Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/sHdu33NpNlnT-Jku9u0Zy1Z6c6c.roa
File:                     sHdu33NpNlnT-Jku9u0Zy1Z6c6c.roa (raw, json)
Hash identifier:          0/KiMFssPB+iZ5FRW5LM6VjPIMPZYHp1bzR30BWFOfY=
Subject key identifier:   B0:77:6E:DF:73:69:36:59:D3:F8:99:2E:F6:ED:19:CB:56:7A:73:A7
Certificate issuer:       /CN=5954b6183e459748c89ee5431b8f31de692ae3b7
Certificate serial:       0198A20308FB1D12C3FFEC1443A41E875808
Authority key identifier: 59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/sHdu33NpNlnT-Jku9u0Zy1Z6c6c.roa
Signing time:             Wed 13 Aug 2025 05:59:24 +0000
ROA not before:           Wed 13 Aug 2025 05:59:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45014
IP address blocks:        212.11.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:03:08:fb:1d:12:c3:ff:ec:14:43:a4:1e:87:58:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5954b6183e459748c89ee5431b8f31de692ae3b7
        Validity
            Not Before: Aug 13 05:59:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0776edf73693659d3f8992ef6ed19cb567a73a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:cf:13:84:60:97:c0:dc:8f:a6:ff:11:27:d6:
                    8a:2a:6f:bf:87:81:60:5f:e8:d6:a8:30:71:6b:19:
                    3d:c2:31:b1:e7:2f:92:1f:91:94:8f:0b:1c:22:3f:
                    d9:f6:8b:5c:ef:20:be:37:be:7a:82:94:9b:ca:65:
                    09:8a:e4:35:60:76:2b:1a:10:af:0d:1a:3a:8f:f4:
                    02:c9:28:87:05:63:35:ea:38:69:85:87:e3:a5:29:
                    49:1a:cc:0d:70:55:84:f1:d2:81:04:b1:fe:d5:ad:
                    d7:78:d0:42:ea:03:7b:b9:21:81:b4:9d:b0:81:31:
                    b5:ee:99:0a:11:ae:87:05:78:1a:22:84:71:a6:a1:
                    6a:a8:d7:36:b2:de:00:18:fb:f8:9e:f8:4a:dc:38:
                    40:27:dc:40:d0:fa:1c:dd:e0:9f:bc:95:4e:90:0d:
                    ff:c9:81:0c:5d:03:a1:1e:b5:70:fa:82:3a:14:8d:
                    e8:19:a5:f8:a6:6e:8d:eb:8c:e9:be:e4:5d:ea:74:
                    76:e0:db:14:3c:92:ed:47:ac:00:28:97:1f:04:ef:
                    27:28:24:79:51:34:32:eb:76:de:44:32:65:22:4a:
                    c5:e8:d6:43:56:51:60:ee:e6:f2:6b:a1:e0:02:84:
                    6b:c7:34:e2:72:e5:77:97:cd:78:3e:3b:98:68:38:
                    b9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:77:6E:DF:73:69:36:59:D3:F8:99:2E:F6:ED:19:CB:56:7A:73:A7
            X509v3 Authority Key Identifier:
                keyid:59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/sHdu33NpNlnT-Jku9u0Zy1Z6c6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.11.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:96:65:cc:89:63:40:b4:df:73:b6:f8:71:98:10:36:ed:79:
         40:d4:97:9a:07:49:5f:43:4f:1a:16:44:4c:6c:4d:25:98:87:
         17:68:44:13:94:af:57:97:64:86:49:33:48:cb:e4:cf:b6:a3:
         e3:d9:2c:6d:10:a2:79:15:83:1d:77:6d:6c:d1:9b:34:02:ff:
         a0:d9:89:2c:ef:fe:aa:cf:48:81:b6:3c:2d:46:ec:f2:30:7b:
         12:6a:09:ad:41:82:2b:09:1f:34:79:3e:75:56:c7:62:b7:14:
         c7:bc:7e:f1:d3:1f:8e:77:59:9f:a4:b7:25:e3:1f:18:5a:c4:
         27:2f:eb:74:2d:f7:62:27:ec:4a:63:a7:65:94:77:d1:89:61:
         9f:55:f6:40:7b:6d:79:1d:91:8b:cb:c4:97:9e:ad:76:6f:c9:
         3f:d4:84:f2:22:01:58:28:61:82:50:40:6f:6b:e0:79:b0:5a:
         76:cd:8b:4e:2a:c6:11:eb:16:eb:37:e7:f2:64:4f:88:c5:3f:
         9b:e0:47:02:a3:4d:f1:26:dc:93:d6:9a:ae:ec:1a:ab:0a:f4:
         c4:d8:58:91:5f:45:ec:f6:bf:79:11:ba:f0:9e:94:23:4f:c7:
         7b:ee:d8:93:9e:e0:80:f3:b4:6f:7e:b2:e1:d5:93:73:4c:48:
         92:bb:a0:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiiAwj7HRLD/+wUQ6Qeh1gIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NTRiNjE4M2U0NTk3NDhjODllZTU0MzFiOGYzMWRlNjky
YWUzYjcwHhcNMjUwODEzMDU1OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDc3NmVkZjczNjkzNjU5ZDNmODk5MmVmNmVkMTljYjU2N2E3M2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c8ThGCXwNyPpv8RJ9aKKm+/h4Fg
X+jWqDBxaxk9wjGx5y+SH5GUjwscIj/Z9otc7yC+N756gpSbymUJiuQ1YHYrGhCv
DRo6j/QCySiHBWM16jhphYfjpSlJGswNcFWE8dKBBLH+1a3XeNBC6gN7uSGBtJ2w
gTG17pkKEa6HBXgaIoRxpqFqqNc2st4AGPv4nvhK3DhAJ9xA0Poc3eCfvJVOkA3/
yYEMXQOhHrVw+oI6FI3oGaX4pm6N64zpvuRd6nR24NsUPJLtR6wAKJcfBO8nKCR5
UTQy63beRDJlIkrF6NZDVlFg7ubya6HgAoRrxzTicuV3l814PjuYaDi5xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLB3bt9zaTZZ0/iZLvbtGctWenOnMB8GA1UdIwQY
MBaAFFlUthg+RZdIyJ7lQxuPMd5pKuO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMt
ZDJhZGVlZDc1NWQ4LzEvc0hkdTMzTnBObG5ULUprdTl1MFp5MVo2YzZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMtZDJhZGVlZDc1NWQ4
LzEvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AsSMA0G
CSqGSIb3DQEBCwUAA4IBAQCMlmXMiWNAtN9ztvhxmBA27XlA1JeaB0lfQ08aFkRM
bE0lmIcXaEQTlK9Xl2SGSTNIy+TPtqPj2SxtEKJ5FYMdd21s0Zs0Av+g2Yks7/6q
z0iBtjwtRuzyMHsSagmtQYIrCR80eT51VsditxTHvH7x0x+Od1mfpLcl4x8YWsQn
L+t0LfdiJ+xKY6dllHfRiWGfVfZAe215HZGLy8SXnq12b8k/1ITyIgFYKGGCUEBv
a+B5sFp2zYtOKsYR6xbrN+fyZE+IxT+b4EcCo03xJtyT1pqu7BqrCvTE2FiRX0Xs
9r95EbrwnpQjT8d77tiTnuCA87RvfrLh1ZNzTEiSu6Bp
-----END CERTIFICATE-----