Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/04b524-c1a0-43eb-a98f-6f83b708b320/1/2w_iKrPjyXvCCJbs0F7ZOxiGDMg.roa
File:                     2w_iKrPjyXvCCJbs0F7ZOxiGDMg.roa (raw, json)
Hash identifier:          nKdejJ8/KPh01N5ujViM/1f8ednF50B5j98TO8WaB8Y=
Subject key identifier:   DB:0F:E2:2A:B3:E3:C9:7B:C2:08:96:EC:D0:5E:D9:3B:18:86:0C:C8
Certificate issuer:       /CN=d6f8a9263497c8d54e05496460d439cd6e069260
Certificate serial:       019682429EE5A3CFBABC2C40F2B72A6357E0
Authority key identifier: D6:F8:A9:26:34:97:C8:D5:4E:05:49:64:60:D4:39:CD:6E:06:92:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vipJjSXyNVOBUlkYNQ5zW4GkmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/04b524-c1a0-43eb-a98f-6f83b708b320/1/2w_iKrPjyXvCCJbs0F7ZOxiGDMg.roa
Signing time:             Tue 29 Apr 2025 15:55:26 +0000
ROA not before:           Tue 29 Apr 2025 15:55:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211902
IP address blocks:        45.91.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/04b524-c1a0-43eb-a98f-6f83b708b320/1/1vipJjSXyNVOBUlkYNQ5zW4GkmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/04b524-c1a0-43eb-a98f-6f83b708b320/1/1vipJjSXyNVOBUlkYNQ5zW4GkmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vipJjSXyNVOBUlkYNQ5zW4GkmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:42:9e:e5:a3:cf:ba:bc:2c:40:f2:b7:2a:63:57:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6f8a9263497c8d54e05496460d439cd6e069260
        Validity
            Not Before: Apr 29 15:55:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db0fe22ab3e3c97bc20896ecd05ed93b18860cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:23:37:91:cd:b9:ac:0d:5f:59:0a:79:76:1f:
                    d3:ed:f0:4b:2a:9c:93:e5:c5:8c:21:7c:05:e8:b5:
                    2d:46:a5:f3:89:e3:c5:7b:16:4d:16:c5:49:02:c9:
                    52:a3:fd:a7:26:e6:72:00:f3:e1:6a:62:80:d3:55:
                    5d:95:17:ad:eb:f3:26:d3:3f:e5:a0:97:2a:17:a6:
                    a3:20:fe:32:29:3b:e6:1c:d2:59:93:d1:5b:fb:d1:
                    d6:bf:6a:28:ed:db:a3:6e:67:42:06:03:86:4e:0b:
                    cb:d8:16:2e:29:4d:12:45:c4:11:c3:94:ac:60:2f:
                    50:3d:60:13:22:1b:63:1b:bd:8d:4a:9a:bf:ae:8c:
                    1b:b4:de:ef:0d:ee:9e:10:5c:fd:81:63:45:e6:58:
                    c4:37:42:b2:cb:28:da:25:1e:b7:7e:f7:c0:d2:2a:
                    3a:4b:f8:d8:51:20:c2:2c:51:f7:3f:23:35:95:05:
                    0b:9e:b3:86:5e:22:53:c3:87:f3:a8:60:76:98:7f:
                    42:d2:0a:51:24:dd:28:d0:de:06:48:a8:9a:1f:80:
                    96:d0:69:b7:60:df:f0:6b:52:9f:a8:0d:dd:f0:a1:
                    81:57:68:b4:11:01:b5:31:6b:47:c0:3c:6f:2d:b8:
                    78:a7:eb:df:b6:f8:f6:dd:e0:12:75:b0:60:21:02:
                    ea:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:0F:E2:2A:B3:E3:C9:7B:C2:08:96:EC:D0:5E:D9:3B:18:86:0C:C8
            X509v3 Authority Key Identifier:
