Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/Dgcz4v7oG3I4LhgnaAth0hpJWCQ.roa
File:                     Dgcz4v7oG3I4LhgnaAth0hpJWCQ.roa (raw, json)
Hash identifier:          WRqxAO4CAbzgtyju3MlE9u4Di50/qwkMlkkbllzkSMw=
Subject key identifier:   0E:07:33:E2:FE:E8:1B:72:38:2E:18:27:68:0B:61:D2:1A:49:58:24
Certificate issuer:       /CN=28c6800d74bc4105b40e77ea085ba026dbeec35f
Certificate serial:       0199BD2A7C12BEA65FCEC13B8BCF80BA757F
Authority key identifier: 28:C6:80:0D:74:BC:41:05:B4:0E:77:EA:08:5B:A0:26:DB:EE:C3:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KMaADXS8QQW0DnfqCFugJtvuw18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/Dgcz4v7oG3I4LhgnaAth0hpJWCQ.roa
Signing time:             Tue 07 Oct 2025 05:35:02 +0000
ROA not before:           Tue 07 Oct 2025 05:35:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.145.234.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/KMaADXS8QQW0DnfqCFugJtvuw18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/KMaADXS8QQW0DnfqCFugJtvuw18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KMaADXS8QQW0DnfqCFugJtvuw18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:2a:7c:12:be:a6:5f:ce:c1:3b:8b:cf:80:ba:75:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28c6800d74bc4105b40e77ea085ba026dbeec35f
        Validity
            Not Before: Oct  7 05:35:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e0733e2fee81b72382e1827680b61d21a495824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2e:f5:7a:4e:2d:5b:b1:43:34:55:91:9b:75:
                    10:93:cd:18:c1:b0:9d:2c:7a:f2:b0:e7:4f:ae:71:
                    c4:11:e8:4c:51:bd:23:da:d7:99:09:7f:34:c3:34:
                    7f:90:89:45:8b:dc:8f:58:2a:d6:5b:5c:c2:c3:28:
                    fe:11:6f:d2:86:e4:8c:5b:fb:34:22:fe:e5:23:98:
                    b1:1f:0f:6e:00:6b:7f:8e:55:31:db:97:d4:9b:79:
                    e4:4b:48:26:f1:8a:04:cb:fd:72:02:44:fe:83:55:
                    0e:bd:92:09:73:17:da:14:b1:6f:fd:5e:de:08:77:
                    e1:2a:8b:ce:56:79:af:ea:28:3c:1e:58:b4:72:11:
                    88:42:b9:93:08:bd:e0:19:4c:9c:b3:b2:c3:92:42:
                    2b:d1:7f:be:1c:d6:2c:50:9b:25:60:0d:3a:1e:65:
                    a5:5f:71:bc:32:e6:f1:70:56:11:f2:d5:03:d8:75:
                    b7:b5:b7:72:5d:7d:db:39:c1:58:4f:d7:79:e9:98:
                    a5:7a:9c:e6:7a:5d:a2:0e:6f:e0:88:64:71:1b:0d:
                    67:5d:8f:06:9c:f3:58:fe:fd:b0:95:af:9b:7d:2c:
                    df:78:5c:fd:7f:e5:28:c9:23:eb:7b:a3:d7:79:48:
                    77:ef:b4:a9:a3:70:09:68:5a:e3:86:c8:08:57:21:
                    be:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:07:33:E2:FE:E8:1B:72:38:2E:18:27:68:0B:61:D2:1A:49:58:24
            X509v3 Authority Key Identifier:
