0b:05:78:d9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Sep 29 16:41:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d532b9963e3eb178ef354c8ac6746a232df0423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:48:7c:1b:2b:ef:eb:ed:16:04:b7:de:bf:d8:
                    1b:3e:77:16:cc:d8:10:4d:b5:c8:62:fc:ef:5a:49:
                    cd:e6:bd:c8:96:15:9b:b0:5f:65:2f:58:eb:07:8f:
                    c2:15:f3:e9:e1:3e:a5:e0:1e:2b:0c:41:54:7b:17:
                    b2:0a:69:e4:b7:85:f2:48:f9:eb:1e:18:0a:d8:27:
                    ae:33:84:9d:f7:ae:33:c9:e6:f6:9e:05:7a:bb:c0:
                    c9:17:00:e5:8c:dd:9e:14:14:64:90:61:f4:5e:8a:
                    51:39:44:56:b9:3f:1c:22:cf:c9:ff:cc:de:e2:32:
                    05:fd:b2:0c:cf:43:dd:21:0b:c1:a4:40:44:1e:45:
                    06:b7:8e:b1:f6:a9:07:60:96:24:c3:36:f0:85:07:
                    e3:f1:49:0a:49:87:99:2a:eb:a5:0e:28:24:f5:42:
                    be:88:24:2b:34:cb:53:52:ef:3b:ba:1e:a9:c1:ad:
                    7e:75:e0:2d:2a:b5:5a:d5:ae:01:4e:c2:cc:b5:05:
                    39:e7:83:d0:5c:fe:d6:d1:54:b8:cc:45:36:d2:7a:
                    fe:cc:76:c6:88:45:3a:a8:73:b6:28:b7:9a:c5:83:
                    ad:06:9d:43:77:d4:20:40:e5:cf:c1:ca:f1:66:a4:
                    5b:b3:7b:b0:97:e4:77:1b:4d:6a:24:4a:ac:9a:79:
                    8a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:53:2B:99:63:E3:EB:17:8E:F3:54:C8:AC:67:46:A2:32:DF:04:23
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/PVMrmWPj6xeO81TIrGdGojLfBCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.13.0-45.85.14.255

    Signature Algorithm: sha256WithRSAEncryption
         0b:07:f3:f1:aa:6c:b2:14:40:7c:15:cb:2c:4d:49:52:f9:c9:
         27:c6:1c:e1:97:57:bd:0f:a2:60:de:ed:6c:a1:76:15:0b:cb:
         93:46:7d:5d:76:4c:17:9b:09:aa:85:a3:23:7b:85:05:0b:c9:
         c3:05:d0:50:f4:02:34:7b:a6:a6:4d:b5:ed:3f:a4:45:31:36:
         d7:31:65:15:aa:60:f9:1e:0f:b6:94:9d:5d:bc:a1:3d:55:f1:
         0b:8a:11:42:53:cd:74:d2:21:b4:24:e3:eb:db:b0:36:a8:3b:
         08:0e:7a:4b:d3:ce:e7:73:83:db:93:f5:53:aa:ce:c1:67:e7:
         92:1d:97:eb:0b:77:9d:14:31:a3:20:1f:fa:22:97:de:b3:84:
         c8:a1:d2:6e:80:67:f8:54:02:0c:98:5b:41:16:79:3f:36:fe:
         82:f6:a0:99:4a:aa:ad:cd:2c:c5:db:a9:c6:ac:39:b6:2b:5f:
         1c:b1:4f:78:d4:7e:71:d8:48:e4:25:ee:f6:69:e9:b7:5c:5a:
         e2:e9:47:31:a8:40:9c:b1:62:79:5b:34:80:ea:4b:d6:ec:bb:
         65:b8:02:76:03:0c:25:61:c4:ed:5e:d6:19:99:66:6e:88:4f:
         a5:64:26:d5:e0:07:97:65:04:0c:09:fc:5c:e9:1c:fe:30:e7:
         42:64:fc:72
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZmWWV2XJaT+SWmMBgsFeNmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjUwOTI5MTY0MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDUzMmI5OTYzZTNlYjE3OGVmMzU0YzhhYzY3NDZhMjMyZGYwNDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0h8Gyvv6+0WBLfev9gbPncWzNgQ
TbXIYvzvWknN5r3IlhWbsF9lL1jrB4/CFfPp4T6l4B4rDEFUexeyCmnkt4XySPnr
HhgK2CeuM4Sd964zyeb2ngV6u8DJFwDljN2eFBRkkGH0XopROURWuT8cIs/J/8ze
4jIF/bIMz0PdIQvBpEBEHkUGt46x9qkHYJYkwzbwhQfj8UkKSYeZKuulDigk9UK+
iCQrNMtTUu87uh6pwa1+deAtKrVa1a4BTsLMtQU554PQXP7W0VS4zEU20nr+zHbG
iEU6qHO2KLeaxYOtBp1Dd9QgQOXPwcrxZqRbs3uwl+R3G01qJEqsmnmKAwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD1TK5lj4+sXjvNUyKxnRqIy3wQjMB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEvUFZNcm1XUGo2eGVPODFUSXJHZEdvakxmQkNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtVQ0D
BAAtVQ4wDQYJKoZIhvcNAQELBQADggEBAAsH8/GqbLIUQHwVyyxNSVL5ySfGHOGX
V70PomDe7WyhdhULy5NGfV12TBebCaqFoyN7hQULycMF0FD0AjR7pqZNte0/pEUx
NtcxZRWqYPkeD7aUnV28oT1V8QuKEUJTzXTSIbQk4+vbsDaoOwgOekvTzudzg9uT
9VOqzsFn55Idl+sLd50UMaMgH/oil96zhMih0m6AZ/hUAgyYW0EWeT82/oL2oJlK
qq3NLMXbqcasObYrXxyxT3jUfnHYSOQl7vZp6bdcWuLpRzGoQJyxYnlbNIDqS9bs
u2W4AnYDDCVhxO1e1hmZZm6IT6VkJtXgB5dlBAwJ/FzpHP4w50Jk/HI=
-----END CERTIFICATE-----