Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/fq_1cNVhnRyKc2u6Tpi7nWrUD48.roa
File:                     fq_1cNVhnRyKc2u6Tpi7nWrUD48.roa (raw, json)
Hash identifier:          03Y77SRPe3amrviIIQ+5UUog0n/DdIDUF4QQne3bPoA=
Subject key identifier:   7E:AF:F5:70:D5:61:9D:1C:8A:73:6B:BA:4E:98:BB:9D:6A:D4:0F:8F
Certificate issuer:       /CN=af46fb8d41a47242ae3ee8ce1f0fa8ef811698b5
Certificate serial:       0199A3C8FEEA442CF34710891B95F1D18BF5
Authority key identifier: AF:46:FB:8D:41:A4:72:42:AE:3E:E8:CE:1F:0F:A8:EF:81:16:98:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r0b7jUGkckKuPujOHw-o74EWmLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/fq_1cNVhnRyKc2u6Tpi7nWrUD48.roa
Signing time:             Thu 02 Oct 2025 07:18:02 +0000
ROA not before:           Thu 02 Oct 2025 07:18:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209143
IP address blocks:        45.92.24.0/22 maxlen: 22
                          45.92.24.0/24 maxlen: 24
                          45.92.25.0/24 maxlen: 24
                          45.92.26.0/24 maxlen: 24
                          45.92.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/r0b7jUGkckKuPujOHw-o74EWmLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/r0b7jUGkckKuPujOHw-o74EWmLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r0b7jUGkckKuPujOHw-o74EWmLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a3:c8:fe:ea:44:2c:f3:47:10:89:1b:95:f1:d1:8b:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af46fb8d41a47242ae3ee8ce1f0fa8ef811698b5
        Validity
            Not Before: Oct  2 07:18:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7eaff570d5619d1c8a736bba4e98bb9d6ad40f8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:80:5b:09:a2:ef:96:48:92:ea:6c:11:ee:c9:
                    25:7b:dd:e7:4a:8a:ba:ce:9d:c0:8a:08:6a:67:80:
                    e2:7c:8c:c9:fb:de:3d:9c:b2:82:f5:1d:c4:2e:13:
                    f7:69:03:db:a4:62:77:95:dd:68:c1:26:d6:fe:08:
                    cd:5e:8f:16:44:65:4a:83:c6:13:0c:65:73:ee:09:
                    d5:89:80:74:ed:74:b2:c0:a3:e4:41:17:7c:97:dc:
                    fb:17:5b:50:80:35:f6:65:09:65:e3:77:84:0d:84:
                    8c:de:67:8e:f4:f6:8a:fb:da:b8:af:85:6d:74:47:
                    ef:1d:01:57:de:71:a1:55:ba:31:b7:f0:c7:25:be:
                    3f:b1:e5:f0:e0:0b:67:62:6d:38:5e:d5:d8:62:d4:
                    cd:88:41:1a:42:f4:8c:32:50:33:6e:c1:dd:5f:62:
                    75:5a:4e:52:5b:48:7f:6e:76:aa:05:90:f6:34:a5:
                    a2:c6:47:b9:1e:07:2f:d2:70:ef:ee:01:b2:3a:13:
                    5d:ee:eb:4d:dc:dd:59:dc:56:d2:31:6f:27:f6:c0:
                    20:23:ca:a2:05:d5:68:b5:80:f8:35:0c:9a:70:f7:
                    0f:5a:8c:55:97:2c:4a:4f:6c:91:91:26:bd:48:fc:
                    c4:9e:b6:e7:8f:ae:ab:0d:28:17:9e:ed:b0:f9:f6:
                    86:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:AF:F5:70:D5:61:9D:1C:8A:73:6B:BA:4E:98:BB:9D:6A:D4:0F:8F
