Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/4PFxlTOs-98tpvMHS5yXn75NOOM.roa
File:                     4PFxlTOs-98tpvMHS5yXn75NOOM.roa (raw, json)
Hash identifier:          NikMUSzzpLJM1+OSBrAyuxchZ1m24pIf1f/fleT58OE=
Subject key identifier:   E0:F1:71:95:33:AC:FB:DF:2D:A6:F3:07:4B:9C:97:9F:BE:4D:38:E3
Certificate issuer:       /CN=b453a86fd3081b803edc10d23bbeda91d7932025
Certificate serial:       01994D0DD29752DBC4921485165E601EBF06
Authority key identifier: B4:53:A8:6F:D3:08:1B:80:3E:DC:10:D2:3B:BE:DA:91:D7:93:20:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFOob9MIG4A-3BDSO77akdeTICU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/4PFxlTOs-98tpvMHS5yXn75NOOM.roa
Signing time:             Mon 15 Sep 2025 11:06:15 +0000
ROA not before:           Mon 15 Sep 2025 11:06:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43623
IP address blocks:        193.22.46.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/tFOob9MIG4A-3BDSO77akdeTICU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/tFOob9MIG4A-3BDSO77akdeTICU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFOob9MIG4A-3BDSO77akdeTICU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4d:0d:d2:97:52:db:c4:92:14:85:16:5e:60:1e:bf:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b453a86fd3081b803edc10d23bbeda91d7932025
        Validity
            Not Before: Sep 15 11:06:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0f1719533acfbdf2da6f3074b9c979fbe4d38e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:15:75:04:87:0f:1e:48:44:a8:a9:41:21:2a:
                    67:e7:1a:59:c8:b3:d3:c6:26:b5:4b:f3:2c:18:99:
                    bd:aa:fb:79:6f:a2:e3:51:d4:2b:e3:b8:95:ee:e9:
                    bb:9f:85:c7:da:da:68:a0:47:0c:39:39:45:2b:a9:
                    54:f4:eb:72:ba:cb:b3:e9:41:18:cb:eb:07:83:5d:
                    f6:2f:a1:8e:cd:1d:ef:51:f1:13:70:37:43:62:6e:
                    0d:c8:39:aa:66:ee:10:ed:75:3b:dd:1e:d0:a1:e5:
                    c3:12:d7:b4:7f:2f:2f:c7:e7:12:89:6a:6f:61:73:
                    37:61:18:5d:ac:f4:9b:be:f1:65:12:9e:e2:e4:71:
                    2e:b5:11:00:d8:46:59:a5:72:bf:33:b9:f1:8e:a3:
                    36:f6:af:59:34:17:5d:8e:bd:d1:67:5a:92:af:a0:
                    c9:7c:08:77:3d:1f:ba:24:1d:3d:4e:08:5b:4d:c1:
                    81:40:29:0a:55:1a:6c:5f:40:24:e3:c4:40:6b:d3:
                    e4:ad:12:a6:6d:0e:7a:25:48:1c:f9:24:69:ac:5d:
                    d4:fd:b4:27:eb:06:09:bd:77:e8:67:7d:32:83:49:
                    2a:16:a1:cd:14:55:62:3d:08:a8:2e:9f:9a:46:0a:
                    43:61:2f:d0:f4:ee:c3:5f:1a:57:53:d0:3c:1c:98:
                    07:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:F1:71:95:33:AC:FB:DF:2D:A6:F3:07:4B:9C:97:9F:BE:4D:38:E3
            X509v3 Authority Key Identifier:
