Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/W_QbYX9ZTefRSwKnL72ps23YkbU.roa
File:                     W_QbYX9ZTefRSwKnL72ps23YkbU.roa (raw, json)
Hash identifier:          O+yO4y0kWUxUwS+WjWuH503NMuQYxW5RzvY5stzKpfg=
Subject key identifier:   5B:F4:1B:61:7F:59:4D:E7:D1:4B:02:A7:2F:BD:A9:B3:6D:D8:91:B5
Certificate issuer:       /CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
Certificate serial:       0197456E7B2C831371B11BAAF5D2D97C3A82
Authority key identifier: 91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/W_QbYX9ZTefRSwKnL72ps23YkbU.roa
Signing time:             Fri 06 Jun 2025 13:29:17 +0000
ROA not before:           Fri 06 Jun 2025 13:29:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398993
IP address blocks:        116.204.164.0/23 maxlen: 23
                          116.204.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:45:6e:7b:2c:83:13:71:b1:1b:aa:f5:d2:d9:7c:3a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914aa557c3d3d1e6b7f0525c34cc1d488a5a9294
        Validity
            Not Before: Jun  6 13:29:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bf41b617f594de7d14b02a72fbda9b36dd891b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fa:cc:bf:0f:a9:af:76:00:0e:e0:b0:ea:08:
                    ed:05:89:8c:af:75:e0:94:69:d5:0c:0c:11:d2:87:
                    d8:96:16:df:37:f5:6c:46:57:bf:5f:f9:51:2f:97:
                    43:5c:98:19:43:69:47:ef:a0:db:d9:85:37:de:e5:
                    56:fa:86:ec:fc:ed:eb:3a:80:42:19:e4:57:4b:fd:
                    79:52:22:9c:47:14:51:14:55:7c:84:1f:57:9a:68:
                    19:a2:29:76:64:2a:0f:ce:1d:33:6e:5d:a9:b1:cf:
                    73:bc:60:7e:ad:58:52:37:4f:01:29:a0:df:ff:3c:
                    df:99:9e:11:ba:3b:4b:d3:91:85:03:65:8e:5f:1f:
                    a7:78:af:f5:96:07:8f:a5:f6:fc:31:9e:b1:45:95:
                    e6:c9:d9:47:91:63:4e:43:b7:5c:e3:74:65:b8:6d:
                    79:3b:7b:8b:dd:5d:ab:c1:21:6a:bd:fd:75:3a:8e:
                    8c:d1:c9:96:88:1f:29:c7:fb:4f:48:5d:ea:b4:5e:
                    a7:e8:98:7b:23:f3:a7:a9:05:88:46:c2:34:1e:33:
                    18:95:13:d8:dc:22:bc:92:10:9d:e1:38:6f:eb:df:
                    cb:d2:2a:7d:80:f4:f8:95:98:6f:a0:ee:50:85:38:
                    34:1a:29:11:c2:09:ad:7d:bf:9b:8e:a4:e1:d3:37:
                    10:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F4:1B:61:7F:59:4D:E7:D1:4B:02:A7:2F:BD:A9:B3:6D:D8:91:B5
            X509v3 Authority Key Identifier:
                keyid:91:4A:A5:57:C3:D3:D1:E6:B7:F0:52:5C:34:CC:1D:48:8A:5A:92:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUqlV8PT0ea38FJcNMwdSIpakpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/W_QbYX9ZTefRSwKnL72ps23YkbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/db97d0-28f2-4329-b856-4a348e7be441/1/kUqlV8PT0ea38FJcNMwdSIpakpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.204.164.0-116.204.166.255