            X509v3 Authority Key Identifier:
                keyid:AF:46:FB:8D:41:A4:72:42:AE:3E:E8:CE:1F:0F:A8:EF:81:16:98:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r0b7jUGkckKuPujOHw-o74EWmLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/fq_1cNVhnRyKc2u6Tpi7nWrUD48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/r0b7jUGkckKuPujOHw-o74EWmLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:8f:03:38:7b:32:7e:f6:bc:95:3a:a8:61:ca:f5:24:2f:75:
         8d:12:0b:61:a4:33:3f:85:64:37:39:c8:f5:ba:1e:0f:63:69:
         73:94:13:92:bb:cb:c4:e7:38:b0:0d:50:85:a6:4f:ec:69:1e:
         53:ef:32:68:6f:06:75:c7:eb:77:e4:c8:8d:e7:5e:a2:47:c0:
         55:43:e1:7f:ec:68:cf:91:d4:37:ed:87:e7:03:56:4b:47:2b:
         09:a1:a6:57:d1:16:a3:57:e6:62:a0:1b:67:3c:c4:c4:ce:23:
         a6:69:d0:1c:16:e5:3a:48:ea:fb:f2:8e:8e:72:3f:5a:ee:17:
         d6:39:07:ae:55:cd:ea:05:56:58:d9:bf:76:bc:1a:c9:a5:e9:
         b9:13:1d:4b:12:f3:f4:ee:20:c2:cd:af:6a:e8:04:ab:d5:3d:
         6b:b0:28:e3:71:39:6e:50:2a:73:f8:c4:c2:fc:14:7c:91:e4:
         3f:4e:cf:3a:57:8f:e9:6d:72:36:ce:89:06:4f:60:e0:3f:96:
         49:fa:c4:6f:a9:6d:db:4e:76:6c:2e:81:19:68:0b:06:90:e0:
         e8:c8:cd:35:ac:2d:ba:9f:39:e6:e2:41:fa:de:e8:98:15:10:
         90:3c:bb:0b:a0:c4:66:07:cf:57:8d:53:87:c5:72:45:b7:67:
         05:13:93:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmjyP7qRCzzRxCJG5Xx0Yv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNDZmYjhkNDFhNDcyNDJhZTNlZThjZTFmMGZhOGVmODEx
Njk4YjUwHhcNMjUxMDAyMDcxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWFmZjU3MGQ1NjE5ZDFjOGE3MzZiYmE0ZTk4YmI5ZDZhZDQwZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4BbCaLvlkiS6mwR7skle93nSoq6
zp3AighqZ4DifIzJ+949nLKC9R3ELhP3aQPbpGJ3ld1owSbW/gjNXo8WRGVKg8YT
DGVz7gnViYB07XSywKPkQRd8l9z7F1tQgDX2ZQll43eEDYSM3meO9PaK+9q4r4Vt
dEfvHQFX3nGhVboxt/DHJb4/seXw4AtnYm04XtXYYtTNiEEaQvSMMlAzbsHdX2J1
Wk5SW0h/bnaqBZD2NKWixke5Hgcv0nDv7gGyOhNd7utN3N1Z3FbSMW8n9sAgI8qi
BdVotYD4NQyacPcPWoxVlyxKT2yRkSa9SPzEnrbnj66rDSgXnu2w+faG/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6v9XDVYZ0cinNruk6Yu51q1A+PMB8GA1UdIwQY
MBaAFK9G+41BpHJCrj7ozh8PqO+BFpi1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjBiN2pVR2tja0t1UHVqT0h3LW83NEVXbUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kODI3NWUtYzQ3OS00ZWQ4LWJlZWEt
ZGE4OWVkMmViNTVlLzEvZnFfMWNOVmhuUnlLYzJ1NlRwaTduV3JVRDQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kODI3NWUtYzQ3OS00ZWQ4LWJlZWEtZGE4OWVkMmViNTVl
LzEvcjBiN2pVR2tja0t1UHVqT0h3LW83NEVXbUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVwYMA0G
CSqGSIb3DQEBCwUAA4IBAQAmjwM4ezJ+9ryVOqhhyvUkL3WNEgthpDM/hWQ3Ocj1
uh4PY2lzlBOSu8vE5ziwDVCFpk/saR5T7zJobwZ1x+t35MiN516iR8BVQ+F/7GjP
kdQ37YfnA1ZLRysJoaZX0RajV+ZioBtnPMTEziOmadAcFuU6SOr78o6Ocj9a7hfW
OQeuVc3qBVZY2b92vBrJpem5Ex1LEvP07iDCza9q6ASr1T1rsCjjcTluUCpz+MTC
/BR8keQ/Ts86V4/pbXI2zokGT2DgP5ZJ+sRvqW3bTnZsLoEZaAsGkODoyM01rC26
nznm4kH63uiYFRCQPLsLoMRmB89XjVOHxXJFt2cFE5Mc
-----END CERTIFICATE-----