Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/Kcwvf_LAYIgCUsjZTWJ5jUAjHvs.roa
File:                     Kcwvf_LAYIgCUsjZTWJ5jUAjHvs.roa (raw, json)
Hash identifier:          DBuOCdcgOfeSRZCdhr9N5T6hmZRIvpkgOJLbi6ZyJsY=
Subject key identifier:   29:CC:2F:7F:F2:C0:60:88:02:52:C8:D9:4D:62:79:8D:40:23:1E:FB
Certificate issuer:       /CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
Certificate serial:       01979DABFB6CCE11B3E69E19E7D985E3C9B6
Authority key identifier: E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/Kcwvf_LAYIgCUsjZTWJ5jUAjHvs.roa
Signing time:             Mon 23 Jun 2025 16:43:03 +0000
ROA not before:           Mon 23 Jun 2025 16:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        155.190.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 04:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:ab:fb:6c:ce:11:b3:e6:9e:19:e7:d9:85:e3:c9:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7133dcaf2b1ebf5dade5a33aa1b2fb99d2689ba
        Validity
            Not Before: Jun 23 16:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29cc2f7ff2c060880252c8d94d62798d40231efb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f7:c7:62:ef:63:e0:0c:7f:56:cb:91:a0:03:
                    92:a3:98:d9:2e:a8:19:62:df:b8:de:3a:94:d1:95:
                    59:47:e0:3a:f8:31:a4:db:2d:5b:f1:ed:ae:5c:40:
                    2e:f6:50:13:0f:51:85:81:2b:16:a9:62:37:02:7d:
                    3f:26:11:43:04:6d:02:1e:d0:6f:64:0b:57:7b:f9:
                    46:00:7f:d2:e5:d2:ae:cb:fa:b8:a5:2e:d7:86:53:
                    fc:17:60:40:c7:f9:dd:e6:36:50:9e:4c:cf:b5:97:
                    25:29:5d:3d:d6:a6:32:f6:0e:6c:68:95:39:25:ee:
                    57:94:24:ac:3a:df:2d:2d:34:db:51:79:16:00:7a:
                    80:bd:32:8f:63:79:ac:47:76:b1:14:43:42:9f:58:
                    94:48:43:2e:d1:d6:8d:51:7d:a0:44:2e:b0:93:c9:
                    fc:53:30:cc:e2:75:79:14:40:6b:a4:1a:0b:32:4e:
                    b1:4d:37:46:c9:04:41:17:2e:d9:72:79:da:6f:c0:
                    bb:5f:d5:86:ae:a7:3f:2e:8f:a5:37:f6:72:5a:cd:
                    eb:c6:ab:ef:18:5f:da:4e:c8:4a:9e:65:45:47:50:
                    4d:52:11:5a:44:c5:3a:f8:16:11:10:f0:a6:fa:00:
                    e7:91:03:18:4b:7c:b4:7b:a5:17:02:eb:26:f5:85:
                    a1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:CC:2F:7F:F2:C0:60:88:02:52:C8:D9:4D:62:79:8D:40:23:1E:FB
            X509v3 Authority Key Identifier:
