Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d819a7-e2ab-4050-afcd-4d9561f8b967/1/tp-dB2xKIA-Dznn_c4mvWy8vGjo.roa
File:                     tp-dB2xKIA-Dznn_c4mvWy8vGjo.roa (raw, json)
Hash identifier:          lUu46cTL71HHo1Gr7lMNLrh2M9SW7foXyhj6RDawOf4=
Subject key identifier:   B6:9F:9D:07:6C:4A:20:0F:83:CE:79:FF:73:89:AF:5B:2F:2F:1A:3A
Certificate issuer:       /CN=07a594d26b88e8691d1d8186023b69ebf18d1fe9
Certificate serial:       0198A3C922CC1F1AFDA0DB4B4123F1694676
Authority key identifier: 07:A5:94:D2:6B:88:E8:69:1D:1D:81:86:02:3B:69:EB:F1:8D:1F:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6WU0muI6GkdHYGGAjtp6_GNH-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d819a7-e2ab-4050-afcd-4d9561f8b967/1/tp-dB2xKIA-Dznn_c4mvWy8vGjo.roa
Signing time:             Wed 13 Aug 2025 14:15:24 +0000
ROA not before:           Wed 13 Aug 2025 14:15:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47381
IP address blocks:        185.33.52.0/22 maxlen: 22
                          2a00:c760::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d819a7-e2ab-4050-afcd-4d9561f8b967/1/B6WU0muI6GkdHYGGAjtp6_GNH-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d819a7-e2ab-4050-afcd-4d9561f8b967/1/B6WU0muI6GkdHYGGAjtp6_GNH-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6WU0muI6GkdHYGGAjtp6_GNH-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:c9:22:cc:1f:1a:fd:a0:db:4b:41:23:f1:69:46:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07a594d26b88e8691d1d8186023b69ebf18d1fe9
        Validity
            Not Before: Aug 13 14:15:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b69f9d076c4a200f83ce79ff7389af5b2f2f1a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:69:83:f8:a2:c7:16:0a:a1:60:63:45:47:3f:
                    2b:d9:a9:50:f7:b0:f8:7e:f5:4e:93:db:cb:67:09:
                    f6:02:18:02:c4:5b:da:8c:21:11:12:a2:e9:09:94:
                    e8:90:d3:30:c9:8a:8e:f8:91:9b:be:70:b9:c5:3b:
                    49:e4:53:01:ed:70:fb:63:5e:78:3e:35:7a:65:63:
                    44:dc:13:4f:88:ee:a8:be:96:5a:f6:d0:f4:8c:5e:
                    46:82:f9:ea:b0:ee:8e:b1:49:1c:a4:42:34:7c:e1:
                    24:83:71:0a:9f:67:c8:ee:70:36:7b:3d:55:17:ff:
                    c7:43:1b:2c:c4:f1:0f:12:a8:35:87:67:97:48:44:
                    a6:d0:d8:df:6d:25:c4:d5:b3:c0:34:44:91:01:0d:
                    93:a1:71:54:20:68:aa:1d:61:45:35:78:2e:b8:bc:
                    4f:b6:eb:b2:97:c1:9c:ea:9c:74:de:e9:a7:af:13:
                    bf:9d:68:0e:63:4f:f7:f7:ea:ac:a1:6e:98:52:fe:
                    33:c6:d5:b5:9e:74:b9:0d:84:93:10:9a:cc:07:33:
                    d9:49:ed:c3:16:6d:00:b7:cb:d1:eb:a9:31:07:d2:
                    fd:61:11:2e:0a:c7:b6:7a:7b:56:7d:10:33:95:2d:
                    72:4a:45:b9:cd:84:1a:1d:89:c2:bb:7f:d2:4a:d2:
                    cd:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:9F:9D:07:6C:4A:20:0F:83:CE:79:FF:73:89:AF:5B:2F:2F:1A:3A
            X509v3 Authority Key Identifier:
                keyid:07:A5:94:D2:6B:88:E8:69:1D:1D:81:86:02:3B:69:EB:F1:8D:1F:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6WU0muI6GkdHYGGAjtp6_GNH-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d819a7-e2ab-4050-afcd-4d9561f8b967/1/tp-dB2xKIA-Dznn_c4mvWy8vGjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d819a7-e2ab-4050-afcd-4d9561f8b967/1/B6WU0muI6GkdHYGGAjtp6_GNH-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.52.0/22
                IPv6:
                  2a00:c760::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:74:29:3e:c1:b7:8b:c0:b2:5f:5a:02:da:2d:82:f6:f6:dc:
         65:22:8d:4d:45:7e:eb:86:89:43:88:79:0c:51:77:cb:90:54:
         95:f3:2c:1b:c2:c1:55:41:12:bb:52:b4:e6:73:83:b7:77:73:
         bc:a8:8c:8a:e5:ac:b6:d0:be:d0:98:b4:96:10:ac:29:dc:52:
         6a:d6:4d:cb:ab:92:51:f5:8c:8f:3a:32:79:93:30:ba:7f:f5:
         97:d6:3d:ea:aa:1f:10:7d:50:bb:10:2b:f8:0c:f7:ee:bd:32:
         90:b7:4c:31:fe:29:12:4d:8a:aa:cb:3e:f7:9f:81:26:fb:f6:
         2a:61:6b:2c:5d:db:86:bb:d3:13:45:f2:f9:df:4b:96:6e:f9:
         17:01:5a:15:2b:14:43:23:0f:fd:25:d2:c6:a1:fb:df:c7:4c:
         0a:1a:12:82:82:15:1d:1a:68:fe:d0:d9:ef:e5:93:2e:8c:f2:
         2d:28:6a:c1:b9:34:df:8a:8f:65:a0:1c:3d:88:8f:92:e1:1a:
         8f:00:48:63:02:e9:36:e4:9a:0f:0d:c3:37:bd:7c:48:7e:4b:
         2d:16:a6:31:a0:12:92:c3:1b:ef:16:0a:e4:54:59:21:5b:14:
         05:7d:24:8c:01:9a:70:5c:ac:40:d7:e4:9d:42:3d:14:6c:fe:
         c4:8b:2d:ee
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZijySLMHxr9oNtLQSPxaUZ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTU5NGQyNmI4OGU4NjkxZDFkODE4NjAyM2I2OWViZjE4
ZDFmZTkwHhcNMjUwODEzMTQxNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjlmOWQwNzZjNGEyMDBmODNjZTc5ZmY3Mzg5YWY1YjJmMmYxYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymmD+KLHFgqhYGNFRz8r2alQ97D4
fvVOk9vLZwn2AhgCxFvajCEREqLpCZTokNMwyYqO+JGbvnC5xTtJ5FMB7XD7Y154
PjV6ZWNE3BNPiO6ovpZa9tD0jF5GgvnqsO6OsUkcpEI0fOEkg3EKn2fI7nA2ez1V
F//HQxssxPEPEqg1h2eXSESm0NjfbSXE1bPANESRAQ2ToXFUIGiqHWFFNXguuLxP
tuuyl8Gc6px03umnrxO/nWgOY0/39+qsoW6YUv4zxtW1nnS5DYSTEJrMBzPZSe3D
Fm0At8vR66kxB9L9YREuCse2entWfRAzlS1ySkW5zYQaHYnCu3/SStLNZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLafnQdsSiAPg855/3OJr1svLxo6MB8GA1UdIwQY
MBaAFAellNJriOhpHR2BhgI7aevxjR/pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZXVTBtdUk2R2tkSFlHR0FqdHA2X0dOSC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kODE5YTctZTJhYi00MDUwLWFmY2Qt
NGQ5NTYxZjhiOTY3LzEvdHAtZEIyeEtJQS1Eem5uX2M0bXZXeTh2R2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kODE5YTctZTJhYi00MDUwLWFmY2QtNGQ5NTYxZjhiOTY3
LzEvQjZXVTBtdUk2R2tkSFlHR0FqdHA2X0dOSC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSE0MA0E
AgACMAcDBQAqAMdgMA0GCSqGSIb3DQEBCwUAA4IBAQB7dCk+wbeLwLJfWgLaLYL2
9txlIo1NRX7rholDiHkMUXfLkFSV8ywbwsFVQRK7UrTmc4O3d3O8qIyK5ay20L7Q
mLSWEKwp3FJq1k3Lq5JR9YyPOjJ5kzC6f/WX1j3qqh8QfVC7ECv4DPfuvTKQt0wx
/ikSTYqqyz73n4Em+/YqYWssXduGu9MTRfL530uWbvkXAVoVKxRDIw/9JdLGofvf
x0wKGhKCghUdGmj+0Nnv5ZMujPItKGrBuTTfio9loBw9iI+S4RqPAEhjAuk25JoP
DcM3vXxIfkstFqYxoBKSwxvvFgrkVFkhWxQFfSSMAZpwXKxA1+SdQj0UbP7Eiy3u
-----END CERTIFICATE-----