Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/54NKMWq0L3IIIGrYlD4JaLMKdWc.roa
File:                     54NKMWq0L3IIIGrYlD4JaLMKdWc.roa (raw, json)
Hash identifier:          nMietHH485C6qExyXaoO0fEvgFmJMC/Kq1HNjgMaTZI=
Subject key identifier:   E7:83:4A:31:6A:B4:2F:72:08:20:6A:D8:94:3E:09:68:B3:0A:75:67
Certificate issuer:       /CN=082b54b05af5e3e8743e7bf4af41ea622bb09411
Certificate serial:       019995C68A806EC08C5EE3E0F16F96250FEF
Authority key identifier: 08:2B:54:B0:5A:F5:E3:E8:74:3E:7B:F4:AF:41:EA:62:2B:B0:94:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CCtUsFr14-h0Pnv0r0HqYiuwlBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/54NKMWq0L3IIIGrYlD4JaLMKdWc.roa
Signing time:             Mon 29 Sep 2025 14:00:40 +0000
ROA not before:           Mon 29 Sep 2025 14:00:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6951
IP address blocks:        193.163.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/CCtUsFr14-h0Pnv0r0HqYiuwlBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/CCtUsFr14-h0Pnv0r0HqYiuwlBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CCtUsFr14-h0Pnv0r0HqYiuwlBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:95:c6:8a:80:6e:c0:8c:5e:e3:e0:f1:6f:96:25:0f:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=082b54b05af5e3e8743e7bf4af41ea622bb09411
        Validity
            Not Before: Sep 29 14:00:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7834a316ab42f7208206ad8943e0968b30a7567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5e:81:4a:bb:ef:9e:1e:aa:18:c5:87:37:a2:
                    54:8f:7f:90:02:bf:52:66:80:f4:7a:d8:cd:52:b6:
                    f9:52:39:da:a6:95:3d:cf:34:c5:89:84:4e:b9:56:
                    40:da:e9:41:a9:0e:ab:21:c2:a1:d5:17:95:74:63:
                    be:3c:b4:02:b2:1c:ae:fd:bc:d9:6f:16:9a:31:1f:
                    02:60:82:40:b8:74:2d:db:a3:14:b6:fd:64:9b:87:
                    87:f6:86:96:a8:96:2e:04:9c:68:ed:ba:84:ac:2b:
                    af:9e:a4:37:4b:6d:91:23:88:91:c9:ee:24:00:af:
                    14:55:84:66:60:13:50:7f:1f:2c:59:1d:f7:c8:24:
                    4b:f6:ac:46:30:27:e1:4b:e9:b5:d4:0f:68:cc:c4:
                    c5:79:aa:fa:58:53:69:09:87:5f:35:f6:13:96:1b:
                    7d:0d:e1:65:51:72:42:44:7b:17:6c:2e:b9:77:b9:
                    d8:a4:b8:b7:86:e1:81:32:00:cb:d1:5c:5b:04:51:
                    32:7b:e2:a4:79:f1:a8:9d:61:ac:53:9d:7c:55:e8:
                    9c:4a:f5:4c:47:dd:04:33:97:31:07:b0:cd:95:e1:
                    9d:a2:56:6a:e1:61:3f:f1:a8:33:c6:e5:4b:d2:cf:
                    59:03:56:94:47:39:33:4c:85:6d:ca:bf:b4:b4:c9:
                    58:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:83:4A:31:6A:B4:2F:72:08:20:6A:D8:94:3E:09:68:B3:0A:75:67
            X509v3 Authority Key Identifier:
                keyid:08:2B:54:B0:5A:F5:E3:E8:74:3E:7B:F4:AF:41:EA:62:2B:B0:94:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CCtUsFr14-h0Pnv0r0HqYiuwlBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/54NKMWq0L3IIIGrYlD4JaLMKdWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/CCtUsFr14-h0Pnv0r0HqYiuwlBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:ef:13:54:39:d8:5d:ed:1a:6d:4f:87:0a:dd:f3:77:84:38:
         dd:7a:e0:df:37:ee:ee:87:2f:da:78:67:9f:8a:bd:f9:dc:cc:
         64:ee:e1:f4:c2:ee:3a:04:78:f2:f8:58:f5:ca:ba:69:d8:0c:
         c3:9a:c5:27:f2:0c:56:c0:85:0f:fc:92:bd:4c:de:54:d7:58:
         ac:fa:20:1d:0c:60:65:2b:66:2a:a5:bc:30:ac:a3:1d:e2:fc:
         a5:5e:e3:78:7f:f2:da:78:dc:e3:48:74:55:8a:d1:aa:91:98:
         70:cb:65:f6:10:cd:31:40:cd:07:59:15:34:e7:b5:62:af:e6:
         29:bd:36:d2:e1:b0:57:36:44:fa:3a:0b:dd:a2:a9:6b:01:5a:
         a1:b6:0c:b8:3d:15:4f:7d:a9:f5:20:bb:5d:9e:3b:71:4f:11:
         2c:e2:24:9d:1e:05:8b:ea:98:2d:ea:b0:aa:12:98:64:2e:d1:
         d1:d4:af:4e:fb:a9:07:03:af:a1:a3:cd:24:eb:e9:73:a6:49:
         d4:44:7f:a8:a7:91:98:13:49:38:e5:a5:20:fc:cc:be:72:8a:
         cd:8b:9f:2c:eb:02:41:5e:9a:4d:37:01:75:3b:85:52:e9:9d:
         c6:7a:2c:5a:5f:a6:2b:c1:6c:33:d3:c7:69:3e:1a:1d:c0:cc:
         f2:77:5a:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmVxoqAbsCMXuPg8W+WJQ/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MmI1NGIwNWFmNWUzZTg3NDNlN2JmNGFmNDFlYTYyMmJi
MDk0MTEwHhcNMjUwOTI5MTQwMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzgzNGEzMTZhYjQyZjcyMDgyMDZhZDg5NDNlMDk2OGIzMGE3NTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu16BSrvvnh6qGMWHN6JUj3+QAr9S
ZoD0etjNUrb5UjnappU9zzTFiYROuVZA2ulBqQ6rIcKh1ReVdGO+PLQCshyu/bzZ
bxaaMR8CYIJAuHQt26MUtv1km4eH9oaWqJYuBJxo7bqErCuvnqQ3S22RI4iRye4k
AK8UVYRmYBNQfx8sWR33yCRL9qxGMCfhS+m11A9ozMTFear6WFNpCYdfNfYTlht9
DeFlUXJCRHsXbC65d7nYpLi3huGBMgDL0VxbBFEye+KkefGonWGsU518VeicSvVM
R90EM5cxB7DNleGdolZq4WE/8agzxuVL0s9ZA1aURzkzTIVtyr+0tMlY1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOeDSjFqtC9yCCBq2JQ+CWizCnVnMB8GA1UdIwQY
MBaAFAgrVLBa9ePodD579K9B6mIrsJQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0N0VXNGcjE0LWgwUG52MHIwSHFZaXV3bEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8wOTAwYTEtOTI0Zi00OTZhLWFkNGMt
MTk1MDYwNjcxYTBjLzEvNTROS01XcTBMM0lJSUdyWWxENEphTE1LZFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8wOTAwYTEtOTI0Zi00OTZhLWFkNGMtMTk1MDYwNjcxYTBj
LzEvQ0N0VXNGcjE0LWgwUG52MHIwSHFZaXV3bEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMwMA0G
CSqGSIb3DQEBCwUAA4IBAQCu7xNUOdhd7RptT4cK3fN3hDjdeuDfN+7uhy/aeGef
ir353Mxk7uH0wu46BHjy+Fj1yrpp2AzDmsUn8gxWwIUP/JK9TN5U11is+iAdDGBl
K2YqpbwwrKMd4vylXuN4f/LaeNzjSHRVitGqkZhwy2X2EM0xQM0HWRU057Vir+Yp
vTbS4bBXNkT6OgvdoqlrAVqhtgy4PRVPfan1ILtdnjtxTxEs4iSdHgWL6pgt6rCq
EphkLtHR1K9O+6kHA6+ho80k6+lzpknURH+op5GYE0k45aUg/My+corNi58s6wJB
XppNNwF1O4VS6Z3GeixaX6YrwWwz08dpPhodwMzyd1rc
-----END CERTIFICATE-----