Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/ce21a2-e6d7-4461-a62c-67e8b2654bc6/1/7Dc1lcO56PAR1GzSk2LxIHMn3l0.roa
File:                     7Dc1lcO56PAR1GzSk2LxIHMn3l0.roa (raw, json)
Hash identifier:          DzsTRMm8CyoNgGRWl2s9AqtE2tYIihOhSQ3bx478Qoc=
Subject key identifier:   EC:37:35:95:C3:B9:E8:F0:11:D4:6C:D2:93:62:F1:20:73:27:DE:5D
Certificate issuer:       /CN=9ea3d2feba0d4e4ef493a30b44b65a90e5e0fc55
Certificate serial:       01980E45715AACE8E5E8EED6CF5D0C6B6261
Authority key identifier: 9E:A3:D2:FE:BA:0D:4E:4E:F4:93:A3:0B:44:B6:5A:90:E5:E0:FC:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nqPS_roNTk70k6MLRLZakOXg_FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/ce21a2-e6d7-4461-a62c-67e8b2654bc6/1/7Dc1lcO56PAR1GzSk2LxIHMn3l0.roa
Signing time:             Tue 15 Jul 2025 13:28:08 +0000
ROA not before:           Tue 15 Jul 2025 13:28:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51333
IP address blocks:        31.15.96.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/ce21a2-e6d7-4461-a62c-67e8b2654bc6/1/nqPS_roNTk70k6MLRLZakOXg_FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/ce21a2-e6d7-4461-a62c-67e8b2654bc6/1/nqPS_roNTk70k6MLRLZakOXg_FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nqPS_roNTk70k6MLRLZakOXg_FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0e:45:71:5a:ac:e8:e5:e8:ee:d6:cf:5d:0c:6b:62:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ea3d2feba0d4e4ef493a30b44b65a90e5e0fc55
        Validity
            Not Before: Jul 15 13:28:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec373595c3b9e8f011d46cd29362f1207327de5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:71:bf:a5:36:f7:f2:10:c3:89:80:a5:35:29:
                    5b:a5:9b:6a:40:38:95:ae:0c:4b:b3:a3:21:0d:51:
                    d0:95:b3:47:6b:50:0e:84:28:64:c8:d3:a0:d4:c9:
                    46:62:03:70:2e:12:5d:95:64:2a:88:62:30:9b:cd:
                    62:a8:6b:27:81:60:ee:8b:72:3f:09:3d:ba:be:73:
                    88:99:fa:b9:a1:27:6f:29:c1:48:06:8f:b6:c3:d8:
                    5c:44:67:bb:db:a3:a2:42:8d:d3:ce:0d:e2:63:d9:
                    c0:7d:52:fc:59:4a:4b:ef:cc:8d:e3:c9:b6:01:e9:
                    25:10:bb:cc:f3:34:ec:0e:a9:16:6d:95:1f:eb:30:
                    3d:a5:89:10:c5:40:f7:ca:5e:17:ad:7e:19:4a:a2:
                    f6:f6:f6:74:96:84:b8:40:61:b4:a0:c5:f4:bf:c3:
                    51:f6:af:8a:65:91:c2:ff:05:b2:2b:38:98:bb:aa:
                    de:af:58:27:10:9a:c5:a1:e7:98:91:3b:f2:8a:27:
                    1e:c3:2b:6d:bd:4d:bf:c9:0b:66:36:42:03:f3:fa:
                    d7:d5:8f:70:08:b7:11:e4:55:23:7f:9b:7c:49:7d:
                    44:c5:d4:d4:6c:75:06:d6:80:ea:78:82:1b:76:e1:
                    1a:97:cc:49:45:28:de:b6:26:fd:4b:f0:78:f1:a8:
                    4a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:37:35:95:C3:B9:E8:F0:11:D4:6C:D2:93:62:F1:20:73:27:DE:5D
            X509v3 Authority Key Identifier:
