Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/ZgimRXCv4j5lHexFQAhHFgzoFrg.roa
File:                     ZgimRXCv4j5lHexFQAhHFgzoFrg.roa (raw, json)
Hash identifier:          ENzEllpl/R8CfPsfLXMa8Z8Az6gqNLk2MsJreKEiZtk=
Subject key identifier:   66:08:A6:45:70:AF:E2:3E:65:1D:EC:45:40:08:47:16:0C:E8:16:B8
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       0198AA1427D7609DDEF0A24B27940A3B52DC
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/ZgimRXCv4j5lHexFQAhHFgzoFrg.roa
Signing time:             Thu 14 Aug 2025 19:35:04 +0000
ROA not before:           Thu 14 Aug 2025 19:35:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.140.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:aa:14:27:d7:60:9d:de:f0:a2:4b:27:94:0a:3b:52:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Aug 14 19:35:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6608a64570afe23e651dec45400847160ce816b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9a:f4:80:eb:50:10:a7:82:6e:e7:c1:96:43:
                    f6:cb:14:f1:3c:53:4d:b7:54:cf:9e:05:0a:e1:21:
                    93:62:0e:16:2d:7f:cd:b9:d6:a9:c9:93:57:7a:5d:
                    6b:29:42:16:24:7b:6f:57:92:6d:bb:fa:3c:97:f5:
                    99:02:6d:80:80:da:b0:da:d1:ea:2d:e9:89:d6:8f:
                    e7:e0:c7:b7:16:ec:6d:60:66:b4:65:2b:5e:07:8c:
                    83:a0:4f:38:cf:8e:73:96:33:1a:d4:fb:b7:7d:6c:
                    36:a3:61:79:f4:98:73:80:3b:a4:eb:e8:21:6c:ac:
                    8d:fd:21:87:96:63:ca:9b:13:d3:21:e6:31:f4:2e:
                    47:8a:fa:9c:24:45:da:a6:cd:63:68:73:28:a8:7f:
                    30:e5:fd:04:ae:e6:38:4a:00:e5:77:e9:58:bc:28:
                    d0:19:b6:72:75:65:3d:05:86:a3:91:12:2a:65:d5:
                    af:cc:46:84:33:d2:05:19:71:da:9f:e2:14:06:8a:
                    46:86:f9:74:18:14:f4:7c:a9:a9:bd:2a:a8:e1:49:
                    ea:a5:b0:c5:a6:9c:2c:0b:d5:88:8b:7e:92:83:20:
                    4e:d2:fe:39:aa:62:9b:11:30:31:fb:d1:f5:58:39:
                    c9:8d:b0:6c:57:68:cb:09:2f:9e:d3:f6:09:d9:78:
                    37:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:08:A6:45:70:AF:E2:3E:65:1D:EC:45:40:08:47:16:0C:E8:16:B8
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/ZgimRXCv4j5lHexFQAhHFgzoFrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:05:e2:27:7d:4b:65:61:c7:5d:2f:48:95:0e:53:28:2f:bc:
         20:d2:ee:2f:aa:78:42:56:c4:02:7a:4a:08:ea:06:2f:b9:17:
         be:54:c3:aa:8c:39:ce:14:87:d7:7b:a0:81:f8:5f:74:fd:b6:
         8e:f0:eb:b3:4b:ee:46:1c:68:8c:9b:7c:72:57:a6:17:49:ec:
         6c:7d:06:05:13:3a:6e:0a:62:56:0e:33:d8:bc:4a:0d:fd:75:
         f9:e7:54:f1:7d:e6:95:18:0c:f2:ee:89:4c:15:ec:8c:f6:04:
         b4:3e:b6:42:26:64:db:ff:2e:88:f3:11:2e:12:2a:47:47:af:
         de:ef:7f:f0:32:f8:3d:53:7b:d3:91:3a:88:80:b1:ce:88:9a:
         e3:2e:f9:ac:77:a8:8c:57:58:48:f5:61:6d:85:73:34:ff:53:
         14:5c:04:2b:7a:51:bb:29:2e:fd:da:fd:c8:7f:83:ba:68:12:
         0f:d7:39:78:11:4f:87:24:01:07:ac:70:e5:be:6b:f3:bf:76:
         58:ec:97:47:01:37:1a:ef:eb:c6:a6:3f:16:ef:e1:5e:60:b0:
         4f:d1:5b:5b:c9:3a:9e:15:da:0a:f1:4b:a7:2c:7d:14:c2:e6:
         f8:df:48:60:2e:ce:66:15:6f:7c:a0:5c:1e:87:f1:f6:ab:63:
         04:87:fa:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiqFCfXYJ3e8KJLJ5QKO1LcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjUwODE0MTkzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjA4YTY0NTcwYWZlMjNlNjUxZGVjNDU0MDA4NDcxNjBjZTgxNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5r0gOtQEKeCbufBlkP2yxTxPFNN
t1TPngUK4SGTYg4WLX/NudapyZNXel1rKUIWJHtvV5Jtu/o8l/WZAm2AgNqw2tHq
LemJ1o/n4Me3FuxtYGa0ZSteB4yDoE84z45zljMa1Pu3fWw2o2F59JhzgDuk6+gh
bKyN/SGHlmPKmxPTIeYx9C5HivqcJEXaps1jaHMoqH8w5f0EruY4SgDld+lYvCjQ
GbZydWU9BYajkRIqZdWvzEaEM9IFGXHan+IUBopGhvl0GBT0fKmpvSqo4UnqpbDF
ppwsC9WIi36SgyBO0v45qmKbETAx+9H1WDnJjbBsV2jLCS+e0/YJ2Xg3DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYIpkVwr+I+ZR3sRUAIRxYM6Ba4MB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvWmdpbVJYQ3Y0ajVsSGV4RlFBaEhGZ3pvRnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYw6MA0G
CSqGSIb3DQEBCwUAA4IBAQACBeInfUtlYcddL0iVDlMoL7wg0u4vqnhCVsQCekoI
6gYvuRe+VMOqjDnOFIfXe6CB+F90/baO8OuzS+5GHGiMm3xyV6YXSexsfQYFEzpu
CmJWDjPYvEoN/XX551TxfeaVGAzy7olMFeyM9gS0PrZCJmTb/y6I8xEuEipHR6/e
73/wMvg9U3vTkTqIgLHOiJrjLvmsd6iMV1hI9WFthXM0/1MUXAQrelG7KS792v3I
f4O6aBIP1zl4EU+HJAEHrHDlvmvzv3ZY7JdHATca7+vGpj8W7+FeYLBP0VtbyTqe
FdoK8UunLH0Uwub430hgLs5mFW98oFweh/H2q2MEh/pw
-----END CERTIFICATE-----