Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/STH4-y1aq1LhW-baf9HKwXtIHJQ.roa
File:                     STH4-y1aq1LhW-baf9HKwXtIHJQ.roa (raw, json)
Hash identifier:          yaIK76KSwbSajy8q/yoNwGsAyGyY8gBGn7TqV9f/vug=
Subject key identifier:   49:31:F8:FB:2D:5A:AB:52:E1:5B:E6:DA:7F:D1:CA:C1:7B:48:1C:94
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       019A07E47323E9C7D45C0EF30AEEAA93A9C0
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/STH4-y1aq1LhW-baf9HKwXtIHJQ.roa
Signing time:             Tue 21 Oct 2025 17:50:03 +0000
ROA not before:           Tue 21 Oct 2025 17:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205866
IP address blocks:        2a11:1540::/29 maxlen: 29
                          2a11:3446::/32 maxlen: 32
                          2a11:4a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:e4:73:23:e9:c7:d4:5c:0e:f3:0a:ee:aa:93:a9:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Oct 21 17:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4931f8fb2d5aab52e15be6da7fd1cac17b481c94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c5:57:f9:65:8d:2a:5f:94:7e:fa:c7:f9:fd:
                    51:f3:22:81:6a:11:4e:d6:b2:e7:5d:ce:d0:ea:b0:
                    8d:f5:87:91:6b:48:90:6c:3a:98:76:f3:39:26:59:
                    9e:31:20:5e:ea:57:02:c0:e0:aa:6d:74:cb:75:e4:
                    fa:3b:07:d9:d0:79:5c:4c:17:56:e1:fe:a6:af:65:
                    d6:64:72:3d:7d:ab:e0:01:a4:97:76:cd:13:a1:50:
                    f0:80:93:b3:f0:6a:2b:55:6e:ca:b7:46:1d:66:71:
                    46:13:53:2e:e3:74:4e:fe:ec:1e:01:fb:77:6c:a4:
                    fc:3f:e8:a4:9f:5c:15:da:86:ff:b6:b9:84:9d:a7:
                    f3:27:fd:bf:f3:63:36:51:07:14:77:26:2f:5f:95:
                    42:64:05:53:37:6a:b7:e7:95:ca:8a:07:56:7b:35:
                    8f:eb:ee:e4:4f:67:d1:5c:84:27:02:b0:30:db:d9:
                    73:b0:1f:6b:85:a7:72:e0:b5:39:9b:e5:2e:d5:7b:
                    a5:36:d8:ad:bf:7e:fc:a3:0c:88:59:d3:02:6d:05:
                    19:e2:2f:a9:80:2a:2f:1c:37:2e:5b:62:cf:34:b2:
                    0e:d0:65:ea:8e:97:e9:bf:31:53:83:2d:c6:a6:74:
                    2e:61:1b:26:fd:00:e5:4f:a5:e9:a1:98:dc:6e:e7:
                    38:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:31:F8:FB:2D:5A:AB:52:E1:5B:E6:DA:7F:D1:CA:C1:7B:48:1C:94
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/STH4-y1aq1LhW-baf9HKwXtIHJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1540::/29
                  2a11:3446::/32
                  2a11:4a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:f9:54:58:ce:93:2c:65:48:36:a5:06:45:f8:4c:c9:7d:b5:
         24:40:13:12:94:30:55:23:5e:5c:01:c3:1e:5d:76:70:f8:33:
         d3:e2:ff:88:3c:54:17:a0:8d:3b:c5:1f:d9:b6:f6:89:13:32:
         a1:c7:e5:96:a3:23:a2:3d:ce:1b:5e:43:2f:e1:7e:75:17:36:
         cd:c9:7a:c5:9f:7b:ab:a0:13:79:85:5c:aa:37:91:6c:a1:53:
         99:4a:5a:40:9e:8d:26:fe:88:94:5a:a7:d1:cd:12:7b:c8:30:
         e9:53:df:d3:a5:2d:53:99:d2:29:ad:c6:71:f4:90:2b:23:69:
         df:d5:41:f5:4f:22:c3:f9:af:88:03:ab:df:b5:f7:6b:3c:0e:
         0a:0f:af:49:dc:3e:d5:33:e1:1e:e2:fb:31:eb:ef:64:39:43:
         f2:4c:82:1b:e4:02:d5:5b:bf:9b:14:8f:e0:ff:70:ca:8b:57:
         5c:1b:cc:1d:0e:70:e1:df:27:f6:34:f9:bf:20:cd:c4:aa:08:
         f2:39:74:99:4a:51:3a:0c:54:4c:ec:54:34:8d:24:18:44:22:
         22:6a:93:36:6e:6e:12:1f:bb:4f:c0:40:af:49:ef:84:31:48:
         38:15:58:20:b4:d1:3a:db:75:44:42:d1:c8:9d:ef:46:7d:b8:
         8a:1b:fb:86
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoH5HMj6cfUXA7zCu6qk6nAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUxMDIxMTc1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTMxZjhmYjJkNWFhYjUyZTE1YmU2ZGE3ZmQxY2FjMTdiNDgxYzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsVX+WWNKl+UfvrH+f1R8yKBahFO
1rLnXc7Q6rCN9YeRa0iQbDqYdvM5JlmeMSBe6lcCwOCqbXTLdeT6OwfZ0HlcTBdW
4f6mr2XWZHI9favgAaSXds0ToVDwgJOz8GorVW7Kt0YdZnFGE1Mu43RO/uweAft3
bKT8P+ikn1wV2ob/trmEnafzJ/2/82M2UQcUdyYvX5VCZAVTN2q355XKigdWezWP
6+7kT2fRXIQnArAw29lzsB9rhady4LU5m+Uu1XulNtitv378owyIWdMCbQUZ4i+p
gCovHDcuW2LPNLIO0GXqjpfpvzFTgy3GpnQuYRsm/QDlT6XpoZjcbuc4ewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEkx+PstWqtS4Vvm2n/RysF7SByUMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvU1RINC15MWFxMUxoVy1iYWY5SEt3WHRJSEpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhEVQAMF
ACoRNEYDBQMqEUqAMA0GCSqGSIb3DQEBCwUAA4IBAQAb+VRYzpMsZUg2pQZF+EzJ
fbUkQBMSlDBVI15cAcMeXXZw+DPT4v+IPFQXoI07xR/ZtvaJEzKhx+WWoyOiPc4b
XkMv4X51FzbNyXrFn3uroBN5hVyqN5FsoVOZSlpAno0m/oiUWqfRzRJ7yDDpU9/T
pS1TmdIprcZx9JArI2nf1UH1TyLD+a+IA6vftfdrPA4KD69J3D7VM+Ee4vsx6+9k
OUPyTIIb5ALVW7+bFI/g/3DKi1dcG8wdDnDh3yf2NPm/IM3EqgjyOXSZSlE6DFRM
7FQ0jSQYRCIiapM2bm4SH7tPwECvSe+EMUg4FVggtNE623VEQtHIne9GfbiKG/uG
-----END CERTIFICATE-----