                keyid:9E:A3:D2:FE:BA:0D:4E:4E:F4:93:A3:0B:44:B6:5A:90:E5:E0:FC:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nqPS_roNTk70k6MLRLZakOXg_FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ce21a2-e6d7-4461-a62c-67e8b2654bc6/1/7Dc1lcO56PAR1GzSk2LxIHMn3l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ce21a2-e6d7-4461-a62c-67e8b2654bc6/1/nqPS_roNTk70k6MLRLZakOXg_FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         15:50:a3:01:34:8a:8d:c4:49:96:1e:98:44:05:cd:94:aa:0d:
         aa:6a:48:27:f0:34:ae:3d:c8:59:d7:e6:31:d2:09:3a:c6:37:
         e3:78:88:e5:46:8b:99:76:1d:89:c9:fb:ae:02:01:54:ea:a1:
         42:8a:f9:7d:73:34:c5:59:65:31:a2:0a:ef:37:1a:9b:fb:f5:
         c4:06:4d:23:44:6d:bd:1d:79:09:98:87:f7:ab:ea:60:26:13:
         b0:38:33:9a:3b:ee:65:93:10:fa:35:af:33:d8:12:a8:62:6a:
         2d:0b:f8:79:28:7b:fd:24:e2:9d:73:e5:c2:04:c2:df:ef:a8:
         9e:02:62:a7:00:a1:f7:16:5e:b0:8f:fe:b3:f4:d2:6e:c9:65:
         a8:d6:f1:b1:25:b9:1d:57:13:ee:5f:f8:86:4f:ac:7b:d8:36:
         6e:24:a3:88:cf:2d:a0:ce:0d:5a:8e:b8:08:bc:77:02:d6:ac:
         d5:0a:dc:6a:dc:a1:62:a8:8c:81:ed:ab:10:63:a3:f2:d2:58:
         8d:27:c1:1c:c5:13:8b:dc:68:ce:e6:3c:ab:f8:43:fb:fa:30:
         61:1b:95:6c:4f:a2:12:36:6b:3c:78:49:e7:90:f7:0c:00:7d:
         bd:15:06:ff:93:76:7f:05:7e:58:3b:0d:27:43:79:d2:fd:b1:
         f6:a6:03:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgORXFarOjl6O7Wz10Ma2JhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYTNkMmZlYmEwZDRlNGVmNDkzYTMwYjQ0YjY1YTkwZTVl
MGZjNTUwHhcNMjUwNzE1MTMyODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzM3MzU5NWMzYjllOGYwMTFkNDZjZDI5MzYyZjEyMDczMjdkZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHG/pTb38hDDiYClNSlbpZtqQDiV
rgxLs6MhDVHQlbNHa1AOhChkyNOg1MlGYgNwLhJdlWQqiGIwm81iqGsngWDui3I/
CT26vnOImfq5oSdvKcFIBo+2w9hcRGe726OiQo3Tzg3iY9nAfVL8WUpL78yN48m2
AeklELvM8zTsDqkWbZUf6zA9pYkQxUD3yl4XrX4ZSqL29vZ0loS4QGG0oMX0v8NR
9q+KZZHC/wWyKziYu6rer1gnEJrFoeeYkTvyiicewyttvU2/yQtmNkID8/rX1Y9w
CLcR5FUjf5t8SX1ExdTUbHUG1oDqeIIbduEal8xJRSjetib9S/B48ahK4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOw3NZXDuejwEdRs0pNi8SBzJ95dMB8GA1UdIwQY
MBaAFJ6j0v66DU5O9JOjC0S2WpDl4PxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnFQU19yb05UazcwazZNTFJMWmFrT1hnX0ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9jZTIxYTItZTZkNy00NDYxLWE2MmMt
NjdlOGIyNjU0YmM2LzEvN0RjMWxjTzU2UEFSMUd6U2syTHhJSE1uM2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9jZTIxYTItZTZkNy00NDYxLWE2MmMtNjdlOGIyNjU0YmM2
LzEvbnFQU19yb05UazcwazZNTFJMWmFrT1hnX0ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDHw9gMA0G
CSqGSIb3DQEBCwUAA4IBAQAVUKMBNIqNxEmWHphEBc2Uqg2qakgn8DSuPchZ1+Yx
0gk6xjfjeIjlRouZdh2JyfuuAgFU6qFCivl9czTFWWUxogrvNxqb+/XEBk0jRG29
HXkJmIf3q+pgJhOwODOaO+5lkxD6Na8z2BKoYmotC/h5KHv9JOKdc+XCBMLf76ie
AmKnAKH3Fl6wj/6z9NJuyWWo1vGxJbkdVxPuX/iGT6x72DZuJKOIzy2gzg1ajrgI
vHcC1qzVCtxq3KFiqIyB7asQY6Py0liNJ8EcxROL3GjO5jyr+EP7+jBhG5VsT6IS
Nms8eEnnkPcMAH29FQb/k3Z/BX5YOw0nQ3nS/bH2pgPW
-----END CERTIFICATE-----