Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/7kOLb5agTvJNiZmHbg7oPOSBoq0.roa
File:                     7kOLb5agTvJNiZmHbg7oPOSBoq0.roa (raw, json)
Hash identifier:          0jza8HkowMAhNdk3rHbioNC6hwm48YtOGKmOL8x2OVw=
Subject key identifier:   EE:43:8B:6F:96:A0:4E:F2:4D:89:99:87:6E:0E:E8:3C:E4:81:A2:AD
Certificate issuer:       /CN=411a2a9405bda1671c10776f4426273c904e4ad0
Certificate serial:       0198CBAAC9C8BC74E1D1EA4852DB1939923D
Authority key identifier: 41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/7kOLb5agTvJNiZmHbg7oPOSBoq0.roa
Signing time:             Thu 21 Aug 2025 08:07:04 +0000
ROA not before:           Thu 21 Aug 2025 08:07:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.11.252.0/24 maxlen: 24
                          45.11.253.0/24 maxlen: 24
                          45.11.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:aa:c9:c8:bc:74:e1:d1:ea:48:52:db:19:39:92:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411a2a9405bda1671c10776f4426273c904e4ad0
        Validity
            Not Before: Aug 21 08:07:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee438b6f96a04ef24d8999876e0ee83ce481a2ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:91:c1:bd:11:df:9c:23:3c:b1:28:99:98:6b:
                    7a:0e:27:b1:28:57:d2:39:c5:5c:a4:b8:1e:26:3c:
                    53:d2:c1:08:47:4c:9d:dd:ae:54:be:7d:96:be:a5:
                    fe:ee:df:59:a9:f1:0b:34:ba:36:ea:9c:83:ae:09:
                    87:83:47:58:ab:d6:ee:0f:8e:1f:fa:d8:96:82:65:
                    e4:12:17:ea:6c:83:83:0b:2d:a4:a1:ff:9b:0d:a7:
                    3b:5e:a8:2c:67:a7:79:6b:ec:3d:01:15:a5:52:4b:
                    5e:39:b4:86:70:db:55:a2:01:89:ca:dc:f2:ae:c0:
                    41:61:10:b4:66:0e:0d:87:05:64:2e:9e:05:57:79:
                    7b:4f:d0:15:8e:63:03:7b:ae:a6:31:3f:04:6a:40:
                    3a:71:09:3d:41:c3:0f:a9:a0:87:87:49:d3:6b:b7:
                    93:b4:7f:7e:40:63:3d:61:32:19:5e:bf:4e:43:b0:
                    e6:18:0d:bc:8f:b8:c6:fd:34:e2:97:1e:ea:62:c6:
                    40:cf:a9:9d:58:f8:45:6e:9d:19:10:02:1c:3c:90:
                    7e:e2:a0:1d:f5:0a:6e:e3:45:ee:69:24:a3:ac:62:
                    02:a6:b5:ed:6b:b3:da:52:d8:20:bb:2a:dc:eb:7e:
                    26:34:90:f3:cc:38:7a:9d:90:97:fe:68:ad:a3:1b:
                    ef:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:43:8B:6F:96:A0:4E:F2:4D:89:99:87:6E:0E:E8:3C:E4:81:A2:AD
            X509v3 Authority Key Identifier:
                keyid:41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/7kOLb5agTvJNiZmHbg7oPOSBoq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.252.0/23
                  45.11.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:d4:b8:8c:74:2a:21:ec:25:0b:a4:9a:09:33:75:9f:e7:05:
         06:27:19:dd:41:18:ec:cb:59:45:ca:b6:21:e4:3b:4f:c1:ef:
         36:26:55:85:e0:69:b9:e7:20:9a:89:5d:28:33:17:d3:c3:6e:
         61:be:84:bf:45:08:87:6b:86:8f:a0:3c:f3:90:13:a2:16:b1:
         db:d7:42:98:13:83:51:72:40:f3:d2:56:a7:e2:11:dc:1c:c9:
         89:2e:3b:73:0d:00:ae:80:44:c7:61:05:7c:89:fb:c4:98:a4:
         53:4e:dd:bd:fb:22:8f:18:5b:32:c6:9f:b8:39:55:ba:2a:b5:
         05:77:8c:32:45:43:bb:b3:e1:29:66:ca:83:89:c8:75:79:b8:
         2b:66:ce:12:47:a0:a0:1d:47:a2:55:6c:29:2b:f1:5c:40:22:
         d4:ab:40:45:bd:cd:85:9d:90:1e:b3:5d:c8:0a:22:b0:0e:27:
         cd:7a:32:42:b9:aa:2a:21:32:c8:13:3b:e8:f9:96:b1:77:a0:
         75:e8:74:b6:77:98:e3:c8:4b:24:25:20:9a:70:9b:7c:50:4e:
         c9:88:96:6a:7a:cd:17:1b:ee:28:78:e4:1b:da:ca:b3:89:52:
         77:87:9b:36:a4:80:3e:95:6d:6f:f0:91:88:37:3e:19:e3:ae:
         d0:61:cb:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjLqsnIvHTh0epIUtsZOZI9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWEyYTk0MDViZGExNjcxYzEwNzc2ZjQ0MjYyNzNjOTA0
ZTRhZDAwHhcNMjUwODIxMDgwNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTQzOGI2Zjk2YTA0ZWYyNGQ4OTk5ODc2ZTBlZTgzY2U0ODFhMmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJHBvRHfnCM8sSiZmGt6DiexKFfS
OcVcpLgeJjxT0sEIR0yd3a5Uvn2WvqX+7t9ZqfELNLo26pyDrgmHg0dYq9buD44f
+tiWgmXkEhfqbIODCy2kof+bDac7XqgsZ6d5a+w9ARWlUkteObSGcNtVogGJytzy
rsBBYRC0Zg4NhwVkLp4FV3l7T9AVjmMDe66mMT8EakA6cQk9QcMPqaCHh0nTa7eT
tH9+QGM9YTIZXr9OQ7DmGA28j7jG/TTilx7qYsZAz6mdWPhFbp0ZEAIcPJB+4qAd
9Qpu40XuaSSjrGICprXta7PaUtgguyrc634mNJDzzDh6nZCX/mitoxvvBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO5Di2+WoE7yTYmZh24O6DzkgaKtMB8GA1UdIwQY
MBaAFEEaKpQFvaFnHBB3b0QmJzyQTkrQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQt
OGM1MmU2NjZhOGEyLzEvN2tPTGI1YWdUdkpOaVptSGJnN29QT1NCb3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQtOGM1MmU2NjZhOGEy
LzEvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLQv8AwQA
LQv/MA0GCSqGSIb3DQEBCwUAA4IBAQCR1LiMdCoh7CULpJoJM3Wf5wUGJxndQRjs
y1lFyrYh5DtPwe82JlWF4Gm55yCaiV0oMxfTw25hvoS/RQiHa4aPoDzzkBOiFrHb
10KYE4NRckDz0lan4hHcHMmJLjtzDQCugETHYQV8ifvEmKRTTt29+yKPGFsyxp+4
OVW6KrUFd4wyRUO7s+EpZsqDich1ebgrZs4SR6CgHUeiVWwpK/FcQCLUq0BFvc2F
nZAes13ICiKwDifNejJCuaoqITLIEzvo+Zaxd6B16HS2d5jjyEskJSCacJt8UE7J
iJZqes0XG+4oeOQb2sqziVJ3h5s2pIA+lW1v8JGINz4Z467QYcus
-----END CERTIFICATE-----