                keyid:28:C6:80:0D:74:BC:41:05:B4:0E:77:EA:08:5B:A0:26:DB:EE:C3:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KMaADXS8QQW0DnfqCFugJtvuw18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/Dgcz4v7oG3I4LhgnaAth0hpJWCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/242911-93c0-45e7-9012-4939bbfdfb86/1/KMaADXS8QQW0DnfqCFugJtvuw18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:e8:96:0f:88:f1:3b:12:59:c8:33:77:8e:18:5e:09:a9:ca:
         a7:93:de:c5:60:7e:68:bb:a3:af:39:fb:b9:da:31:22:87:b6:
         7d:2d:c1:7a:fb:ea:5a:9d:ff:88:f7:34:e3:d9:a1:6c:86:61:
         a4:00:72:ab:83:75:9b:bf:e4:fc:54:14:69:ba:20:da:cf:51:
         7e:3d:0c:28:c6:c8:21:b8:48:78:6b:3e:c6:7f:e0:db:8f:f3:
         38:61:17:85:a0:5a:96:bf:5e:51:57:bb:43:5d:4d:2d:c7:e8:
         ef:40:30:c4:a2:03:2a:0e:34:58:bb:a9:bf:c5:15:8d:67:13:
         6d:0a:2b:0a:8f:4d:b1:ed:9f:98:2e:c9:ec:00:b7:2e:90:0a:
         03:d6:79:8e:31:ed:c3:cf:ff:70:a4:dd:d2:86:d9:e8:f4:43:
         f4:78:c7:78:c6:1c:16:ea:41:0c:0e:79:f2:2d:43:7d:0d:0f:
         7e:fa:76:d8:69:a3:3c:e6:c4:99:86:20:05:86:74:7b:3f:1b:
         c7:0e:bf:93:a1:4a:20:b5:f3:8f:cc:7e:54:d8:1d:72:5b:29:
         35:40:0c:44:a3:1d:17:2a:65:d4:6f:e2:64:5d:49:36:be:9e:
         b8:22:43:f5:82:fa:4e:a8:dd:eb:ab:47:8d:05:1e:45:44:88:
         68:a6:78:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm9KnwSvqZfzsE7i8+AunV/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YzY4MDBkNzRiYzQxMDViNDBlNzdlYTA4NWJhMDI2ZGJl
ZWMzNWYwHhcNMjUxMDA3MDUzNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTA3MzNlMmZlZTgxYjcyMzgyZTE4Mjc2ODBiNjFkMjFhNDk1ODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri71ek4tW7FDNFWRm3UQk80YwbCd
LHrysOdPrnHEEehMUb0j2teZCX80wzR/kIlFi9yPWCrWW1zCwyj+EW/ShuSMW/s0
Iv7lI5ixHw9uAGt/jlUx25fUm3nkS0gm8YoEy/1yAkT+g1UOvZIJcxfaFLFv/V7e
CHfhKovOVnmv6ig8Hli0chGIQrmTCL3gGUycs7LDkkIr0X++HNYsUJslYA06HmWl
X3G8MubxcFYR8tUD2HW3tbdyXX3bOcFYT9d56Zilepzmel2iDm/giGRxGw1nXY8G
nPNY/v2wla+bfSzfeFz9f+UoySPre6PXeUh377Spo3AJaFrjhsgIVyG+twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4HM+L+6BtyOC4YJ2gLYdIaSVgkMB8GA1UdIwQY
MBaAFCjGgA10vEEFtA536ghboCbb7sNfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS01hQURYUzhRUVcwRG5mcUNGdWdKdHZ1dzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8yNDI5MTEtOTNjMC00NWU3LTkwMTIt
NDkzOWJiZmRmYjg2LzEvRGdjejR2N29HM0k0TGhnbmFBdGgwaHBKV0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8yNDI5MTEtOTNjMC00NWU3LTkwMTItNDkzOWJiZmRmYjg2
LzEvS01hQURYUzhRUVcwRG5mcUNGdWdKdHZ1dzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZHqMA0G
CSqGSIb3DQEBCwUAA4IBAQCF6JYPiPE7ElnIM3eOGF4Jqcqnk97FYH5ou6OvOfu5
2jEih7Z9LcF6++panf+I9zTj2aFshmGkAHKrg3Wbv+T8VBRpuiDaz1F+PQwoxsgh
uEh4az7Gf+Dbj/M4YReFoFqWv15RV7tDXU0tx+jvQDDEogMqDjRYu6m/xRWNZxNt
CisKj02x7Z+YLsnsALcukAoD1nmOMe3Dz/9wpN3Shtno9EP0eMd4xhwW6kEMDnny
LUN9DQ9++nbYaaM85sSZhiAFhnR7PxvHDr+ToUogtfOPzH5U2B1yWyk1QAxEox0X
KmXUb+JkXUk2vp64IkP1gvpOqN3rq0eNBR5FRIhopnho
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:39 2025 by rpki-client