Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/qSx1hEIHXsqWdZPubKTaOt7kkzo.roa
File:                     qSx1hEIHXsqWdZPubKTaOt7kkzo.roa (raw, json)
Hash identifier:          zLZ/PhB8aAdeLGUz58KnBe4LSd3Asz4fneXqrtz1dYk=
Subject key identifier:   A9:2C:75:84:42:07:5E:CA:96:75:93:EE:6C:A4:DA:3A:DE:E4:93:3A
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0198B3E548C8388F5F4F50B14C33B4CCA169
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/qSx1hEIHXsqWdZPubKTaOt7kkzo.roa
Signing time:             Sat 16 Aug 2025 17:20:04 +0000
ROA not before:           Sat 16 Aug 2025 17:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        84.32.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b3:e5:48:c8:38:8f:5f:4f:50:b1:4c:33:b4:cc:a1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Aug 16 17:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a92c758442075eca967593ee6ca4da3adee4933a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:54:cc:80:65:79:16:75:93:1f:88:aa:8d:93:
                    0b:6d:bf:56:26:1b:c7:8b:35:0f:82:31:76:1c:0c:
                    9c:a7:76:80:d7:22:30:41:ba:54:e1:e9:ee:32:83:
                    3a:77:3e:cf:ea:f3:26:cd:2d:40:a2:b0:76:90:02:
                    f7:6b:8d:f4:7f:c7:fe:32:6c:a8:09:b4:f9:02:6d:
                    da:6e:e5:b4:93:28:dd:ee:5e:5b:e8:6d:59:f3:c2:
                    4e:0b:8c:9d:97:ea:6a:24:c2:d5:b3:f0:f5:81:04:
                    05:b2:2d:33:ce:20:47:1d:19:fe:78:cd:72:3c:aa:
                    7f:1d:dc:56:82:e7:c6:2f:f2:64:d5:30:69:e9:46:
                    09:ed:8c:37:5a:2c:71:00:11:81:4c:ab:b9:48:c6:
                    60:6e:6a:a0:f5:6e:f5:59:7d:1e:82:59:58:94:46:
                    aa:77:cc:55:80:33:e6:b1:f7:b3:ec:54:5d:c5:60:
                    ac:9b:16:96:be:9f:ac:f0:44:d6:13:b0:6a:4f:6d:
                    7b:2e:97:bd:3a:05:fc:af:18:14:ec:0a:c0:f7:64:
                    da:a0:1d:e1:f2:41:af:9b:2f:f9:46:b1:2f:af:07:
                    e9:ea:88:28:6e:13:f3:42:86:b1:c6:5e:07:3f:ad:
                    13:38:a8:45:f1:51:f2:6e:6c:23:b3:50:14:6c:f0:
                    cb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:2C:75:84:42:07:5E:CA:96:75:93:EE:6C:A4:DA:3A:DE:E4:93:3A
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/qSx1hEIHXsqWdZPubKTaOt7kkzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:43:b7:df:23:6a:95:e1:87:fb:1f:33:c3:ab:56:78:69:bd:
         2a:c5:32:93:93:d0:c3:22:6a:71:89:68:e4:a4:cc:77:11:3f:
         1d:93:2f:fa:40:15:ab:a3:74:ad:2e:57:31:5a:ec:7d:e4:21:
         cf:2d:c2:78:f6:33:98:c3:1a:e0:62:b4:ce:32:2f:cf:2d:81:
         c7:cc:3c:13:37:ba:bc:ec:77:b6:28:9d:81:c2:d4:6a:dd:1a:
         8f:e1:b2:ab:50:e7:47:62:f4:1b:55:3c:f7:57:3a:94:e7:f8:
         f5:fc:b2:3d:28:73:0c:6d:f3:67:ef:24:8c:88:7e:d9:5d:2d:
         97:25:fe:dd:2b:f5:6f:f4:02:d7:35:53:2b:9f:05:a5:99:1f:
         12:71:c0:ee:2a:47:ab:82:a6:7e:53:8f:a6:c6:ea:e7:47:a3:
         9c:08:ed:20:d8:2f:56:f0:23:87:06:72:51:40:ac:09:f0:26:
         14:af:02:c3:11:de:d3:9a:95:f1:44:36:4b:50:f6:33:51:c3:
         79:b8:25:ed:ee:8c:79:db:c1:68:b3:87:99:1c:5a:a3:6d:4b:
         f0:87:22:ab:a2:32:92:37:e8:06:b3:73:11:3e:e6:5d:a2:49:
         f5:22:df:79:b8:e4:91:e7:84:f0:be:24:3c:e7:44:e4:17:da:
         67:86:4f:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiz5UjIOI9fT1CxTDO0zKFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwODE2MTcyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTJjNzU4NDQyMDc1ZWNhOTY3NTkzZWU2Y2E0ZGEzYWRlZTQ5MzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFTMgGV5FnWTH4iqjZMLbb9WJhvH
izUPgjF2HAycp3aA1yIwQbpU4enuMoM6dz7P6vMmzS1AorB2kAL3a430f8f+Mmyo
CbT5Am3abuW0kyjd7l5b6G1Z88JOC4ydl+pqJMLVs/D1gQQFsi0zziBHHRn+eM1y
PKp/HdxWgufGL/Jk1TBp6UYJ7Yw3WixxABGBTKu5SMZgbmqg9W71WX0egllYlEaq
d8xVgDPmsfez7FRdxWCsmxaWvp+s8ETWE7BqT217Lpe9OgX8rxgU7ArA92TaoB3h
8kGvmy/5RrEvrwfp6ogobhPzQoaxxl4HP60TOKhF8VHybmwjs1AUbPDL+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKksdYRCB17KlnWT7myk2jre5JM6MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvcVN4MWhFSUhYc3FXZFpQdWJLVGFPdDdra3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCBtMA0G
CSqGSIb3DQEBCwUAA4IBAQCFQ7ffI2qV4Yf7HzPDq1Z4ab0qxTKTk9DDImpxiWjk
pMx3ET8dky/6QBWro3StLlcxWux95CHPLcJ49jOYwxrgYrTOMi/PLYHHzDwTN7q8
7He2KJ2BwtRq3RqP4bKrUOdHYvQbVTz3VzqU5/j1/LI9KHMMbfNn7ySMiH7ZXS2X
Jf7dK/Vv9ALXNVMrnwWlmR8SccDuKkergqZ+U4+mxurnR6OcCO0g2C9W8COHBnJR
QKwJ8CYUrwLDEd7TmpXxRDZLUPYzUcN5uCXt7ox528Fos4eZHFqjbUvwhyKrojKS
N+gGs3MRPuZdokn1It95uOSR54TwviQ850TkF9pnhk8s
-----END CERTIFICATE-----