Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/75ad91-fcfc-4cf4-ab22-d0f9804a9f1e/1/TUdbI3fTIue2IS2nP7PyiMKvzpA.roa
File:                     TUdbI3fTIue2IS2nP7PyiMKvzpA.roa (raw, json)
Hash identifier:          +rF1e9gIJIKIRSdOUzoKGO5Eq8f3G2LeMwZHkFAE720=
Subject key identifier:   4D:47:5B:23:77:D3:22:E7:B6:21:2D:A7:3F:B3:F2:88:C2:AF:CE:90
Certificate issuer:       /CN=c5ad1076280571925640b2aeda39cc0974c06ce2
Certificate serial:       019913F84E72EE9762326754727A613AFE3A
Authority key identifier: C5:AD:10:76:28:05:71:92:56:40:B2:AE:DA:39:CC:09:74:C0:6C:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xa0QdigFcZJWQLKu2jnMCXTAbOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/75ad91-fcfc-4cf4-ab22-d0f9804a9f1e/1/TUdbI3fTIue2IS2nP7PyiMKvzpA.roa
Signing time:             Thu 04 Sep 2025 09:04:24 +0000
ROA not before:           Thu 04 Sep 2025 09:04:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203325
IP address blocks:        185.130.32.0/23 maxlen: 23
                          185.130.34.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/75ad91-fcfc-4cf4-ab22-d0f9804a9f1e/1/xa0QdigFcZJWQLKu2jnMCXTAbOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/75ad91-fcfc-4cf4-ab22-d0f9804a9f1e/1/xa0QdigFcZJWQLKu2jnMCXTAbOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xa0QdigFcZJWQLKu2jnMCXTAbOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:13:f8:4e:72:ee:97:62:32:67:54:72:7a:61:3a:fe:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5ad1076280571925640b2aeda39cc0974c06ce2
        Validity
            Not Before: Sep  4 09:04:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d475b2377d322e7b6212da73fb3f288c2afce90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:45:84:2a:14:b6:6e:64:de:04:39:b2:ce:0a:
                    d1:52:12:24:85:e9:ac:f9:f2:53:de:b8:7b:8c:68:
                    61:ca:a1:2f:e6:83:6a:4c:28:82:f2:4b:1c:80:fc:
                    5f:73:f6:b1:cf:d4:a1:a3:0c:b0:f9:bc:c7:ce:43:
                    3f:e7:df:c2:24:c1:f8:a4:27:78:62:01:af:d2:18:
                    40:c2:d5:a0:fb:f2:dc:a6:72:85:17:f3:6e:f4:76:
                    99:7b:74:fc:9e:37:2f:64:03:cc:ab:5f:2f:22:55:
                    58:2c:0c:fd:99:a2:0c:62:32:7b:78:02:06:4f:cc:
                    85:2a:53:46:71:c8:65:d0:95:b2:ac:5c:4b:ce:04:
                    9f:5b:58:2f:88:d4:3e:64:b3:1e:9a:51:07:8a:1e:
                    65:27:dd:05:e3:ba:33:a5:96:08:db:11:ec:06:ef:
                    33:b9:c5:65:3d:49:9b:b1:ac:87:d5:17:a9:dc:76:
                    4a:85:40:7b:18:76:e6:10:e4:59:f5:11:b8:66:fc:
                    70:55:5d:7f:11:6b:ae:61:fe:76:f9:09:d9:7d:6f:
                    dd:a2:c4:80:26:67:b9:ae:6e:44:ed:d1:7d:d3:ef:
                    3c:5d:5f:d2:92:be:30:55:c1:62:59:30:c0:f9:d3:
                    7a:2a:0f:4f:30:c9:84:83:4f:5c:3a:79:9e:5c:8d:
                    65:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:47:5B:23:77:D3:22:E7:B6:21:2D:A7:3F:B3:F2:88:C2:AF:CE:90
            X509v3 Authority Key Identifier:
                keyid:C5:AD:10:76:28:05:71:92:56:40:B2:AE:DA:39:CC:09:74:C0:6C:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xa0QdigFcZJWQLKu2jnMCXTAbOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/75ad91-fcfc-4cf4-ab22-d0f9804a9f1e/1/TUdbI3fTIue2IS2nP7PyiMKvzpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/75ad91-fcfc-4cf4-ab22-d0f9804a9f1e/1/xa0QdigFcZJWQLKu2jnMCXTAbOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:08:9d:e2:17:13:a8:14:50:fc:cf:6c:ff:3a:d0:9a:42:28:
         96:79:bb:25:83:3f:8d:30:cb:0e:de:15:48:61:5c:8b:97:d2:
         a1:89:12:80:c6:93:96:40:6d:ca:c4:41:4f:ac:be:a3:ac:d3:
         2f:9d:84:fb:5c:ef:db:36:81:9b:97:bf:7d:c5:b0:18:26:2f:
         d6:2c:01:bc:5c:c4:2c:57:63:4b:d1:da:a7:7a:b7:c5:e1:09:
         c6:2f:bf:50:20:ec:fd:4a:48:9b:1a:8c:b0:05:8e:5e:22:31:
         2b:2d:e0:c6:0b:69:57:cb:92:fb:94:96:9d:9c:b4:38:b5:3a:
         2c:82:58:3f:7b:0a:dd:48:99:51:26:e5:1e:97:74:a7:fe:43:
         99:28:e1:4c:a2:61:5c:d4:3a:6a:92:ad:79:b1:75:ad:bd:1b:
         58:2b:40:f4:8e:b0:bf:22:eb:c4:de:7b:26:29:9e:af:8d:f3:
         ff:3a:c7:a9:ec:ba:33:65:6c:7a:7c:a5:7a:55:b2:66:37:0f:
         6a:ed:2a:70:0c:87:b0:78:ac:0c:aa:99:73:b0:37:ee:05:c3:
         44:e3:b8:b1:a1:2c:31:26:9a:3b:83:4c:4f:88:67:62:a1:13:
         d1:d5:7e:66:2f:74:51:f8:d6:01:44:c4:78:e5:58:d4:45:65:
         f8:69:03:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkT+E5y7pdiMmdUcnphOv46MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YWQxMDc2MjgwNTcxOTI1NjQwYjJhZWRhMzljYzA5NzRj
MDZjZTIwHhcNMjUwOTA0MDkwNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQ3NWIyMzc3ZDMyMmU3YjYyMTJkYTczZmIzZjI4OGMyYWZjZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEWEKhS2bmTeBDmyzgrRUhIkhems
+fJT3rh7jGhhyqEv5oNqTCiC8kscgPxfc/axz9Showyw+bzHzkM/59/CJMH4pCd4
YgGv0hhAwtWg+/LcpnKFF/Nu9HaZe3T8njcvZAPMq18vIlVYLAz9maIMYjJ7eAIG
T8yFKlNGcchl0JWyrFxLzgSfW1gviNQ+ZLMemlEHih5lJ90F47ozpZYI2xHsBu8z
ucVlPUmbsayH1Rep3HZKhUB7GHbmEORZ9RG4ZvxwVV1/EWuuYf52+QnZfW/dosSA
Jme5rm5E7dF90+88XV/Skr4wVcFiWTDA+dN6Kg9PMMmEg09cOnmeXI1l4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1HWyN30yLntiEtpz+z8ojCr86QMB8GA1UdIwQY
MBaAFMWtEHYoBXGSVkCyrto5zAl0wGziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGEwUWRpZ0ZjWkpXUUxLdTJqbk1DWFRBYk9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NWFkOTEtZmNmYy00Y2Y0LWFiMjIt
ZDBmOTgwNGE5ZjFlLzEvVFVkYkkzZlRJdWUySVMyblA3UHlpTUt2enBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NWFkOTEtZmNmYy00Y2Y0LWFiMjItZDBmOTgwNGE5ZjFl
LzEveGEwUWRpZ0ZjWkpXUUxLdTJqbk1DWFRBYk9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYIgMA0G
CSqGSIb3DQEBCwUAA4IBAQCuCJ3iFxOoFFD8z2z/OtCaQiiWebslgz+NMMsO3hVI
YVyLl9KhiRKAxpOWQG3KxEFPrL6jrNMvnYT7XO/bNoGbl799xbAYJi/WLAG8XMQs
V2NL0dqnerfF4QnGL79QIOz9SkibGoywBY5eIjErLeDGC2lXy5L7lJadnLQ4tTos
glg/ewrdSJlRJuUel3Sn/kOZKOFMomFc1Dpqkq15sXWtvRtYK0D0jrC/IuvE3nsm
KZ6vjfP/Osep7LozZWx6fKV6VbJmNw9q7SpwDIeweKwMqplzsDfuBcNE47ixoSwx
Jpo7g0xPiGdioRPR1X5mL3RR+NYBRMR45VjURWX4aQMh
-----END CERTIFICATE-----