    Signature Algorithm: sha256WithRSAEncryption
         40:b4:12:27:80:2e:1c:0e:c8:8b:ae:ea:78:2b:cb:09:bb:af:
         c5:b9:36:39:e3:7b:35:4d:b5:17:e0:c5:ff:c2:18:e4:0a:ba:
         a0:8c:54:af:59:87:24:15:be:bd:da:45:28:d4:5a:8f:37:c8:
         43:e1:54:5c:63:7e:10:1d:48:9f:aa:27:ed:0e:c9:e9:70:45:
         cb:17:79:5f:3b:37:fd:c5:e1:74:59:b6:cc:56:81:3c:a6:9a:
         ee:ad:bf:67:1a:79:29:97:f8:f1:f4:af:62:c6:26:7f:27:94:
         ef:e6:57:67:47:4e:cd:03:9c:c9:1d:45:39:fe:93:aa:5b:1c:
         6f:9c:cd:9a:63:92:fc:c9:90:9a:87:e7:9c:72:f1:22:b7:1d:
         20:02:1d:64:d1:10:a0:6d:53:94:48:5a:cd:ec:d9:6e:f9:fb:
         48:95:4d:6b:22:31:d8:46:5f:98:f6:fb:c7:c5:98:9c:75:f4:
         52:7f:19:b7:a5:f4:b6:c4:f2:ba:53:35:25:63:26:a6:cc:28:
         c0:71:61:ea:10:18:74:16:50:05:96:2c:fa:82:44:e4:b7:84:
         76:dd:c9:b9:8d:ae:09:cf:a2:b3:f3:3c:80:77:93:a0:d9:c0:
         80:07:02:e4:93:e0:3e:50:48:a0:d1:18:74:a3:fb:66:3a:b4:
         25:87:54:91
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdFbnssgxNxsRuq9dLZfDqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGFhNTU3YzNkM2QxZTZiN2YwNTI1YzM0Y2MxZDQ4OGE1
YTkyOTQwHhcNMjUwNjA2MTMyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmY0MWI2MTdmNTk0ZGU3ZDE0YjAyYTcyZmJkYTliMzZkZDg5MWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/rMvw+pr3YADuCw6gjtBYmMr3Xg
lGnVDAwR0ofYlhbfN/VsRle/X/lRL5dDXJgZQ2lH76Db2YU33uVW+obs/O3rOoBC
GeRXS/15UiKcRxRRFFV8hB9XmmgZoil2ZCoPzh0zbl2psc9zvGB+rVhSN08BKaDf
/zzfmZ4RujtL05GFA2WOXx+neK/1lgePpfb8MZ6xRZXmydlHkWNOQ7dc43RluG15
O3uL3V2rwSFqvf11Oo6M0cmWiB8px/tPSF3qtF6n6Jh7I/OnqQWIRsI0HjMYlRPY
3CK8khCd4Thv69/L0ip9gPT4lZhvoO5QhTg0GikRwgmtfb+bjqTh0zcQfwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFv0G2F/WU3n0UsCpy+9qbNt2JG1MB8GA1UdIwQY
MBaAFJFKpVfD09Hmt/BSXDTMHUiKWpKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYt
NGEzNDhlN2JlNDQxLzEvV19RYllYOVpUZWZSU3dLbkw3MnBzMjNZa2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYjk3ZDAtMjhmMi00MzI5LWI4NTYtNGEzNDhlN2JlNDQx
LzEva1VxbFY4UFQwZWEzOEZKY05Nd2RTSXBha3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJ0zKQD
BAB0zKYwDQYJKoZIhvcNAQELBQADggEBAEC0EieALhwOyIuu6ngrywm7r8W5Njnj
ezVNtRfgxf/CGOQKuqCMVK9ZhyQVvr3aRSjUWo83yEPhVFxjfhAdSJ+qJ+0Oyelw
RcsXeV87N/3F4XRZtsxWgTymmu6tv2caeSmX+PH0r2LGJn8nlO/mV2dHTs0DnMkd
RTn+k6pbHG+czZpjkvzJkJqH55xy8SK3HSACHWTREKBtU5RIWs3s2W75+0iVTWsi
MdhGX5j2+8fFmJx19FJ/Gbel9LbE8rpTNSVjJqbMKMBxYeoQGHQWUAWWLPqCROS3
hHbdybmNrgnPorPzPIB3k6DZwIAHAuST4D5QSKDRGHSj+2Y6tCWHVJE=
-----END CERTIFICATE-----