                keyid:B4:53:A8:6F:D3:08:1B:80:3E:DC:10:D2:3B:BE:DA:91:D7:93:20:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFOob9MIG4A-3BDSO77akdeTICU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/4PFxlTOs-98tpvMHS5yXn75NOOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/tFOob9MIG4A-3BDSO77akdeTICU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b6:7e:d5:e6:c3:86:39:21:94:e6:1d:d5:ed:14:4a:fc:d8:c9:
         e1:ac:92:80:ee:46:c0:bd:25:98:8b:3d:ee:3f:f7:72:dd:f2:
         72:02:64:3f:23:9b:db:2f:34:8a:f2:9d:b5:a7:a5:22:02:8c:
         8a:73:fc:ab:aa:f2:07:d3:8f:14:3a:94:cd:8c:a3:9a:50:6c:
         b8:fe:db:8a:16:3e:02:bc:3b:23:48:e7:cf:19:36:d1:95:f3:
         e4:40:43:00:ab:01:fb:ec:7c:cd:0a:42:55:10:36:8a:06:dd:
         ce:c0:cd:e2:6d:a9:78:85:67:98:61:2f:d6:89:54:a1:2a:f6:
         6a:57:6b:be:41:09:94:11:8f:65:1c:f9:bf:4d:4c:f5:d2:d2:
         dd:99:a9:a0:fc:ff:9d:2f:cd:3a:b5:ed:1a:92:35:25:64:c0:
         7f:c8:3e:20:79:2a:b6:f9:c2:83:6b:ce:a3:0f:29:74:cb:80:
         58:f4:1d:32:24:77:67:ea:d9:26:bc:c8:9b:75:e9:53:7b:7d:
         b7:be:9e:f0:0a:20:bf:ef:0e:be:04:0b:d0:ac:1d:61:25:0c:
         13:f0:bc:2c:74:1a:6a:b7:22:de:21:a4:54:99:6a:63:77:05:
         ca:ac:97:18:6a:ee:6d:9d:b9:cf:77:41:b9:b0:73:f4:da:d4:
         cc:cc:67:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlNDdKXUtvEkhSFFl5gHr8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTNhODZmZDMwODFiODAzZWRjMTBkMjNiYmVkYTkxZDc5
MzIwMjUwHhcNMjUwOTE1MTEwNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGYxNzE5NTMzYWNmYmRmMmRhNmYzMDc0YjljOTc5ZmJlNGQzOGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxV1BIcPHkhEqKlBISpn5xpZyLPT
xia1S/MsGJm9qvt5b6LjUdQr47iV7um7n4XH2tpooEcMOTlFK6lU9Otyusuz6UEY
y+sHg132L6GOzR3vUfETcDdDYm4NyDmqZu4Q7XU73R7QoeXDEte0fy8vx+cSiWpv
YXM3YRhdrPSbvvFlEp7i5HEutREA2EZZpXK/M7nxjqM29q9ZNBddjr3RZ1qSr6DJ
fAh3PR+6JB09TghbTcGBQCkKVRpsX0Ak48RAa9PkrRKmbQ56JUgc+SRprF3U/bQn
6wYJvXfoZ30yg0kqFqHNFFViPQioLp+aRgpDYS/Q9O7DXxpXU9A8HJgHOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODxcZUzrPvfLabzB0ucl5++TTjjMB8GA1UdIwQY
MBaAFLRTqG/TCBuAPtwQ0ju+2pHXkyAlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZPb2I5TUlHNEEtM0JEU083N2FrZGVUSUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yMjVhZjktZjNmNS00OWU0LWJhMTAt
ZjVlYTAxMmI4NGZjLzEvNFBGeGxUT3MtOTh0cHZNSFM1eVhuNzVOT09NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yMjVhZjktZjNmNS00OWU0LWJhMTAtZjVlYTAxMmI4NGZj
LzEvdEZPb2I5TUlHNEEtM0JEU083N2FrZGVUSUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRYuMA0G
CSqGSIb3DQEBCwUAA4IBAQC2ftXmw4Y5IZTmHdXtFEr82MnhrJKA7kbAvSWYiz3u
P/dy3fJyAmQ/I5vbLzSK8p21p6UiAoyKc/yrqvIH048UOpTNjKOaUGy4/tuKFj4C
vDsjSOfPGTbRlfPkQEMAqwH77HzNCkJVEDaKBt3OwM3ibal4hWeYYS/WiVShKvZq
V2u+QQmUEY9lHPm/TUz10tLdmamg/P+dL806te0akjUlZMB/yD4geSq2+cKDa86j
Dyl0y4BY9B0yJHdn6tkmvMibdelTe323vp7wCiC/7w6+BAvQrB1hJQwT8LwsdBpq
tyLeIaRUmWpjdwXKrJcYau5tnbnPd0G5sHP02tTMzGft
-----END CERTIFICATE-----