Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/4sh0yYbT80cSrTPvdQEkGETfVo8.roa
File:                     4sh0yYbT80cSrTPvdQEkGETfVo8.roa (raw, json)
Hash identifier:          7RnvvHQkkS8YaZiuCDpplhOJhAdwXKsdDZ03EF+NYdQ=
Subject key identifier:   E2:C8:74:C9:86:D3:F3:47:12:AD:33:EF:75:01:24:18:44:DF:56:8F
Certificate issuer:       /CN=3a839936aeeff288678e772633020fa259bd9cf2
Certificate serial:       019995D3B22D65B3A6987230301AF936AD88
Authority key identifier: 3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/4sh0yYbT80cSrTPvdQEkGETfVo8.roa
Signing time:             Mon 29 Sep 2025 14:15:02 +0000
ROA not before:           Mon 29 Sep 2025 14:15:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215769
IP address blocks:        146.19.60.0/24 maxlen: 24
                          2a12:ff04:7000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:95:d3:b2:2d:65:b3:a6:98:72:30:30:1a:f9:36:ad:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a839936aeeff288678e772633020fa259bd9cf2
        Validity
            Not Before: Sep 29 14:15:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2c874c986d3f34712ad33ef7501241844df568f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:50:ae:60:51:5f:cc:76:1b:48:06:be:d5:fc:
                    97:9f:3f:e8:54:c2:18:72:86:1b:a1:0e:d8:14:53:
                    e3:ab:92:e7:59:30:be:69:01:a8:af:12:a8:64:b3:
                    ba:20:34:2e:0c:83:c0:97:a9:02:63:4a:b3:93:af:
                    4e:35:b8:dc:a7:96:e2:dd:93:95:17:ff:af:8a:03:
                    0a:af:1c:7d:98:f8:be:4c:27:c3:20:a7:2d:3d:d0:
                    ca:8a:f6:fe:59:89:52:59:20:07:3b:74:c7:64:d7:
                    8a:37:b0:9b:1f:e1:16:8e:be:a2:65:ca:f5:19:18:
                    a2:c0:7e:6e:3f:58:01:94:fd:3d:57:1a:c4:e3:f4:
                    9b:42:7e:e8:37:ed:99:7a:36:94:ca:cf:03:9e:b9:
                    9b:d4:a5:2c:ee:40:b7:b9:b7:18:8e:da:ff:0d:6a:
                    d0:c8:f3:41:6c:53:00:c4:f9:c8:d1:c8:b7:20:8d:
                    f9:6c:72:54:74:08:c8:27:18:4a:bc:b9:cb:17:85:
                    0e:b7:01:88:86:0b:61:12:73:6e:a0:f4:4d:ba:e2:
                    c2:0e:a9:8d:0f:d3:24:9a:81:6c:b1:9c:28:f1:02:
                    6a:23:38:8d:f4:a7:4f:af:09:8f:8a:08:a0:5f:9f:
                    ca:6c:fa:23:d2:11:1e:ff:c4:a4:28:62:31:63:5e:
                    d9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C8:74:C9:86:D3:F3:47:12:AD:33:EF:75:01:24:18:44:DF:56:8F
            X509v3 Authority Key Identifier:
                keyid:3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/4sh0yYbT80cSrTPvdQEkGETfVo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.60.0/24
                IPv6:
                  2a12:ff04:7000::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:11:1c:d5:df:85:19:7a:cc:22:d0:4b:29:19:c0:61:e6:9e:
         df:76:2c:34:c2:84:dc:2b:9e:7c:0d:4c:dd:11:79:de:65:b6:
         bd:a5:35:36:cb:43:fb:4d:00:2d:6d:27:12:7b:c0:2e:48:22:
         d1:c9:c3:f6:d0:48:49:5c:32:84:82:53:e8:09:3d:9d:3c:bb:
         d7:38:3d:d4:68:b2:87:01:19:97:c8:86:e1:59:5d:61:e2:dd:
         79:ec:4f:72:4b:9b:5e:98:1f:87:b7:38:5c:24:af:30:f3:1b:
         44:5d:7b:27:5b:a8:b8:ae:6d:99:ad:a5:6c:18:aa:f2:c6:1b:
         ce:a8:20:4b:2f:8d:99:81:ca:cc:1f:12:60:8d:9f:f9:1a:f9:
         e7:67:74:dc:be:d3:57:be:23:30:06:6f:8f:a3:d7:8b:d0:10:
         01:82:a3:37:08:21:fc:ef:10:ba:df:a3:14:e8:22:79:1b:1a:
         17:b8:d8:a4:91:97:5c:ff:d6:ef:6b:d8:45:e7:8b:9d:48:8d:
         7f:c0:00:f1:f0:6a:23:9a:31:96:3d:53:79:19:04:1a:68:2a:
         3d:9c:fd:2e:9d:d5:be:a8:5c:a3:01:d2:f0:48:4e:3d:e5:8d:
         17:c9:c3:98:b5:59:97:0c:8c:6c:28:29:52:e1:8e:22:7d:6d:
         11:c6:d1:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZmV07ItZbOmmHIwMBr5Nq2IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhODM5OTM2YWVlZmYyODg2NzhlNzcyNjMzMDIwZmEyNTli
ZDljZjIwHhcNMjUwOTI5MTQxNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmM4NzRjOTg2ZDNmMzQ3MTJhZDMzZWY3NTAxMjQxODQ0ZGY1NjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulCuYFFfzHYbSAa+1fyXnz/oVMIY
coYboQ7YFFPjq5LnWTC+aQGorxKoZLO6IDQuDIPAl6kCY0qzk69ONbjcp5bi3ZOV
F/+vigMKrxx9mPi+TCfDIKctPdDKivb+WYlSWSAHO3THZNeKN7CbH+EWjr6iZcr1
GRiiwH5uP1gBlP09VxrE4/SbQn7oN+2ZejaUys8Dnrmb1KUs7kC3ubcYjtr/DWrQ
yPNBbFMAxPnI0ci3II35bHJUdAjIJxhKvLnLF4UOtwGIhgthEnNuoPRNuuLCDqmN
D9MkmoFssZwo8QJqIziN9KdPrwmPigigX5/KbPoj0hEe/8SkKGIxY17ZjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOLIdMmG0/NHEq0z73UBJBhE31aPMB8GA1UdIwQY
MBaAFDqDmTau7/KIZ453JjMCD6JZvZzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQt
ODM1ZjRlMzcyODNjLzEvNHNoMHlZYlQ4MGNTclRQdmRRRWtHRVRmVm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQtODM1ZjRlMzcyODNj
LzEvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAkhM8MA8E
AgACMAkDBwQqEv8EcAAwDQYJKoZIhvcNAQELBQADggEBAA0RHNXfhRl6zCLQSykZ
wGHmnt92LDTChNwrnnwNTN0Red5ltr2lNTbLQ/tNAC1tJxJ7wC5IItHJw/bQSElc
MoSCU+gJPZ08u9c4PdRosocBGZfIhuFZXWHi3XnsT3JLm16YH4e3OFwkrzDzG0Rd
eydbqLiubZmtpWwYqvLGG86oIEsvjZmByswfEmCNn/ka+edndNy+01e+IzAGb4+j
14vQEAGCozcIIfzvELrfoxToInkbGhe42KSRl1z/1u9r2EXni51IjX/AAPHwaiOa
MZY9U3kZBBpoKj2c/S6d1b6oXKMB0vBITj3ljRfJw5i1WZcMjGwoKVLhjiJ9bRHG
0U4=
-----END CERTIFICATE-----