Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/qSSwvFyukku__Xfha7NX-KNKilU.roa
File:                     qSSwvFyukku__Xfha7NX-KNKilU.roa (raw, json)
Hash identifier:          /YidgkIq90t9kIOCAgVZgfxaifzNpJSznlRbFAd8dbE=
Subject key identifier:   A9:24:B0:BC:5C:AE:92:4B:BF:FD:77:E1:6B:B3:57:F8:A3:4A:8A:55
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       0197E4B209D96ED6C1B5CD9030DADD40F8E9
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/qSSwvFyukku__Xfha7NX-KNKilU.roa
Signing time:             Mon 07 Jul 2025 11:42:42 +0000
ROA not before:           Mon 07 Jul 2025 11:42:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41564
IP address blocks:        2.57.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:b2:09:d9:6e:d6:c1:b5:cd:90:30:da:dd:40:f8:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jul  7 11:42:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a924b0bc5cae924bbffd77e16bb357f8a34a8a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:80:81:90:22:cb:ef:4c:53:3f:a4:77:7d:bd:
                    11:ca:13:c8:a3:70:b2:65:3d:de:60:5c:40:7d:9b:
                    b6:1d:77:61:23:ba:7e:46:6a:bd:f3:c6:61:8c:5c:
                    88:ea:94:fa:e0:23:28:b0:18:3c:be:d1:37:49:c3:
                    a7:16:e0:3d:dc:d8:79:b0:ca:49:04:03:7c:20:f4:
                    f0:e0:4d:84:e7:77:34:9d:4e:16:9c:3d:3c:cc:f6:
                    8d:97:4d:84:d6:86:33:97:77:15:7c:5d:ac:2a:25:
                    2e:2f:d3:e4:26:89:51:8f:6d:e8:c1:72:ab:8f:f8:
                    d6:d6:70:75:ab:9a:43:86:05:12:05:d7:dd:b5:36:
                    03:e6:4d:30:7f:8a:d4:0d:1c:72:73:97:de:4b:d6:
                    69:13:42:1e:f1:a4:4d:f4:ca:eb:53:b6:8f:42:36:
                    0a:ef:bc:fe:a3:3a:5d:27:09:bf:c7:c4:5f:cf:55:
                    5f:2c:ef:f0:fd:19:69:91:4d:7c:5c:84:bf:08:63:
                    ff:f5:96:0f:56:7d:d4:2d:de:86:26:c9:85:7d:ed:
                    69:dd:1a:69:99:0d:4c:2c:5f:26:38:84:64:db:e3:
                    47:49:16:aa:3a:0f:35:e0:3e:6b:f1:3f:6a:68:77:
                    cc:1d:bc:a3:93:61:d5:a0:29:26:87:15:75:25:c7:
                    85:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:24:B0:BC:5C:AE:92:4B:BF:FD:77:E1:6B:B3:57:F8:A3:4A:8A:55
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/qSSwvFyukku__Xfha7NX-KNKilU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:df:14:e5:75:57:21:fa:ab:cb:09:66:a3:40:6d:86:08:57:
         94:41:3b:71:87:f1:10:f0:78:37:d0:f0:e7:a4:1a:15:6f:38:
         00:f2:c5:46:69:c7:a6:d6:34:7f:8c:97:93:50:76:d1:08:21:
         59:10:38:03:71:1b:39:ec:70:ca:03:4a:24:d3:cb:34:29:c0:
         df:54:71:57:be:f3:35:26:77:c9:3b:61:21:61:45:43:ce:e5:
         ea:08:06:96:00:c2:ed:36:72:43:61:c4:1c:94:b0:8a:12:f3:
         f0:4b:cf:58:b4:b5:25:2d:a0:e6:95:3d:a1:ea:0a:c0:b3:78:
         a2:0f:c8:48:f0:03:0d:bd:31:1a:0e:97:00:55:7f:c0:81:8e:
         0c:b2:0b:31:7e:ff:72:d7:e7:df:e0:75:c3:4c:1d:89:ed:e3:
         2f:da:e8:80:b4:80:09:d7:cf:ed:df:91:87:1d:77:c6:49:fc:
         d2:37:0e:8a:85:0c:b4:91:99:86:2a:69:4c:d6:f2:92:e0:ca:
         69:06:96:20:55:22:f7:cf:70:8b:78:b7:4d:15:e4:b1:e1:da:
         ea:80:52:eb:7c:5d:1b:57:17:c7:28:2a:e9:cb:ba:fe:f9:06:
         4e:2e:5e:25:56:c0:f1:e6:0f:2d:66:49:d3:41:1e:d4:6f:5d:
         55:12:ff:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfksgnZbtbBtc2QMNrdQPjpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjUwNzA3MTE0MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTI0YjBiYzVjYWU5MjRiYmZmZDc3ZTE2YmIzNTdmOGEzNGE4YTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoICBkCLL70xTP6R3fb0RyhPIo3Cy
ZT3eYFxAfZu2HXdhI7p+Rmq988ZhjFyI6pT64CMosBg8vtE3ScOnFuA93Nh5sMpJ
BAN8IPTw4E2E53c0nU4WnD08zPaNl02E1oYzl3cVfF2sKiUuL9PkJolRj23owXKr
j/jW1nB1q5pDhgUSBdfdtTYD5k0wf4rUDRxyc5feS9ZpE0Ie8aRN9MrrU7aPQjYK
77z+ozpdJwm/x8Rfz1VfLO/w/RlpkU18XIS/CGP/9ZYPVn3ULd6GJsmFfe1p3Rpp
mQ1MLF8mOIRk2+NHSRaqOg814D5r8T9qaHfMHbyjk2HVoCkmhxV1JceFnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkksLxcrpJLv/134WuzV/ijSopVMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvcVNTd3ZGeXVra3VfX1hmaGE3TlgtS05LaWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjmpMA0G
CSqGSIb3DQEBCwUAA4IBAQA63xTldVch+qvLCWajQG2GCFeUQTtxh/EQ8Hg30PDn
pBoVbzgA8sVGacem1jR/jJeTUHbRCCFZEDgDcRs57HDKA0ok08s0KcDfVHFXvvM1
JnfJO2EhYUVDzuXqCAaWAMLtNnJDYcQclLCKEvPwS89YtLUlLaDmlT2h6grAs3ii
D8hI8AMNvTEaDpcAVX/AgY4Msgsxfv9y1+ff4HXDTB2J7eMv2uiAtIAJ18/t35GH
HXfGSfzSNw6KhQy0kZmGKmlM1vKS4MppBpYgVSL3z3CLeLdNFeSx4drqgFLrfF0b
VxfHKCrpy7r++QZOLl4lVsDx5g8tZknTQR7Ub11VEv/8
-----END CERTIFICATE-----