Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BlUwJgnORjLlklQhsF5gjFrCSrg.roa
File:                     BlUwJgnORjLlklQhsF5gjFrCSrg.roa (raw, json)
Hash identifier:          M+WGkSIDMWLYSENl0mznDEF1bsQv/T9sXorqcihxQ18=
Subject key identifier:   06:55:30:26:09:CE:46:32:E5:92:54:21:B0:5E:60:8C:5A:C2:4A:B8
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197889E4628417F4F25426EE74E9DE50730
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BlUwJgnORjLlklQhsF5gjFrCSrg.roa
Signing time:             Thu 19 Jun 2025 14:36:03 +0000
ROA not before:           Thu 19 Jun 2025 14:36:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        45.86.15.0/24 maxlen: 24
                          45.129.124.0/24 maxlen: 24
                          45.135.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:9e:46:28:41:7f:4f:25:42:6e:e7:4e:9d:e5:07:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 19 14:36:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0655302609ce4632e5925421b05e608c5ac24ab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a8:78:f2:80:96:f3:fc:56:16:48:ef:97:1c:
                    98:5d:06:aa:f9:60:fc:fd:ed:c2:ad:f1:b3:5a:73:
                    56:cc:c7:ea:bc:83:fe:2e:f1:86:e7:35:6e:ed:82:
                    9a:b4:19:11:ea:7b:7f:60:ba:0b:f7:16:ca:75:9b:
                    66:26:59:4b:1f:51:78:e0:d3:98:dd:8e:f2:0a:15:
                    9c:22:6b:28:ba:72:99:fe:b6:7b:1c:dd:1d:5f:d7:
                    37:d3:cf:3d:0e:0e:fa:c6:f4:3b:b5:03:74:04:08:
                    0e:27:44:8c:d6:3a:a8:65:73:ac:43:77:40:39:60:
                    65:09:09:d8:39:bf:83:43:21:5d:de:15:46:45:b5:
                    33:be:e4:60:e7:31:ec:68:98:ac:b9:1f:6a:c7:9d:
                    ae:61:05:c6:f1:19:37:48:ab:54:76:8c:55:7e:a8:
                    09:9d:03:b1:98:c4:0b:5c:18:3b:4a:46:ef:58:a7:
                    00:8c:ef:13:0b:e6:b2:a6:f5:6c:25:06:e1:e6:9f:
                    32:d6:00:9f:d4:ce:59:a4:69:a1:d4:02:88:f7:f3:
                    1c:06:0c:1b:59:4d:e5:ad:de:56:88:b5:ab:62:71:
                    85:bd:0e:9d:64:e4:c1:c1:71:09:31:93:8b:7d:b7:
                    0e:01:16:5e:5d:e5:63:71:f2:15:8d:b2:22:5c:24:
                    7a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:55:30:26:09:CE:46:32:E5:92:54:21:B0:5E:60:8C:5A:C2:4A:B8
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BlUwJgnORjLlklQhsF5gjFrCSrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.15.0/24
                  45.129.124.0/24
                  45.135.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:44:8a:bb:04:68:6a:ef:07:bc:3f:c0:fe:4f:fa:9f:bf:51:
         cf:c8:22:e8:52:a9:ef:a2:cb:3b:c5:25:44:ee:10:36:fa:19:
         a0:e3:6f:5c:51:de:57:63:b1:2d:6c:c7:8f:a0:8c:64:64:23:
         e1:4d:9c:58:4e:87:8b:cc:4a:6b:83:92:1e:dd:f1:55:e0:d4:
         4a:c8:fa:51:b6:b3:18:25:c0:de:f1:3b:5d:e6:29:bd:51:63:
         f2:d6:4d:d0:11:24:46:8a:32:b5:b1:a9:ef:1a:77:0d:e1:e9:
         a3:86:1c:4b:e5:12:0b:51:c3:43:aa:7e:12:15:ad:a2:c5:63:
         73:a1:97:8e:0f:13:d4:18:45:69:b5:c2:19:6d:ec:02:f1:86:
         15:90:b3:6e:fe:b8:3e:fb:00:7e:0d:17:75:52:b4:0c:a1:4d:
         c7:f6:f3:d3:de:60:7d:53:40:ba:a5:8e:f4:55:dd:a8:e2:f3:
         66:fe:a9:a2:d5:e2:7d:63:fc:8e:f2:bb:32:e7:59:ae:62:ee:
         c9:95:5a:0c:e0:9a:ee:e4:81:50:73:0f:00:45:b2:f5:25:57:
         09:7c:e9:0f:46:09:b3:81:3f:99:6d:20:d6:ba:c2:b6:38:6e:
         9f:85:fc:12:41:97:f6:05:d5:1a:9c:ec:88:04:9c:0f:43:c2:
         52:03:09:63
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZeInkYoQX9PJUJu506d5QcwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjE5MTQzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjU1MzAyNjA5Y2U0NjMyZTU5MjU0MjFiMDVlNjA4YzVhYzI0YWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqh48oCW8/xWFkjvlxyYXQaq+WD8
/e3CrfGzWnNWzMfqvIP+LvGG5zVu7YKatBkR6nt/YLoL9xbKdZtmJllLH1F44NOY
3Y7yChWcImsounKZ/rZ7HN0dX9c30889Dg76xvQ7tQN0BAgOJ0SM1jqoZXOsQ3dA
OWBlCQnYOb+DQyFd3hVGRbUzvuRg5zHsaJisuR9qx52uYQXG8Rk3SKtUdoxVfqgJ
nQOxmMQLXBg7SkbvWKcAjO8TC+aypvVsJQbh5p8y1gCf1M5ZpGmh1AKI9/McBgwb
WU3lrd5WiLWrYnGFvQ6dZOTBwXEJMZOLfbcOARZeXeVjcfIVjbIiXCR6gQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAZVMCYJzkYy5ZJUIbBeYIxawkq4MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvQmxVd0pnbk9Sakxsa2xRaHNGNWdqRnJDU3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVYPAwQA
LYF8AwQALYckMA0GCSqGSIb3DQEBCwUAA4IBAQCjRIq7BGhq7we8P8D+T/qfv1HP
yCLoUqnvoss7xSVE7hA2+hmg429cUd5XY7EtbMePoIxkZCPhTZxYToeLzEprg5Ie
3fFV4NRKyPpRtrMYJcDe8Ttd5im9UWPy1k3QESRGijK1sanvGncN4emjhhxL5RIL
UcNDqn4SFa2ixWNzoZeODxPUGEVptcIZbewC8YYVkLNu/rg++wB+DRd1UrQMoU3H
9vPT3mB9U0C6pY70Vd2o4vNm/qmi1eJ9Y/yO8rsy51muYu7JlVoM4Jru5IFQcw8A
RbL1JVcJfOkPRgmzgT+ZbSDWusK2OG6fhfwSQZf2BdUanOyIBJwPQ8JSAwlj
-----END CERTIFICATE-----