Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/41dc75-1f32-4edd-a94c-f5ec403fdacf/1/VuGkSohHUfq_yXd_IRur3wQhe6Y.roa
File:                     VuGkSohHUfq_yXd_IRur3wQhe6Y.roa (raw, json)
Hash identifier:          BWYBYUzZHQt0NYFkHSXMP74Q5d+hL0sst0bi6Iqm6QQ=
Subject key identifier:   56:E1:A4:4A:88:47:51:FA:BF:C9:77:7F:21:1B:AB:DF:04:21:7B:A6
Certificate issuer:       /CN=4766c6d9ad21cd4118a0448264d6fb35d55f14c0
Certificate serial:       0197ABDF3AA7F5CC3F5874DF113294667E91
Authority key identifier: 47:66:C6:D9:AD:21:CD:41:18:A0:44:82:64:D6:FB:35:D5:5F:14:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R2bG2a0hzUEYoESCZNb7NdVfFMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/41dc75-1f32-4edd-a94c-f5ec403fdacf/1/VuGkSohHUfq_yXd_IRur3wQhe6Y.roa
Signing time:             Thu 26 Jun 2025 10:53:42 +0000
ROA not before:           Thu 26 Jun 2025 10:53:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.45.108.0/23 maxlen: 23
                          2a02:22f0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/41dc75-1f32-4edd-a94c-f5ec403fdacf/1/R2bG2a0hzUEYoESCZNb7NdVfFMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/41dc75-1f32-4edd-a94c-f5ec403fdacf/1/R2bG2a0hzUEYoESCZNb7NdVfFMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R2bG2a0hzUEYoESCZNb7NdVfFMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ab:df:3a:a7:f5:cc:3f:58:74:df:11:32:94:66:7e:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4766c6d9ad21cd4118a0448264d6fb35d55f14c0
        Validity
            Not Before: Jun 26 10:53:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56e1a44a884751fabfc9777f211babdf04217ba6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:29:4d:a5:e6:3b:6a:32:4e:52:8b:b5:39:f3:
                    98:a3:43:14:cd:36:d9:80:82:c5:d6:12:b7:f9:fe:
                    e6:fa:5f:1a:e6:c4:54:bf:b5:f6:40:ce:dc:c7:37:
                    22:3f:65:5d:17:78:75:42:fa:6f:23:fc:89:cb:65:
                    de:24:52:4a:ba:71:01:2c:40:d4:d7:22:31:b7:7e:
                    4d:68:f1:c9:9c:71:67:23:44:50:e2:40:2e:f0:1d:
                    82:92:67:2c:71:e9:e3:9e:cd:7e:fd:0c:c9:05:11:
                    7f:97:1a:ea:70:2a:38:c0:8d:b1:ae:28:4d:78:4a:
                    13:6e:fb:e6:dc:75:cb:61:07:d7:51:cc:12:cb:c6:
                    65:f1:a1:96:ec:17:e3:e0:88:68:f6:fe:27:07:3f:
                    40:ec:46:5f:3d:f1:f3:51:49:07:8e:d5:96:45:55:
                    7b:35:58:61:2f:52:7a:d1:d3:3e:fe:dd:a4:54:97:
                    84:cd:51:0c:b8:9b:b3:62:3b:ec:49:a6:91:7d:9d:
                    4d:6f:a6:be:b3:bf:58:6b:39:69:75:b4:b2:82:a5:
                    0f:f6:4c:80:23:7e:0c:9e:15:77:a2:55:21:17:8e:
                    af:b9:30:34:c6:f2:71:70:4a:b8:18:04:97:54:7d:
                    e1:41:dc:3a:da:54:c5:74:d2:87:b8:01:b8:2f:bc:
                    60:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:E1:A4:4A:88:47:51:FA:BF:C9:77:7F:21:1B:AB:DF:04:21:7B:A6
            X509v3 Authority Key Identifier:
