Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/8648bf-804e-4e42-a212-b5a4c22432ef/1/vVkyUmQN7HdcpsUcb8vGlb1AoX8.roa
File:                     vVkyUmQN7HdcpsUcb8vGlb1AoX8.roa (raw, json)
Hash identifier:          hBBSLiQPwZXdQ6tacJUbrKCCkro+stGhMuBkdpWBaAY=
Subject key identifier:   BD:59:32:52:64:0D:EC:77:5C:A6:C5:1C:6F:CB:C6:95:BD:40:A1:7F
Certificate issuer:       /CN=6d88c66485bb603441745746f9f886a2a6a15a36
Certificate serial:       0198362E124E67130F2AD621C1273FBA9BE9
Authority key identifier: 6D:88:C6:64:85:BB:60:34:41:74:57:46:F9:F8:86:A2:A6:A1:5A:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bYjGZIW7YDRBdFdG-fiGoqahWjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/8648bf-804e-4e42-a212-b5a4c22432ef/1/vVkyUmQN7HdcpsUcb8vGlb1AoX8.roa
Signing time:             Wed 23 Jul 2025 07:27:25 +0000
ROA not before:           Wed 23 Jul 2025 07:27:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197742
IP address blocks:        31.171.144.0/21 maxlen: 21
                          2a03:5100::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/8648bf-804e-4e42-a212-b5a4c22432ef/1/bYjGZIW7YDRBdFdG-fiGoqahWjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/8648bf-804e-4e42-a212-b5a4c22432ef/1/bYjGZIW7YDRBdFdG-fiGoqahWjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bYjGZIW7YDRBdFdG-fiGoqahWjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 22:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:2e:12:4e:67:13:0f:2a:d6:21:c1:27:3f:ba:9b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d88c66485bb603441745746f9f886a2a6a15a36
        Validity
            Not Before: Jul 23 07:27:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd593252640dec775ca6c51c6fcbc695bd40a17f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0e:6e:62:af:6d:e0:8c:f0:3e:b6:91:13:f2:
                    42:ed:0a:62:c9:3b:63:6c:3f:a8:ab:00:8e:23:e3:
                    9a:01:bb:3e:34:bf:1e:64:6a:13:d0:d0:b1:e6:8f:
                    4b:0e:2e:57:a8:b2:31:bb:2a:ed:26:57:04:37:7b:
                    b9:1b:df:ac:3c:68:76:d2:ec:76:6e:68:78:6d:b5:
                    14:4d:8e:74:32:73:f3:bd:3a:e6:ae:9a:cc:ff:ef:
                    85:42:5c:c1:a9:04:e7:e0:2f:1c:c9:fd:c6:50:7c:
                    9a:6b:de:eb:cd:ee:bf:d5:ec:ed:f9:35:24:61:22:
                    f4:3f:db:d1:51:77:82:c8:6a:16:0a:d3:c1:2b:c2:
                    93:27:43:35:ae:11:a3:86:64:81:7f:e8:ec:a8:fb:
                    6c:9d:82:20:21:6c:ad:a3:82:6f:c9:c9:3c:7d:af:
                    bc:90:48:d8:db:0b:f0:ef:a3:4f:a2:d6:35:d2:36:
                    58:7b:ae:18:86:67:09:7e:88:0c:03:71:6a:9d:b1:
                    e4:73:b5:d4:20:a6:b3:b1:f1:32:d9:46:e4:c2:be:
                    2d:a7:b1:2b:a8:10:2c:ad:12:1a:04:71:ec:06:72:
                    e8:c4:ea:f6:cd:d1:fa:c6:02:0f:7e:dc:b3:7a:bd:
                    99:ff:aa:d5:dc:e2:3f:a3:1d:51:e6:1a:34:92:f3:
                    88:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:59:32:52:64:0D:EC:77:5C:A6:C5:1C:6F:CB:C6:95:BD:40:A1:7F
            X509v3 Authority Key Identifier:
