Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/EPg3Q-7OLND9LYkEHOXYu5klBEo.roa
File:                     EPg3Q-7OLND9LYkEHOXYu5klBEo.roa (raw, json)
Hash identifier:          vzDBPeaOB3ovD+kTa3clBOm4DXfyVTgneVl97jYDlQI=
Subject key identifier:   10:F8:37:43:EE:CE:2C:D0:FD:2D:89:04:1C:E5:D8:BB:99:25:04:4A
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0199DA2937A6AE6A2D40A7AD650C1E2C334C
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/EPg3Q-7OLND9LYkEHOXYu5klBEo.roa
Signing time:             Sun 12 Oct 2025 20:42:38 +0000
ROA not before:           Sun 12 Oct 2025 20:42:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215413
IP address blocks:        45.138.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:da:29:37:a6:ae:6a:2d:40:a7:ad:65:0c:1e:2c:33:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct 12 20:42:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10f83743eece2cd0fd2d89041ce5d8bb9925044a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f5:60:73:e4:96:14:b5:b1:ab:34:12:6e:6a:
                    09:3a:7f:12:65:33:5e:fd:43:f7:8e:77:95:19:6f:
                    55:ef:d3:b8:41:a2:23:5a:cd:ce:2f:aa:0f:d3:34:
                    66:19:e8:6d:aa:c0:f0:be:52:34:78:44:b5:e0:5f:
                    96:fd:71:17:14:11:e5:e0:76:05:5a:ea:34:b8:2b:
                    77:0f:c9:28:9f:29:29:6e:82:52:25:9a:c3:1f:21:
                    c6:be:d6:32:69:9d:be:12:63:45:eb:8e:ed:76:4c:
                    fd:a4:72:65:5b:aa:ae:61:95:12:ec:26:2b:bb:f4:
                    bc:d5:df:ae:89:2c:ca:1c:8c:b7:40:4e:d0:ae:86:
                    62:13:1b:95:26:01:06:6f:1e:23:29:c6:3b:9d:25:
                    0c:ee:05:1d:31:7f:36:74:02:f8:7f:17:e1:1f:a6:
                    a4:a5:bb:2f:81:06:c8:56:4f:44:f9:31:97:10:1f:
                    97:1b:32:8c:ea:53:b1:23:15:03:57:2c:5d:38:5c:
                    95:84:03:62:5b:35:fc:cf:cc:b8:fd:a1:a7:69:d8:
                    31:80:24:c8:ab:85:80:dd:a7:59:77:f3:18:30:e5:
                    10:d0:21:58:75:45:b1:c4:8a:b6:c0:71:d8:79:e2:
                    d7:48:16:3d:d1:f8:13:aa:4d:c5:60:ec:50:24:1f:
                    19:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:F8:37:43:EE:CE:2C:D0:FD:2D:89:04:1C:E5:D8:BB:99:25:04:4A
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/EPg3Q-7OLND9LYkEHOXYu5klBEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:8a:4d:ca:ce:a5:d3:43:85:4e:1c:ef:db:16:ec:43:c7:ee:
         52:28:c3:87:90:73:f7:1e:1b:8e:a7:11:0b:ed:d9:2e:0e:de:
         19:4f:22:c0:20:6c:95:78:a1:0d:a4:1a:e7:eb:f0:e7:b0:c3:
         1f:10:22:95:64:0e:0c:f6:f8:20:a0:d3:62:37:d5:05:12:b2:
         ec:97:f4:5e:45:dc:5d:2f:10:39:42:55:50:e5:84:8c:56:c3:
         2a:48:32:bb:14:81:4e:97:38:fb:7c:1b:c7:f6:37:fc:88:c0:
         4a:74:f0:58:0f:3c:d8:22:23:24:ea:d3:e4:24:72:1c:8e:fd:
         67:f8:ca:f7:71:46:ac:94:71:1f:fa:6e:b0:77:05:8a:59:ef:
         b9:8b:a9:8e:7b:af:fc:3f:32:4b:9e:fc:c1:11:dc:d8:5a:70:
         b0:c7:58:0e:27:c0:ff:83:5c:87:a7:fe:c2:41:db:12:8d:91:
         c3:3c:0d:dc:27:47:91:da:8b:26:9b:aa:e0:58:ab:ce:8d:12:
         e1:96:c8:25:44:a7:ef:10:24:4e:79:cb:18:c3:a4:2b:55:00:
         4e:9a:98:1e:9a:0f:ec:58:c1:e4:75:d5:9b:f2:f9:66:77:71:
         88:cf:12:5f:4a:3c:ea:bf:34:99:62:40:fc:88:a5:d6:de:24:
         02:7d:e9:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnaKTemrmotQKetZQweLDNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUxMDEyMjA0MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGY4Mzc0M2VlY2UyY2QwZmQyZDg5MDQxY2U1ZDhiYjk5MjUwNDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPVgc+SWFLWxqzQSbmoJOn8SZTNe
/UP3jneVGW9V79O4QaIjWs3OL6oP0zRmGehtqsDwvlI0eES14F+W/XEXFBHl4HYF
Wuo0uCt3D8konykpboJSJZrDHyHGvtYyaZ2+EmNF647tdkz9pHJlW6quYZUS7CYr
u/S81d+uiSzKHIy3QE7QroZiExuVJgEGbx4jKcY7nSUM7gUdMX82dAL4fxfhH6ak
pbsvgQbIVk9E+TGXEB+XGzKM6lOxIxUDVyxdOFyVhANiWzX8z8y4/aGnadgxgCTI
q4WA3adZd/MYMOUQ0CFYdUWxxIq2wHHYeeLXSBY90fgTqk3FYOxQJB8ZiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBD4N0PuzizQ/S2JBBzl2LuZJQRKMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvRVBnM1EtN09MTkQ5TFlrRUhPWFl1NWtsQkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYq2MA0G
CSqGSIb3DQEBCwUAA4IBAQCkik3KzqXTQ4VOHO/bFuxDx+5SKMOHkHP3HhuOpxEL
7dkuDt4ZTyLAIGyVeKENpBrn6/DnsMMfECKVZA4M9vggoNNiN9UFErLsl/ReRdxd
LxA5QlVQ5YSMVsMqSDK7FIFOlzj7fBvH9jf8iMBKdPBYDzzYIiMk6tPkJHIcjv1n
+Mr3cUaslHEf+m6wdwWKWe+5i6mOe6/8PzJLnvzBEdzYWnCwx1gOJ8D/g1yHp/7C
QdsSjZHDPA3cJ0eR2osmm6rgWKvOjRLhlsglRKfvECROecsYw6QrVQBOmpgemg/s
WMHkddWb8vlmd3GIzxJfSjzqvzSZYkD8iKXW3iQCfelX
-----END CERTIFICATE-----