                keyid:47:66:C6:D9:AD:21:CD:41:18:A0:44:82:64:D6:FB:35:D5:5F:14:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R2bG2a0hzUEYoESCZNb7NdVfFMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/41dc75-1f32-4edd-a94c-f5ec403fdacf/1/VuGkSohHUfq_yXd_IRur3wQhe6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/41dc75-1f32-4edd-a94c-f5ec403fdacf/1/R2bG2a0hzUEYoESCZNb7NdVfFMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.108.0/23
                IPv6:
                  2a02:22f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:7c:75:fb:5f:fa:4d:ee:3e:fd:83:8e:31:97:d8:ca:53:e2:
         39:83:38:12:05:62:88:64:dd:d2:09:d8:a4:fd:23:86:32:cd:
         c6:76:94:31:45:f1:9e:4f:7b:b4:07:a5:0f:ec:e8:4a:1c:64:
         10:75:f7:35:97:ff:70:52:20:6f:52:42:d3:75:86:2d:e0:71:
         cf:07:a6:08:c6:09:11:c9:07:e0:37:34:6d:23:df:1e:11:0d:
         93:ed:45:cd:fb:22:38:1c:0c:f8:a8:00:77:21:df:0b:ff:02:
         d4:bb:24:03:01:bb:16:28:e8:f5:0a:d2:91:54:05:2b:1c:66:
         f0:0a:7f:86:5f:83:2e:a0:4f:b6:c7:f1:f3:c5:5c:df:89:83:
         0f:5c:d2:31:85:90:29:62:81:de:65:ef:fd:23:e0:e8:a6:13:
         f1:4b:66:d0:25:6d:14:74:0f:3f:ca:d4:1e:8e:32:fe:ec:7c:
         d4:49:a7:90:f7:a4:6b:8b:56:bd:bb:80:44:8f:15:6f:ba:e4:
         12:4c:26:89:49:ec:0f:2d:61:b0:85:a5:3e:c6:26:93:41:8c:
         5d:e5:20:37:6b:cd:4a:f4:ff:34:0c:5c:f1:1a:53:41:2f:86:
         f4:79:e4:de:52:b7:e9:ad:4f:ab:09:30:05:0d:15:34:06:e8:
         2c:bc:b2:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZer3zqn9cw/WHTfETKUZn6RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NjZjNmQ5YWQyMWNkNDExOGEwNDQ4MjY0ZDZmYjM1ZDU1
ZjE0YzAwHhcNMjUwNjI2MTA1MzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmUxYTQ0YTg4NDc1MWZhYmZjOTc3N2YyMTFiYWJkZjA0MjE3YmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ilNpeY7ajJOUou1OfOYo0MUzTbZ
gILF1hK3+f7m+l8a5sRUv7X2QM7cxzciP2VdF3h1QvpvI/yJy2XeJFJKunEBLEDU
1yIxt35NaPHJnHFnI0RQ4kAu8B2Ckmcscenjns1+/QzJBRF/lxrqcCo4wI2xrihN
eEoTbvvm3HXLYQfXUcwSy8Zl8aGW7Bfj4Iho9v4nBz9A7EZfPfHzUUkHjtWWRVV7
NVhhL1J60dM+/t2kVJeEzVEMuJuzYjvsSaaRfZ1Nb6a+s79YazlpdbSygqUP9kyA
I34MnhV3olUhF46vuTA0xvJxcEq4GASXVH3hQdw62lTFdNKHuAG4L7xgfwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFbhpEqIR1H6v8l3fyEbq98EIXumMB8GA1UdIwQY
MBaAFEdmxtmtIc1BGKBEgmTW+zXVXxTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjJiRzJhMGh6VUVZb0VTQ1pOYjdOZFZmRk1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi80MWRjNzUtMWYzMi00ZWRkLWE5NGMt
ZjVlYzQwM2ZkYWNmLzEvVnVHa1NvaEhVZnFfeVhkX0lSdXIzd1FoZTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi80MWRjNzUtMWYzMi00ZWRkLWE5NGMtZjVlYzQwM2ZkYWNm
LzEvUjJiRzJhMGh6VUVZb0VTQ1pOYjdOZFZmRk1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuS1sMA0E
AgACMAcDBQAqAiLwMA0GCSqGSIb3DQEBCwUAA4IBAQCWfHX7X/pN7j79g44xl9jK
U+I5gzgSBWKIZN3SCdik/SOGMs3GdpQxRfGeT3u0B6UP7OhKHGQQdfc1l/9wUiBv
UkLTdYYt4HHPB6YIxgkRyQfgNzRtI98eEQ2T7UXN+yI4HAz4qAB3Id8L/wLUuyQD
AbsWKOj1CtKRVAUrHGbwCn+GX4MuoE+2x/HzxVzfiYMPXNIxhZApYoHeZe/9I+Do
phPxS2bQJW0UdA8/ytQejjL+7HzUSaeQ96Rri1a9u4BEjxVvuuQSTCaJSewPLWGw
haU+xiaTQYxd5SA3a81K9P80DFzxGlNBL4b0eeTeUrfprU+rCTAFDRU0BugsvLIH
-----END CERTIFICATE-----