                keyid:6D:88:C6:64:85:BB:60:34:41:74:57:46:F9:F8:86:A2:A6:A1:5A:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bYjGZIW7YDRBdFdG-fiGoqahWjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/8648bf-804e-4e42-a212-b5a4c22432ef/1/vVkyUmQN7HdcpsUcb8vGlb1AoX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/8648bf-804e-4e42-a212-b5a4c22432ef/1/bYjGZIW7YDRBdFdG-fiGoqahWjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.144.0/21
                IPv6:
                  2a03:5100::/32

    Signature Algorithm: sha256WithRSAEncryption
         d5:ff:29:d9:c6:25:6a:54:ad:71:1b:da:a3:e8:52:4f:cf:9a:
         ef:4e:55:77:b6:6d:3c:4d:b1:ee:24:f2:08:39:f6:8d:2c:da:
         e8:8c:d6:fe:4d:06:f3:85:31:1f:92:00:7b:e0:ae:6b:93:bf:
         3c:ff:03:e1:d3:5a:7f:8f:bf:44:80:2a:b7:13:9a:97:9c:c4:
         3e:9d:d3:22:e2:2d:dd:79:0f:bc:1b:bc:59:47:ba:f8:c2:d8:
         ce:8c:db:54:07:8f:f3:36:7d:ff:e2:88:41:c6:cd:ab:8b:4d:
         28:a7:dc:db:ec:50:c9:f0:f0:ab:07:78:80:7e:93:1d:4b:96:
         da:7c:14:04:60:84:43:1a:5c:58:e5:eb:de:51:46:44:ca:a0:
         9b:6a:51:44:48:18:2d:35:fb:36:da:3b:2a:a6:8e:de:3d:66:
         28:5c:d8:99:47:cf:41:f0:ac:da:9e:24:30:4c:61:93:ee:39:
         c7:75:c7:80:38:01:82:10:51:bd:ee:75:6b:d1:ef:dc:b6:e8:
         0c:b3:39:70:da:71:de:b4:77:b6:bc:44:34:b0:de:52:e3:8a:
         94:e3:dd:ba:df:6f:7c:af:66:76:44:e0:32:4d:1a:93:ae:6f:
         8a:6a:51:8e:15:1d:64:ff:b6:5b:02:ff:16:ea:32:3b:47:af:
         37:ec:b9:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZg2LhJOZxMPKtYhwSc/upvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkODhjNjY0ODViYjYwMzQ0MTc0NTc0NmY5Zjg4NmEyYTZh
MTVhMzYwHhcNMjUwNzIzMDcyNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDU5MzI1MjY0MGRlYzc3NWNhNmM1MWM2ZmNiYzY5NWJkNDBhMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyw5uYq9t4IzwPraRE/JC7QpiyTtj
bD+oqwCOI+OaAbs+NL8eZGoT0NCx5o9LDi5XqLIxuyrtJlcEN3u5G9+sPGh20ux2
bmh4bbUUTY50MnPzvTrmrprM/++FQlzBqQTn4C8cyf3GUHyaa97rze6/1ezt+TUk
YSL0P9vRUXeCyGoWCtPBK8KTJ0M1rhGjhmSBf+jsqPtsnYIgIWyto4Jvyck8fa+8
kEjY2wvw76NPotY10jZYe64YhmcJfogMA3FqnbHkc7XUIKazsfEy2Ubkwr4tp7Er
qBAsrRIaBHHsBnLoxOr2zdH6xgIPftyzer2Z/6rV3OI/ox1R5ho0kvOIXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL1ZMlJkDex3XKbFHG/LxpW9QKF/MB8GA1UdIwQY
MBaAFG2IxmSFu2A0QXRXRvn4hqKmoVo2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYllqR1pJVzdZRFJCZEZkRy1maUdvcWFoV2pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC84NjQ4YmYtODA0ZS00ZTQyLWEyMTIt
YjVhNGMyMjQzMmVmLzEvdlZreVVtUU43SGRjcHNVY2I4dkdsYjFBb1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC84NjQ4YmYtODA0ZS00ZTQyLWEyMTItYjVhNGMyMjQzMmVm
LzEvYllqR1pJVzdZRFJCZEZkRy1maUdvcWFoV2pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDH6uQMA0E
AgACMAcDBQAqA1EAMA0GCSqGSIb3DQEBCwUAA4IBAQDV/ynZxiVqVK1xG9qj6FJP
z5rvTlV3tm08TbHuJPIIOfaNLNrojNb+TQbzhTEfkgB74K5rk788/wPh01p/j79E
gCq3E5qXnMQ+ndMi4i3deQ+8G7xZR7r4wtjOjNtUB4/zNn3/4ohBxs2ri00op9zb
7FDJ8PCrB3iAfpMdS5bafBQEYIRDGlxY5eveUUZEyqCbalFESBgtNfs22jsqpo7e
PWYoXNiZR89B8KzaniQwTGGT7jnHdceAOAGCEFG97nVr0e/ctugMszlw2nHetHe2
vEQ0sN5S44qU49263298r2Z2ROAyTRqTrm+KalGOFR1k/7ZbAv8W6jI7R6837Lli
-----END CERTIFICATE-----