                keyid:E7:13:3D:CA:F2:B1:EB:F5:DA:DE:5A:33:AA:1B:2F:B9:9D:26:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xM9yvKx6_Xa3lozqhsvuZ0mibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/Kcwvf_LAYIgCUsjZTWJ5jUAjHvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5e4df8-ae8c-44a7-bd6e-19ce46a42fa4/1/5xM9yvKx6_Xa3lozqhsvuZ0mibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.190.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:fd:b3:93:ee:b4:32:66:fc:3b:82:f7:24:1f:ab:83:4f:09:
         26:65:43:11:72:71:fb:71:15:39:57:40:d5:0e:69:4e:b0:0f:
         c9:c0:71:60:cb:c4:25:ca:88:60:79:2c:27:db:b6:4e:37:b0:
         99:fc:0c:c7:23:f7:0d:24:55:db:a4:72:8a:cf:79:02:9d:80:
         35:41:d6:cf:72:58:00:b3:0f:31:3a:38:dc:95:f5:1f:69:c4:
         a4:82:80:d9:cd:6a:8d:78:9a:da:7b:ab:3a:1a:8a:ab:f4:35:
         68:d9:ee:e9:81:54:9b:df:43:c8:20:78:28:86:bc:bb:50:51:
         e6:77:dc:06:cb:7c:7b:1d:ce:44:b8:5f:31:4c:79:f5:ba:79:
         fa:4c:6c:23:03:aa:c0:08:da:c8:ea:68:ee:d7:b7:02:33:5c:
         04:a2:86:e5:fa:67:b1:e1:1b:e2:67:74:d2:d8:07:9c:be:63:
         44:d5:70:e6:17:85:86:b8:22:ae:d6:bb:60:f2:00:61:8f:48:
         4e:96:84:55:bf:d8:05:69:52:36:d5:56:d6:2c:8a:1a:67:81:
         ea:2b:52:a4:14:3a:8f:15:cc:42:27:29:75:c4:16:2b:dd:d0:
         93:f1:bf:c2:f2:1e:3c:da:7b:4b:55:65:70:2d:92:99:0b:f3:
         16:98:42:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZedq/tszhGz5p4Z59mF48m2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTMzZGNhZjJiMWViZjVkYWRlNWEzM2FhMWIyZmI5OWQy
Njg5YmEwHhcNMjUwNjIzMTY0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWNjMmY3ZmYyYzA2MDg4MDI1MmM4ZDk0ZDYyNzk4ZDQwMjMxZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PfHYu9j4Ax/VsuRoAOSo5jZLqgZ
Yt+43jqU0ZVZR+A6+DGk2y1b8e2uXEAu9lATD1GFgSsWqWI3An0/JhFDBG0CHtBv
ZAtXe/lGAH/S5dKuy/q4pS7XhlP8F2BAx/nd5jZQnkzPtZclKV091qYy9g5saJU5
Je5XlCSsOt8tLTTbUXkWAHqAvTKPY3msR3axFENCn1iUSEMu0daNUX2gRC6wk8n8
UzDM4nV5FEBrpBoLMk6xTTdGyQRBFy7Zcnnab8C7X9WGrqc/Lo+lN/ZyWs3rxqvv
GF/aTshKnmVFR1BNUhFaRMU6+BYREPCm+gDnkQMYS3y0e6UXAusm9YWhhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnML3/ywGCIAlLI2U1ieY1AIx77MB8GA1UdIwQY
MBaAFOcTPcrysev12t5aM6obL7mdJom6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUt
MTljZTQ2YTQyZmE0LzEvS2N3dmZfTEFZSWdDVXNqWlRXSjVqVUFqSHZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81ZTRkZjgtYWU4Yy00NGE3LWJkNmUtMTljZTQ2YTQyZmE0
LzEvNXhNOXl2S3g2X1hhM2xvenFoc3Z1WjBtaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm741MA0G
CSqGSIb3DQEBCwUAA4IBAQAP/bOT7rQyZvw7gvckH6uDTwkmZUMRcnH7cRU5V0DV
DmlOsA/JwHFgy8QlyohgeSwn27ZON7CZ/AzHI/cNJFXbpHKKz3kCnYA1QdbPclgA
sw8xOjjclfUfacSkgoDZzWqNeJrae6s6Goqr9DVo2e7pgVSb30PIIHgohry7UFHm
d9wGy3x7Hc5EuF8xTHn1unn6TGwjA6rACNrI6mju17cCM1wEoobl+mex4RviZ3TS
2AecvmNE1XDmF4WGuCKu1rtg8gBhj0hOloRVv9gFaVI21VbWLIoaZ4HqK1KkFDqP
FcxCJyl1xBYr3dCT8b/C8h482ntLVWVwLZKZC/MWmELV
-----END CERTIFICATE-----