Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/x8Uw5Io7vkOK8zPs7hBxf0TiEjU.roa
File:                     x8Uw5Io7vkOK8zPs7hBxf0TiEjU.roa (raw, json)
Hash identifier:          XPUCvqQGmbQXVknGSsdWcvGFgn7Y4wQAn1YOcjGGp6s=
Subject key identifier:   C7:C5:30:E4:8A:3B:BE:43:8A:F3:33:EC:EE:10:71:7F:44:E2:12:35
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0198A27F8BCA4564D34D7076E1A58199C0A6
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/x8Uw5Io7vkOK8zPs7hBxf0TiEjU.roa
Signing time:             Wed 13 Aug 2025 08:15:24 +0000
ROA not before:           Wed 13 Aug 2025 08:15:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.146.200.0/23 maxlen: 23
                          45.146.200.0/24 maxlen: 24
                          45.146.202.0/23 maxlen: 24
                          45.146.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:7f:8b:ca:45:64:d3:4d:70:76:e1:a5:81:99:c0:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Aug 13 08:15:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7c530e48a3bbe438af333ecee10717f44e21235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f8:41:d1:26:d9:87:79:cd:ff:9d:39:37:0b:
                    3a:c7:91:40:33:56:09:1f:53:a1:06:94:6e:47:f5:
                    08:c3:89:1a:9f:8f:a3:b1:69:3d:17:46:a9:ab:c2:
                    47:35:6c:c4:00:f4:8f:24:06:5a:a4:ad:3e:29:91:
                    2b:46:44:25:ee:52:8d:03:fa:4e:0f:f7:8a:1f:a4:
                    0d:46:69:e1:6b:8d:64:d3:48:a2:96:9e:c1:6b:46:
                    f7:24:3e:02:71:45:be:9c:03:56:8d:61:d4:b5:b2:
                    d4:09:e5:ed:ae:c4:76:e5:6f:a9:ee:37:51:ab:5e:
                    a7:87:0d:21:9e:70:bd:c9:4d:ee:7f:5c:93:a0:36:
                    34:a5:c0:e2:a9:ff:f5:43:45:c2:d0:07:a5:36:18:
                    19:4c:a4:95:7c:db:f0:56:45:86:30:64:e0:56:51:
                    7e:5b:86:2e:97:99:69:51:a9:6b:4e:ac:e9:3f:51:
                    f3:99:99:b5:b0:ec:02:cd:1d:c1:1f:b0:ad:ba:47:
                    7a:bf:ac:db:8c:62:d1:e3:32:e6:dc:5f:c1:e0:48:
                    ff:9b:e8:fc:05:ce:dd:e1:bb:e5:3b:54:5d:19:e8:
                    cb:77:bd:fb:84:03:17:b6:66:52:3c:7d:2a:c7:fc:
                    d9:52:38:2d:c5:08:a3:a2:41:a8:ef:4f:5b:67:45:
                    d3:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C5:30:E4:8A:3B:BE:43:8A:F3:33:EC:EE:10:71:7F:44:E2:12:35
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/x8Uw5Io7vkOK8zPs7hBxf0TiEjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:35:8a:0b:f2:0e:97:4e:87:f7:0c:9a:7a:d0:ee:24:aa:5c:
         dd:c5:0a:d0:2f:1f:53:de:97:4b:c8:85:63:08:8f:7a:b1:fa:
         9d:27:34:45:78:31:6b:f8:b6:4d:13:5c:06:7f:eb:ae:ba:d8:
         7d:bd:92:7f:74:85:f4:cb:38:15:e5:e1:e5:35:65:8b:ac:35:
         30:b1:0a:e0:5f:be:2d:f9:d9:8b:2e:6a:1a:2e:da:db:8f:41:
         4b:8b:96:09:cb:f5:14:f0:6a:bd:36:2b:86:ff:11:75:d6:71:
         5e:0f:ea:08:de:c3:80:b2:8f:a7:2b:59:66:55:52:75:ac:d6:
         cd:79:0b:86:96:5f:9e:a0:22:6b:31:bc:c9:23:a9:62:a8:5c:
         57:8f:b2:dc:f6:06:ed:49:9c:21:48:a8:86:2b:b6:0b:eb:47:
         03:6b:c1:a1:b3:e9:94:f1:52:5d:80:28:9f:df:de:e2:94:9a:
         9f:2d:13:83:90:bf:6d:ba:7a:0b:66:67:4c:0e:65:ea:8b:66:
         8d:ef:c6:89:ab:3f:ff:3d:61:61:a7:64:d4:71:7c:fe:8b:2c:
         3f:0e:6e:82:02:e2:23:91:fa:fb:b0:26:01:66:e2:cb:83:f6:
         0a:f2:7b:22:8f:71:32:74:34:2d:d1:01:20:bc:3e:f6:a9:b2:
         d5:96:2d:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiif4vKRWTTTXB24aWBmcCmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwODEzMDgxNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2M1MzBlNDhhM2JiZTQzOGFmMzMzZWNlZTEwNzE3ZjQ0ZTIxMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vhB0SbZh3nN/505Nws6x5FAM1YJ
H1OhBpRuR/UIw4kan4+jsWk9F0apq8JHNWzEAPSPJAZapK0+KZErRkQl7lKNA/pO
D/eKH6QNRmnha41k00iilp7Ba0b3JD4CcUW+nANWjWHUtbLUCeXtrsR25W+p7jdR
q16nhw0hnnC9yU3uf1yToDY0pcDiqf/1Q0XC0AelNhgZTKSVfNvwVkWGMGTgVlF+
W4Yul5lpUalrTqzpP1HzmZm1sOwCzR3BH7Ctukd6v6zbjGLR4zLm3F/B4Ej/m+j8
Bc7d4bvlO1RdGejLd737hAMXtmZSPH0qx/zZUjgtxQijokGo709bZ0XT3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfFMOSKO75DivMz7O4QcX9E4hI1MB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEveDhVdzVJbzd2a09LOHpQczdoQnhmMFRpRWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZLIMA0G
CSqGSIb3DQEBCwUAA4IBAQC1NYoL8g6XTof3DJp60O4kqlzdxQrQLx9T3pdLyIVj
CI96sfqdJzRFeDFr+LZNE1wGf+uuuth9vZJ/dIX0yzgV5eHlNWWLrDUwsQrgX74t
+dmLLmoaLtrbj0FLi5YJy/UU8Gq9NiuG/xF11nFeD+oI3sOAso+nK1lmVVJ1rNbN
eQuGll+eoCJrMbzJI6liqFxXj7Lc9gbtSZwhSKiGK7YL60cDa8Ghs+mU8VJdgCif
397ilJqfLRODkL9tunoLZmdMDmXqi2aN78aJqz//PWFhp2TUcXz+iyw/Dm6CAuIj
kfr7sCYBZuLLg/YK8nsij3EydDQt0QEgvD72qbLVli32
-----END CERTIFICATE-----