                keyid:D6:F8:A9:26:34:97:C8:D5:4E:05:49:64:60:D4:39:CD:6E:06:92:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vipJjSXyNVOBUlkYNQ5zW4GkmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/04b524-c1a0-43eb-a98f-6f83b708b320/1/2w_iKrPjyXvCCJbs0F7ZOxiGDMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/04b524-c1a0-43eb-a98f-6f83b708b320/1/1vipJjSXyNVOBUlkYNQ5zW4GkmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:c9:4e:70:46:e8:00:ec:2f:93:04:c5:a3:86:64:e0:03:8f:
         4f:ab:4b:97:e2:50:50:e4:05:ed:a9:b6:fb:46:3f:58:cd:10:
         b8:f9:26:de:26:d2:6f:f4:f1:57:75:e3:1c:a7:d1:85:20:b9:
         b7:38:36:38:aa:e5:cb:da:26:37:70:20:5b:5c:ab:4b:dc:0f:
         32:ea:3f:63:0b:58:36:57:50:ea:12:29:f3:40:4b:4b:82:ad:
         3f:f7:d9:17:8a:c4:08:f6:c1:4d:56:5f:6a:92:cf:82:16:0a:
         0c:b2:2b:37:91:d2:14:82:2a:6c:76:e6:a2:d6:d9:1b:4d:f2:
         59:fd:fa:62:67:f9:7b:b7:ca:1e:48:69:b8:fb:ac:33:77:cd:
         1b:f8:08:ac:09:f0:41:11:8d:e6:91:f6:b6:20:1c:9d:ce:4f:
         c7:62:08:81:f4:11:23:45:27:bf:ea:94:eb:8b:e6:88:7e:01:
         b7:01:dd:8e:e5:c5:92:b6:a5:d5:88:7d:cc:00:76:34:ff:68:
         d7:83:f6:35:bb:f8:59:e5:53:33:a8:5c:35:0a:5e:ec:7b:b6:
         d6:15:5a:9a:0d:79:d7:5f:2b:e7:c1:c7:48:1e:94:56:b2:5f:
         7c:e4:31:d6:b0:00:bd:f9:9d:f5:c1:f6:91:9b:13:cd:14:b8:
         75:53:04:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaCQp7lo8+6vCxA8rcqY1fgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZjhhOTI2MzQ5N2M4ZDU0ZTA1NDk2NDYwZDQzOWNkNmUw
NjkyNjAwHhcNMjUwNDI5MTU1NTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjBmZTIyYWIzZTNjOTdiYzIwODk2ZWNkMDVlZDkzYjE4ODYwY2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiM3kc25rA1fWQp5dh/T7fBLKpyT
5cWMIXwF6LUtRqXziePFexZNFsVJAslSo/2nJuZyAPPhamKA01VdlRet6/Mm0z/l
oJcqF6ajIP4yKTvmHNJZk9Fb+9HWv2oo7dujbmdCBgOGTgvL2BYuKU0SRcQRw5Ss
YC9QPWATIhtjG72NSpq/rowbtN7vDe6eEFz9gWNF5ljEN0KyyyjaJR63fvfA0io6
S/jYUSDCLFH3PyM1lQULnrOGXiJTw4fzqGB2mH9C0gpRJN0o0N4GSKiaH4CW0Gm3
YN/wa1KfqA3d8KGBV2i0EQG1MWtHwDxvLbh4p+vftvj23eASdbBgIQLqywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsP4iqz48l7wgiW7NBe2TsYhgzIMB8GA1UdIwQY
MBaAFNb4qSY0l8jVTgVJZGDUOc1uBpJgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZpcEpqU1h5TlZPQlVsa1lOUTV6VzRHa21BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wNGI1MjQtYzFhMC00M2ViLWE5OGYt
NmY4M2I3MDhiMzIwLzEvMndfaUtyUGp5WHZDQ0piczBGN1pPeGlHRE1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wNGI1MjQtYzFhMC00M2ViLWE5OGYtNmY4M2I3MDhiMzIw
LzEvMXZpcEpqU1h5TlZPQlVsa1lOUTV6VzRHa21BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVusMA0G
CSqGSIb3DQEBCwUAA4IBAQBnyU5wRugA7C+TBMWjhmTgA49Pq0uX4lBQ5AXtqbb7
Rj9YzRC4+SbeJtJv9PFXdeMcp9GFILm3ODY4quXL2iY3cCBbXKtL3A8y6j9jC1g2
V1DqEinzQEtLgq0/99kXisQI9sFNVl9qks+CFgoMsis3kdIUgipsduai1tkbTfJZ
/fpiZ/l7t8oeSGm4+6wzd80b+AisCfBBEY3mkfa2IBydzk/HYgiB9BEjRSe/6pTr
i+aIfgG3Ad2O5cWStqXViH3MAHY0/2jXg/Y1u/hZ5VMzqFw1Cl7se7bWFVqaDXnX
XyvnwcdIHpRWsl985DHWsAC9+Z31wfaRmxPNFLh1UwRf
-----END CERTIFICATE-----