Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/tZChEyPQo3JtLgHIkLJCjZXT3tU.roa
File:                     tZChEyPQo3JtLgHIkLJCjZXT3tU.roa (raw, json)
Hash identifier:          uNozfSihaZEC6WRHSAC5xI77mGfqKXUUWQanmizBeW8=
Subject key identifier:   B5:90:A1:13:23:D0:A3:72:6D:2E:01:C8:90:B2:42:8D:95:D3:DE:D5
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019888D6A37D993C4F15CE34110B3B4654E9
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/tZChEyPQo3JtLgHIkLJCjZXT3tU.roa
Signing time:             Fri 08 Aug 2025 08:40:24 +0000
ROA not before:           Fri 08 Aug 2025 08:40:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209847
IP address blocks:        5.181.20.0/24 maxlen: 24
                          45.140.146.0/24 maxlen: 24
                          45.150.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:88:d6:a3:7d:99:3c:4f:15:ce:34:11:0b:3b:46:54:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Aug  8 08:40:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b590a11323d0a3726d2e01c890b2428d95d3ded5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a5:d8:0c:f4:f6:7a:bc:a2:7b:c8:91:98:b7:
                    e6:31:ad:23:aa:aa:16:70:47:91:45:07:bd:96:82:
                    67:35:8a:e6:44:1f:95:7a:80:28:6b:84:49:7f:6e:
                    68:ac:46:a4:51:a1:5f:2b:00:21:c3:f5:61:13:6b:
                    72:e5:49:7c:ca:40:28:46:e5:5b:27:0a:47:1e:24:
                    d4:cf:51:15:34:25:a2:53:9b:dc:bb:69:00:34:9f:
                    07:d2:4e:88:81:b6:43:6f:68:a4:5a:9b:db:64:f6:
                    e0:c3:82:9f:46:f9:31:0c:95:5d:c4:39:14:56:df:
                    28:72:92:f8:8b:95:2a:e0:10:d6:f0:19:29:70:4c:
                    8b:1d:9f:20:f4:5e:14:9b:5c:a1:8c:fc:f6:bc:a0:
                    a0:35:a0:e0:4a:4a:86:e6:b9:20:d5:2e:68:10:6b:
                    1b:0e:56:f3:03:2c:6e:d5:d8:2d:50:5d:d1:8a:65:
                    7a:cf:b4:6f:d4:d3:54:55:c5:32:ef:f4:cb:90:28:
                    f7:c5:80:1a:a8:d6:50:c7:d3:a7:a1:e4:39:69:09:
                    9d:b9:8f:2d:e4:db:9a:40:ff:ed:8b:18:3a:30:65:
                    56:1d:78:b5:17:c1:00:89:87:c0:69:41:16:02:43:
                    cc:bf:1d:8c:ef:5d:9a:71:a5:cb:a1:5b:f1:fd:3a:
                    53:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:90:A1:13:23:D0:A3:72:6D:2E:01:C8:90:B2:42:8D:95:D3:DE:D5
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/tZChEyPQo3JtLgHIkLJCjZXT3tU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.20.0/24
                  45.140.146.0/24
                  45.150.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:fc:d9:73:40:4b:f2:24:c2:f1:e3:08:72:f8:7b:fc:1f:e7:
         4a:95:af:09:0d:c0:9f:2f:8f:cd:5e:e4:28:49:64:f7:8e:8e:
         f7:c1:3c:35:ff:6c:41:69:65:57:80:d3:b3:58:24:9e:05:08:
         ae:22:01:13:87:92:f3:7b:0e:6e:19:b2:84:23:1a:b1:0a:a0:
         b3:55:d1:ba:5f:fc:64:d8:9c:01:1b:2f:ce:19:8f:98:63:1e:
         58:9a:37:83:5d:a4:47:29:84:7e:46:9d:1e:df:3e:db:ca:a5:
         3b:c0:70:76:10:8c:15:1e:37:02:e2:36:d6:f5:b0:d9:6b:c6:
         21:24:d6:23:e7:97:fb:9e:25:86:2e:a5:00:c2:8a:cf:90:4d:
         6d:a4:58:42:ef:39:10:82:34:dc:3e:dd:37:37:d4:1e:a2:0e:
         cf:5c:1f:2e:08:69:ba:df:c6:13:d1:4e:2e:b9:9e:d6:41:45:
         76:07:a0:97:69:84:5a:91:95:e0:27:79:4f:88:88:a9:00:f8:
         9e:67:1e:f3:81:3c:21:e8:2a:7c:49:cd:cf:02:94:cf:e9:52:
         b2:78:b1:60:1a:a1:11:6a:b0:43:05:dc:bf:f9:2b:f8:e0:b7:
         26:f2:10:61:5c:44:39:12:95:ba:26:53:71:e3:ff:a2:7f:f4:
         a5:3f:74:f4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiI1qN9mTxPFc40EQs7RlTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwODA4MDg0MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTkwYTExMzIzZDBhMzcyNmQyZTAxYzg5MGIyNDI4ZDk1ZDNkZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6XYDPT2eryie8iRmLfmMa0jqqoW
cEeRRQe9loJnNYrmRB+VeoAoa4RJf25orEakUaFfKwAhw/VhE2ty5Ul8ykAoRuVb
JwpHHiTUz1EVNCWiU5vcu2kANJ8H0k6IgbZDb2ikWpvbZPbgw4KfRvkxDJVdxDkU
Vt8ocpL4i5Uq4BDW8BkpcEyLHZ8g9F4Um1yhjPz2vKCgNaDgSkqG5rkg1S5oEGsb
DlbzAyxu1dgtUF3RimV6z7Rv1NNUVcUy7/TLkCj3xYAaqNZQx9OnoeQ5aQmduY8t
5NuaQP/tixg6MGVWHXi1F8EAiYfAaUEWAkPMvx2M712acaXLoVvx/TpTOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLWQoRMj0KNybS4ByJCyQo2V097VMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvdFpDaEV5UFFvM0p0TGdISWtMSkNqWlhUM3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbUUAwQA
LYySAwQALZZDMA0GCSqGSIb3DQEBCwUAA4IBAQBR/NlzQEvyJMLx4why+Hv8H+dK
la8JDcCfL4/NXuQoSWT3jo73wTw1/2xBaWVXgNOzWCSeBQiuIgETh5Lzew5uGbKE
IxqxCqCzVdG6X/xk2JwBGy/OGY+YYx5YmjeDXaRHKYR+Rp0e3z7byqU7wHB2EIwV
HjcC4jbW9bDZa8YhJNYj55f7niWGLqUAworPkE1tpFhC7zkQgjTcPt03N9Qeog7P
XB8uCGm638YT0U4uuZ7WQUV2B6CXaYRakZXgJ3lPiIipAPieZx7zgTwh6Cp8Sc3P
ApTP6VKyeLFgGqERarBDBdy/+Sv44Lcm8hBhXEQ5EpW6JlNx4/+if/SlP3T0
-----END CERTIFICATE-----