Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/y2O7EFyTCZe9AKwwDb22LWG0yCI.roa
File:                     y2O7EFyTCZe9AKwwDb22LWG0yCI.roa (raw, json)
Hash identifier:          U9FKebiopQwquQvtoSvv9ytXHJwz57u/zT9tb3tcvHc=
Subject key identifier:   CB:63:BB:10:5C:93:09:97:BD:00:AC:30:0D:BD:B6:2D:61:B4:C8:22
Certificate issuer:       /CN=5954b6183e459748c89ee5431b8f31de692ae3b7
Certificate serial:       0198A8C168A4DB8B51BACFFFA8A93FF0DCD1
Authority key identifier: 59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/y2O7EFyTCZe9AKwwDb22LWG0yCI.roa
Signing time:             Thu 14 Aug 2025 13:25:04 +0000
ROA not before:           Thu 14 Aug 2025 13:25:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43180
IP address blocks:        84.37.44.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:c1:68:a4:db:8b:51:ba:cf:ff:a8:a9:3f:f0:dc:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5954b6183e459748c89ee5431b8f31de692ae3b7
        Validity
            Not Before: Aug 14 13:25:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb63bb105c930997bd00ac300dbdb62d61b4c822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:b6:60:25:8b:bb:f6:95:4a:92:e5:bf:ef:da:
                    4a:6d:80:b1:54:05:91:ac:ba:16:11:5f:27:e5:59:
                    3c:10:a7:8f:4a:96:16:4d:30:b0:9b:c5:7c:9d:42:
                    6c:52:56:bf:53:b6:87:3f:5c:6c:44:4e:d2:f2:eb:
                    bc:40:28:91:b4:14:dd:b4:fa:5e:1d:8b:8d:85:a0:
                    ea:f4:bf:84:ca:29:56:57:56:84:e9:28:a2:d4:67:
                    f1:55:bf:3e:3e:8a:c7:c6:6c:85:94:ad:ed:26:7a:
                    2b:cd:d3:ed:28:d9:6e:ba:82:dd:8b:8b:e0:12:c9:
                    96:a0:da:c0:cf:4c:80:1c:3b:4a:f6:69:e3:4c:dc:
                    d6:a2:39:89:30:ce:06:00:07:62:e9:8c:33:3e:cc:
                    3a:8b:80:d5:5e:ac:f2:dc:07:21:c6:df:92:bb:f3:
                    45:cb:6b:08:1e:e9:64:84:3b:99:7e:20:b3:67:a1:
                    e3:7c:88:f7:ac:02:25:88:2a:72:fb:59:ad:06:95:
                    eb:1f:36:c4:f1:ae:2b:a9:ae:32:1e:b1:c7:8e:ed:
                    89:fd:11:8b:b6:33:d3:ca:d3:d3:9c:f7:ec:71:69:
                    1e:1c:21:0a:d0:3d:b6:0d:4e:18:c6:a5:7d:0f:e9:
                    4f:c1:5a:f8:81:3b:f3:d2:97:b6:d6:fb:66:23:0a:
                    56:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:63:BB:10:5C:93:09:97:BD:00:AC:30:0D:BD:B6:2D:61:B4:C8:22
            X509v3 Authority Key Identifier:
                keyid:59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/y2O7EFyTCZe9AKwwDb22LWG0yCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.37.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:7e:00:4b:5c:2d:fc:28:35:7e:36:c8:43:d5:d8:c1:2c:ed:
         11:0f:65:91:50:09:9f:28:d9:a2:42:ca:2d:a5:b4:33:2c:27:
         c7:83:53:c1:66:f5:c9:9b:cb:0e:47:a9:65:12:b2:0f:34:52:
         15:93:9d:43:dc:de:f1:02:f8:f0:62:57:1f:bd:a3:06:3a:85:
         48:7b:6f:6a:3b:f8:0e:25:28:45:9b:c7:f2:82:5b:0f:bd:ac:
         f8:a3:36:bc:99:c4:73:a6:fc:f7:74:ef:0e:6f:c5:f4:1e:a5:
         68:3b:79:42:e2:07:0e:7d:57:88:f2:4a:46:de:d9:ae:e2:f0:
         4f:c2:85:3d:04:a9:c5:20:c2:28:86:72:42:53:a0:19:d9:b3:
         d5:07:b1:52:a3:b4:65:4d:e9:c2:84:c8:79:f9:d3:f4:00:30:
         47:e5:a7:c1:12:8e:b9:f6:cb:30:9b:4a:91:d1:5a:9f:ad:f9:
         30:70:25:93:cf:20:71:ac:44:de:e1:3f:c3:e5:78:76:12:aa:
         f9:af:e4:a2:54:6b:11:26:c1:13:b7:53:1f:41:ea:71:64:40:
         bc:be:28:7a:a5:57:97:20:e9:61:df:90:e7:39:f6:52:af:7e:
         45:0c:c2:a0:6a:42:d5:a2:7d:38:70:a4:9d:61:a4:50:72:4f:
         22:1e:56:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiowWik24tRus//qKk/8NzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NTRiNjE4M2U0NTk3NDhjODllZTU0MzFiOGYzMWRlNjky
YWUzYjcwHhcNMjUwODE0MTMyNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjYzYmIxMDVjOTMwOTk3YmQwMGFjMzAwZGJkYjYyZDYxYjRjODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bZgJYu79pVKkuW/79pKbYCxVAWR
rLoWEV8n5Vk8EKePSpYWTTCwm8V8nUJsUla/U7aHP1xsRE7S8uu8QCiRtBTdtPpe
HYuNhaDq9L+EyilWV1aE6Sii1GfxVb8+PorHxmyFlK3tJnorzdPtKNluuoLdi4vg
EsmWoNrAz0yAHDtK9mnjTNzWojmJMM4GAAdi6YwzPsw6i4DVXqzy3Achxt+Su/NF
y2sIHulkhDuZfiCzZ6HjfIj3rAIliCpy+1mtBpXrHzbE8a4rqa4yHrHHju2J/RGL
tjPTytPTnPfscWkeHCEK0D22DU4YxqV9D+lPwVr4gTvz0pe21vtmIwpW4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtjuxBckwmXvQCsMA29ti1htMgiMB8GA1UdIwQY
MBaAFFlUthg+RZdIyJ7lQxuPMd5pKuO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMt
ZDJhZGVlZDc1NWQ4LzEveTJPN0VGeVRDWmU5QUt3d0RiMjJMV0cweUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMtZDJhZGVlZDc1NWQ4
LzEvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVCUsMA0G
CSqGSIb3DQEBCwUAA4IBAQCDfgBLXC38KDV+NshD1djBLO0RD2WRUAmfKNmiQsot
pbQzLCfHg1PBZvXJm8sOR6llErIPNFIVk51D3N7xAvjwYlcfvaMGOoVIe29qO/gO
JShFm8fyglsPvaz4oza8mcRzpvz3dO8Ob8X0HqVoO3lC4gcOfVeI8kpG3tmu4vBP
woU9BKnFIMIohnJCU6AZ2bPVB7FSo7RlTenChMh5+dP0ADBH5afBEo659sswm0qR
0VqfrfkwcCWTzyBxrETe4T/D5Xh2Eqr5r+SiVGsRJsETt1MfQepxZEC8vih6pVeX
IOlh35DnOfZSr35FDMKgakLVon04cKSdYaRQck8iHlbt
-----END CERTIFICATE-----