Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/XKkiMIog1zPutIL_wvQZc0tAXsY.roa
File:                     XKkiMIog1zPutIL_wvQZc0tAXsY.roa (raw, json)
Hash identifier:          eW8/HjpBPTV7DwhwpsNDPnh1aayh5//fc0N0drgF1xM=
Subject key identifier:   5C:A9:22:30:8A:20:D7:33:EE:B4:82:FF:C2:F4:19:73:4B:40:5E:C6
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0197E413A6FFF389513CDF2007178E238045
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/XKkiMIog1zPutIL_wvQZc0tAXsY.roa
Signing time:             Mon 07 Jul 2025 08:49:42 +0000
ROA not before:           Mon 07 Jul 2025 08:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41354
IP address blocks:        92.71.128.0/19 maxlen: 24
                          195.21.64.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:13:a6:ff:f3:89:51:3c:df:20:07:17:8e:23:80:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jul  7 08:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ca922308a20d733eeb482ffc2f419734b405ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:45:bf:bf:da:a7:cd:f1:5b:af:3c:80:cb:d6:
                    7d:5a:04:1e:e7:40:62:35:8a:d3:e0:c5:04:dd:11:
                    a4:7a:0a:8a:89:3e:ff:08:cf:2e:d4:78:09:f1:c8:
                    c6:ac:4d:48:05:55:6c:fb:99:ec:fb:61:61:82:46:
                    b8:9a:a4:2d:39:a5:60:43:e4:bf:c9:a6:5d:62:bb:
                    51:6c:85:78:7b:b9:97:8c:24:2c:75:3d:7c:a2:7b:
                    e3:89:55:c6:31:66:28:26:85:53:7c:72:1b:6b:f7:
                    28:cb:ab:51:b1:f5:ac:82:63:16:68:8c:e2:f5:12:
                    83:12:98:94:34:d2:6f:92:a7:ed:90:51:14:8f:4c:
                    1a:ca:b8:36:ab:bc:dc:d9:47:11:e4:b1:66:15:b1:
                    31:d6:6c:45:94:72:d5:b7:1b:92:ef:48:c7:48:31:
                    81:11:a7:0e:77:a7:b5:66:2f:a1:33:32:59:bb:d1:
                    d5:12:92:91:cb:47:ef:15:c6:81:4a:9a:4a:ea:71:
                    13:11:b7:6d:48:f5:7f:03:9d:d2:94:c8:f1:9d:f8:
                    52:d3:eb:60:4d:7a:c1:de:4e:ea:f3:dd:cc:ab:28:
                    9c:34:b6:4d:af:3d:31:69:69:ac:87:ef:de:7b:03:
                    1b:eb:d1:ae:86:da:c1:2d:5a:5a:2b:75:7c:9e:bf:
                    13:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A9:22:30:8A:20:D7:33:EE:B4:82:FF:C2:F4:19:73:4B:40:5E:C6
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/XKkiMIog1zPutIL_wvQZc0tAXsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.71.128.0/19
                  195.21.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         62:cb:a3:e0:8c:60:8e:d5:e9:12:a0:d5:91:dd:e8:97:c8:7f:
         f6:de:6a:2d:7d:ac:28:06:e0:2d:a1:5e:0e:b0:61:17:8d:15:
         fb:dc:b8:4f:d2:3a:aa:d5:4f:54:8d:5d:4c:f3:bb:b2:4b:bf:
         44:fa:25:2a:43:4e:d1:0c:e0:f7:f5:5c:27:3e:d7:ce:fa:fa:
         b8:c1:de:12:ef:7b:b0:5c:e7:ee:f9:7f:89:1d:cf:99:ec:95:
         49:9f:81:72:ba:4e:b7:e6:da:b9:81:12:7f:cf:15:cb:af:4f:
         7f:14:f2:58:f2:c5:01:9a:ea:29:4a:c8:f0:09:f9:6f:51:71:
         74:11:f2:59:6d:34:af:8b:2f:93:a3:8a:94:9d:55:e9:59:2d:
         5c:82:af:3b:3d:67:7a:97:db:4e:0c:14:bf:15:b3:e9:19:90:
         a2:99:17:19:49:a7:cf:bb:e5:4e:90:ca:3f:ba:10:f3:34:60:
         d4:40:c4:5b:8e:7d:b6:ee:52:ab:8d:9c:02:33:b0:bf:58:94:
         81:24:0d:4f:2b:81:a5:a2:e2:9d:72:fd:1b:99:c2:71:b6:26:
         7a:a6:10:93:7a:e8:40:c9:9e:d5:b3:72:e0:85:29:dd:ee:2c:
         41:74:d7:ef:f6:76:f1:19:c4:f7:d6:d8:18:bf:de:49:fa:c6:
         47:19:5e:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfkE6b/84lRPN8gBxeOI4BFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNzA3MDg0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E5MjIzMDhhMjBkNzMzZWViNDgyZmZjMmY0MTk3MzRiNDA1ZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEW/v9qnzfFbrzyAy9Z9WgQe50Bi
NYrT4MUE3RGkegqKiT7/CM8u1HgJ8cjGrE1IBVVs+5ns+2Fhgka4mqQtOaVgQ+S/
yaZdYrtRbIV4e7mXjCQsdT18onvjiVXGMWYoJoVTfHIba/coy6tRsfWsgmMWaIzi
9RKDEpiUNNJvkqftkFEUj0wayrg2q7zc2UcR5LFmFbEx1mxFlHLVtxuS70jHSDGB
EacOd6e1Zi+hMzJZu9HVEpKRy0fvFcaBSppK6nETEbdtSPV/A53SlMjxnfhS0+tg
TXrB3k7q893MqyicNLZNrz0xaWmsh+/eewMb69GuhtrBLVpaK3V8nr8TZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFypIjCKINcz7rSC/8L0GXNLQF7GMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvWEtraU1Jb2cxelB1dElMX3d2UVpjMHRBWHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFXEeAAwQF
wxVAMA0GCSqGSIb3DQEBCwUAA4IBAQBiy6PgjGCO1ekSoNWR3eiXyH/23motfawo
BuAtoV4OsGEXjRX73LhP0jqq1U9UjV1M87uyS79E+iUqQ07RDOD39VwnPtfO+vq4
wd4S73uwXOfu+X+JHc+Z7JVJn4Fyuk635tq5gRJ/zxXLr09/FPJY8sUBmuopSsjw
CflvUXF0EfJZbTSviy+To4qUnVXpWS1cgq87PWd6l9tODBS/FbPpGZCimRcZSafP
u+VOkMo/uhDzNGDUQMRbjn227lKrjZwCM7C/WJSBJA1PK4GlouKdcv0bmcJxtiZ6
phCTeuhAyZ7Vs3LghSnd7ixBdNfv9nbxGcT31tgYv95J+sZHGV6H
-----END CERTIFICATE-----