Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0kjuRFHc_FgZItdBJLN8L-SCxWQ.roa
File:                     0kjuRFHc_FgZItdBJLN8L-SCxWQ.roa (raw, json)
Hash identifier:          6n4xkXo5NgXzrtv60QRF9dCj104+qluLeVcxTEwOfHc=
Subject key identifier:   D2:48:EE:44:51:DC:FC:58:19:22:D7:41:24:B3:7C:2F:E4:82:C5:64
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0198D2738BE06103C7E94DBF88677475DD25
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0kjuRFHc_FgZItdBJLN8L-SCxWQ.roa
Signing time:             Fri 22 Aug 2025 15:44:04 +0000
ROA not before:           Fri 22 Aug 2025 15:44:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42946
IP address blocks:        195.58.41.0/24 maxlen: 24
                          195.58.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d2:73:8b:e0:61:03:c7:e9:4d:bf:88:67:74:75:dd:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 22 15:44:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d248ee4451dcfc581922d74124b37c2fe482c564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:06:f6:28:22:f2:df:88:d8:9d:18:a0:31:1e:
                    54:88:54:64:86:c9:23:09:2e:3b:15:34:1e:9d:9f:
                    55:48:4c:8b:71:27:da:51:58:7c:9f:c1:12:88:1e:
                    da:64:03:27:5e:a7:33:9e:47:36:17:9c:6d:af:1d:
                    04:8e:b4:da:ed:97:68:eb:93:d4:7e:61:3f:ad:c9:
                    e8:60:bc:b6:8d:93:05:0b:62:6e:eb:b1:cf:ce:05:
                    53:0d:40:d9:9a:b2:39:c7:76:f5:35:29:11:23:92:
                    ae:13:6d:d9:da:01:6c:0b:1b:0b:bf:6f:d8:97:12:
                    59:2e:e3:0c:db:47:87:57:b2:e8:37:f9:72:81:4f:
                    b7:5f:d3:bf:19:d3:e4:c3:20:da:8c:99:be:32:9b:
                    3b:3e:76:85:b8:20:bf:d5:6b:98:c0:55:7c:8d:3a:
                    a9:5e:2a:51:e8:03:b0:0d:82:d4:a0:fb:2d:69:3f:
                    b3:12:18:d1:a7:ee:af:79:2b:70:3b:e4:29:89:38:
                    df:0f:ab:9d:62:f3:d4:d0:e6:03:4a:9a:24:77:df:
                    22:aa:d8:c6:4e:54:d1:41:ef:0b:b8:27:4c:b8:24:
                    59:01:2e:dd:b0:0b:d6:a7:48:b1:9f:86:ba:4c:f9:
                    30:8f:b0:2a:dc:41:21:84:12:da:b6:e3:82:20:40:
                    b5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:48:EE:44:51:DC:FC:58:19:22:D7:41:24:B3:7C:2F:E4:82:C5:64
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0kjuRFHc_FgZItdBJLN8L-SCxWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.41.0/24
                  195.58.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:eb:d4:d5:1d:ec:d5:c4:13:17:43:c3:90:fd:a3:77:fd:bf:
         71:77:9f:d0:48:55:ce:05:56:a5:db:8b:c4:7d:ba:75:7d:28:
         fd:3c:75:36:e6:e9:a1:eb:0f:08:de:c0:eb:c6:e5:4d:e5:06:
         d7:50:4b:0e:9b:20:58:91:bc:a0:c7:24:e2:8f:17:29:a0:0f:
         35:36:e9:bf:29:61:fa:cd:07:a6:42:43:a1:83:65:8c:c3:9d:
         83:e4:ff:e0:50:ed:70:6d:24:96:55:9f:f5:fc:43:b0:10:fc:
         c2:e3:cc:f8:19:91:86:2a:62:b8:78:e7:cc:cd:bc:85:82:62:
         0f:f0:d4:a2:2d:2e:1f:92:7f:f2:3b:de:d6:2d:4d:14:95:3e:
         43:96:6d:30:06:05:ae:b6:7a:30:29:fe:e0:3d:0b:c8:59:3c:
         3b:e5:39:2f:f4:3d:36:21:f9:ff:7b:7d:03:2e:bc:43:f9:01:
         c1:e6:cc:f6:32:53:1f:57:60:b4:1c:62:8d:a2:78:45:78:80:
         95:9f:fe:6b:6f:b8:c4:a3:82:b8:83:07:1a:f2:ba:86:3b:a1:
         9b:f3:69:e6:75:3e:a7:33:18:4a:39:d0:67:60:e6:0c:a7:a9:
         36:1c:e4:d7:60:fa:f2:d5:d3:e4:4d:67:16:04:ea:e2:72:20:
         c8:c0:8f:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjSc4vgYQPH6U2/iGd0dd0lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwODIyMTU0NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQ4ZWU0NDUxZGNmYzU4MTkyMmQ3NDEyNGIzN2MyZmU0ODJjNTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAb2KCLy34jYnRigMR5UiFRkhskj
CS47FTQenZ9VSEyLcSfaUVh8n8ESiB7aZAMnXqcznkc2F5xtrx0EjrTa7Zdo65PU
fmE/rcnoYLy2jZMFC2Ju67HPzgVTDUDZmrI5x3b1NSkRI5KuE23Z2gFsCxsLv2/Y
lxJZLuMM20eHV7LoN/lygU+3X9O/GdPkwyDajJm+Mps7PnaFuCC/1WuYwFV8jTqp
XipR6AOwDYLUoPstaT+zEhjRp+6veStwO+QpiTjfD6udYvPU0OYDSpokd98iqtjG
TlTRQe8LuCdMuCRZAS7dsAvWp0ixn4a6TPkwj7Aq3EEhhBLatuOCIEC1RwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNJI7kRR3PxYGSLXQSSzfC/kgsVkMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMGtqdVJGSGNfRmdaSXRkQkpMTjhMLVNDeFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwzopAwQA
wzouMA0GCSqGSIb3DQEBCwUAA4IBAQA269TVHezVxBMXQ8OQ/aN3/b9xd5/QSFXO
BVal24vEfbp1fSj9PHU25umh6w8I3sDrxuVN5QbXUEsOmyBYkbygxyTijxcpoA81
Num/KWH6zQemQkOhg2WMw52D5P/gUO1wbSSWVZ/1/EOwEPzC48z4GZGGKmK4eOfM
zbyFgmIP8NSiLS4fkn/yO97WLU0UlT5Dlm0wBgWutnowKf7gPQvIWTw75Tkv9D02
Ifn/e30DLrxD+QHB5sz2MlMfV2C0HGKNonhFeICVn/5rb7jEo4K4gwca8rqGO6Gb
82nmdT6nMxhKOdBnYOYMp6k2HOTXYPry1dPkTWcWBOriciDIwI9z
-----END CERTIFICATE-----