Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/445c48-1238-450d-80c4-6b5239779d8a/1/TRwuVLW4klZRmD-yk2-fscrFudk.roa
File:                     TRwuVLW4klZRmD-yk2-fscrFudk.roa (raw, json)
Hash identifier:          4oIJHQETV5zvQ/SAaoMsWRc5+etxaluBpp2HxMv8sfc=
Subject key identifier:   4D:1C:2E:54:B5:B8:92:56:51:98:3F:B2:93:6F:9F:B1:CA:C5:B9:D9
Certificate issuer:       /CN=34223e0da92d6a95c0e5e2b2f9a8da9958a74f36
Certificate serial:       0196621882489AC699998E6A90DBA53B9DA3
Authority key identifier: 34:22:3E:0D:A9:2D:6A:95:C0:E5:E2:B2:F9:A8:DA:99:58:A7:4F:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NCI-DaktapXA5eKy-ajamVinTzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/445c48-1238-450d-80c4-6b5239779d8a/1/TRwuVLW4klZRmD-yk2-fscrFudk.roa
Signing time:             Wed 23 Apr 2025 10:01:35 +0000
ROA not before:           Wed 23 Apr 2025 10:01:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211112
IP address blocks:        46.174.142.0/23 maxlen: 24
                          2a14:d580::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/445c48-1238-450d-80c4-6b5239779d8a/1/NCI-DaktapXA5eKy-ajamVinTzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/445c48-1238-450d-80c4-6b5239779d8a/1/NCI-DaktapXA5eKy-ajamVinTzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NCI-DaktapXA5eKy-ajamVinTzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:18:82:48:9a:c6:99:99:8e:6a:90:db:a5:3b:9d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34223e0da92d6a95c0e5e2b2f9a8da9958a74f36
        Validity
            Not Before: Apr 23 10:01:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d1c2e54b5b8925651983fb2936f9fb1cac5b9d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ae:4f:d3:ef:af:38:8f:93:23:11:54:5f:be:
                    34:41:93:ad:fb:06:14:7a:16:2b:93:57:07:c1:b2:
                    9a:a9:14:f7:ca:58:76:da:8c:5c:40:70:ad:0b:6e:
                    6c:8a:4d:59:3e:7f:65:03:4e:7d:8f:fb:a1:75:b7:
                    e5:d1:f9:b5:99:5b:50:82:73:6d:67:f3:ae:e1:6a:
                    31:67:7b:fb:83:a1:db:29:48:6e:78:04:c0:dc:03:
                    b3:0e:b4:b4:18:48:7f:72:79:d2:98:72:d7:d9:29:
                    ca:87:04:05:0d:a9:c5:43:32:47:c1:81:f2:92:5e:
                    e8:9c:1b:f5:9d:58:87:ea:5c:f4:37:4f:29:f8:59:
                    09:8b:78:21:36:10:90:31:f1:b5:c8:2a:c9:51:a7:
                    1c:a5:a2:9a:fb:fd:3a:c7:9a:5f:d0:a0:ff:d2:fa:
                    15:6d:d6:5a:0a:e3:ca:1f:6e:17:10:7c:d1:6d:92:
                    71:df:f5:bc:56:c7:1a:86:95:54:2e:b1:51:9e:27:
                    ae:5c:4f:d8:25:3e:95:9d:55:5b:c5:fc:80:1f:72:
                    db:6d:5c:16:9a:56:90:01:ca:32:37:49:71:aa:cb:
                    13:1d:64:a0:f8:7d:08:79:68:85:9f:85:14:c2:14:
                    9a:cc:c6:9e:9d:1b:88:de:c7:ca:f8:ca:84:dc:94:
                    99:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:1C:2E:54:B5:B8:92:56:51:98:3F:B2:93:6F:9F:B1:CA:C5:B9:D9
            X509v3 Authority Key Identifier:
                keyid:34:22:3E:0D:A9:2D:6A:95:C0:E5:E2:B2:F9:A8:DA:99:58:A7:4F:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NCI-DaktapXA5eKy-ajamVinTzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/445c48-1238-450d-80c4-6b5239779d8a/1/TRwuVLW4klZRmD-yk2-fscrFudk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/445c48-1238-450d-80c4-6b5239779d8a/1/NCI-DaktapXA5eKy-ajamVinTzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.142.0/23
                IPv6:
                  2a14:d580::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:60:bc:77:61:34:cf:b5:1a:f2:82:40:ce:82:6f:3c:53:ad:
         52:b7:67:f1:6a:ec:81:9c:80:4b:82:8f:92:10:32:07:a4:d8:
         c1:26:d0:53:83:31:d2:65:9c:5b:72:a5:b3:52:38:16:c3:1d:
         7f:6c:d7:88:86:19:55:05:16:3b:5f:04:1c:3c:ff:ba:1b:ef:
         b5:9e:05:cf:7f:3e:39:40:14:37:0e:cd:38:6f:d0:e2:1b:4f:
         2e:0d:1b:bd:39:ec:77:bd:88:eb:13:ed:4d:89:ed:de:40:fe:
         d0:87:fb:f2:30:6b:2f:f3:a8:54:ca:ee:6a:d5:b5:24:1a:c2:
         63:13:3a:f2:51:34:37:52:bf:c4:92:fb:40:bd:a0:be:48:44:
         0c:f0:c8:5b:1f:c0:c9:10:ae:92:46:d0:1e:fc:b0:65:e9:99:
         b0:f1:c7:a1:44:0d:6e:ec:35:81:43:6d:0e:ae:d3:89:35:cd:
         fd:d9:d9:38:9f:59:7e:68:05:dc:1d:56:08:af:0f:0a:5a:b9:
         cb:67:01:27:0a:ed:e5:90:aa:18:e9:5d:25:26:74:68:ee:ed:
         3d:9c:b9:18:43:26:28:fc:50:bc:32:84:d7:37:3f:5b:76:82:
         88:f4:85:1b:55:a6:c9:6b:b2:3d:a1:d5:20:b2:a8:c2:bb:27:
         ae:e3:9e:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZiGIJImsaZmY5qkNulO52jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MjIzZTBkYTkyZDZhOTVjMGU1ZTJiMmY5YThkYTk5NThh
NzRmMzYwHhcNMjUwNDIzMTAwMTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDFjMmU1NGI1Yjg5MjU2NTE5ODNmYjI5MzZmOWZiMWNhYzViOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApK5P0++vOI+TIxFUX740QZOt+wYU
ehYrk1cHwbKaqRT3ylh22oxcQHCtC25sik1ZPn9lA059j/uhdbfl0fm1mVtQgnNt
Z/Ou4WoxZ3v7g6HbKUhueATA3AOzDrS0GEh/cnnSmHLX2SnKhwQFDanFQzJHwYHy
kl7onBv1nViH6lz0N08p+FkJi3ghNhCQMfG1yCrJUaccpaKa+/06x5pf0KD/0voV
bdZaCuPKH24XEHzRbZJx3/W8VscahpVULrFRnieuXE/YJT6VnVVbxfyAH3LbbVwW
mlaQAcoyN0lxqssTHWSg+H0IeWiFn4UUwhSazMaenRuI3sfK+MqE3JSZxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE0cLlS1uJJWUZg/spNvn7HKxbnZMB8GA1UdIwQY
MBaAFDQiPg2pLWqVwOXisvmo2plYp082MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkNJLURha3RhcFhBNWVLeS1hamFtVmluVHpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS80NDVjNDgtMTIzOC00NTBkLTgwYzQt
NmI1MjM5Nzc5ZDhhLzEvVFJ3dVZMVzRrbFpSbUQteWsyLWZzY3JGdWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS80NDVjNDgtMTIzOC00NTBkLTgwYzQtNmI1MjM5Nzc5ZDhh
LzEvTkNJLURha3RhcFhBNWVLeS1hamFtVmluVHpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLq6OMA0E
AgACMAcDBQAqFNWAMA0GCSqGSIb3DQEBCwUAA4IBAQBuYLx3YTTPtRrygkDOgm88
U61St2fxauyBnIBLgo+SEDIHpNjBJtBTgzHSZZxbcqWzUjgWwx1/bNeIhhlVBRY7
XwQcPP+6G++1ngXPfz45QBQ3Ds04b9DiG08uDRu9Oex3vYjrE+1Nie3eQP7Qh/vy
MGsv86hUyu5q1bUkGsJjEzryUTQ3Ur/EkvtAvaC+SEQM8MhbH8DJEK6SRtAe/LBl
6Zmw8cehRA1u7DWBQ20OrtOJNc392dk4n1l+aAXcHVYIrw8KWrnLZwEnCu3lkKoY
6V0lJnRo7u09nLkYQyYo/FC8MoTXNz9bdoKI9IUbVabJa7I9odUgsqjCuyeu4566
-----END CERTIFICATE-----