Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/k3wReR7smqHRttYp_YytIIVUngE.roa
File:                     k3wReR7smqHRttYp_YytIIVUngE.roa (raw, json)
Hash identifier:          yfFvsISgbeVw0q/ouZSyuznCXuWiBQ8OYRXG8uymDy8=
Subject key identifier:   93:7C:11:79:1E:EC:9A:A1:D1:B6:D6:29:FD:8C:AD:20:85:54:9E:01
Certificate issuer:       /CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
Certificate serial:       019898BD1281AA54E52CD91B3AB1FC1446B7
Authority key identifier: 83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/k3wReR7smqHRttYp_YytIIVUngE.roa
Signing time:             Mon 11 Aug 2025 10:46:24 +0000
ROA not before:           Mon 11 Aug 2025 10:46:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        176.100.128.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:bd:12:81:aa:54:e5:2c:d9:1b:3a:b1:fc:14:46:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
        Validity
            Not Before: Aug 11 10:46:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=937c11791eec9aa1d1b6d629fd8cad2085549e01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4a:a0:14:c3:7f:fa:80:d5:76:47:fc:95:be:
                    61:a7:65:54:97:66:20:fd:bc:72:d8:9f:9a:fe:ac:
                    7b:20:d2:8f:74:5c:62:e0:0f:76:7b:90:fc:a5:9c:
                    87:52:93:fc:e0:9a:46:1c:a2:f3:b7:c0:69:c8:c9:
                    9e:26:ed:ad:bd:1d:7b:14:6e:47:74:07:bf:05:c4:
                    e2:62:a6:14:c8:53:55:45:a1:e9:99:cb:b8:bc:04:
                    68:76:46:6c:fe:53:f3:a6:de:6b:ad:99:92:cb:8f:
                    fc:c5:1f:ff:58:69:9b:a6:16:d3:35:9a:97:76:de:
                    96:94:13:5f:5d:ac:f6:f6:14:d6:02:a0:60:f4:5e:
                    73:96:55:7c:e1:48:66:83:54:28:18:c0:4d:80:e1:
                    3c:28:47:d4:f4:2e:e6:5a:b8:3e:9d:d9:f2:ba:79:
                    34:cf:bc:74:28:87:46:4a:a7:43:24:82:80:07:76:
                    71:2a:41:af:57:c6:a1:45:a4:a3:b3:4e:77:04:7c:
                    36:46:f9:67:16:fc:d4:72:7c:04:d6:7c:90:5f:4f:
                    54:11:84:11:bd:91:01:14:23:0a:cd:3a:6a:fe:9d:
                    d8:d0:7d:20:50:f3:f0:72:17:ec:44:67:a9:a3:3e:
                    41:71:bb:35:a2:4f:18:96:1d:97:20:90:48:9c:70:
                    38:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:7C:11:79:1E:EC:9A:A1:D1:B6:D6:29:FD:8C:AD:20:85:54:9E:01
            X509v3 Authority Key Identifier:
                keyid:83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/k3wReR7smqHRttYp_YytIIVUngE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:3b:7a:c6:09:c3:59:85:af:13:29:a2:23:83:f1:81:19:1b:
         3b:60:75:ac:f9:23:3f:ea:ed:ec:b2:70:e1:2c:71:c2:98:bf:
         38:39:54:34:50:82:0f:4c:6c:1e:34:ea:1e:86:37:29:aa:b4:
         e8:df:d3:ba:ea:08:69:65:96:c3:b0:a6:57:8b:0c:0a:33:84:
         00:3b:b1:cb:21:c2:56:e0:d9:28:22:8c:98:b0:69:6e:32:1e:
         be:d8:5c:4a:5b:47:c3:3a:73:f4:d9:16:37:36:b2:6f:7f:fe:
         29:39:ef:2d:ad:55:dd:8c:9f:58:cd:7d:05:5c:6c:ef:98:25:
         98:cd:98:9e:6e:d3:50:36:b9:b1:d0:d3:65:49:fa:6d:ac:62:
         93:07:fe:ac:02:c5:f3:7d:71:f8:fd:3c:e5:2c:08:f9:e0:d8:
         04:dd:e3:63:6c:57:1c:00:cb:da:f4:e0:54:7b:c7:a0:e2:82:
         10:3d:e3:4d:c4:3e:ac:85:98:89:3c:d4:25:5b:b5:d9:7b:5b:
         bb:ce:af:49:aa:84:c8:e9:5b:99:2a:00:f5:64:ac:c2:d8:98:
         cb:a9:e4:89:c7:75:ec:26:3f:46:51:a8:df:60:5d:98:a6:65:
         42:40:c8:4d:51:1b:29:64:61:49:23:1f:67:10:bd:ad:0f:a5:
         ac:32:ed:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYvRKBqlTlLNkbOrH8FEa3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZjM2YjBhZGVlNmNiNTUxODc2M2I1YmM4ZWFhM2Q0MWYy
M2U5MzgwHhcNMjUwODExMTA0NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzdjMTE3OTFlZWM5YWExZDFiNmQ2MjlmZDhjYWQyMDg1NTQ5ZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkqgFMN/+oDVdkf8lb5hp2VUl2Yg
/bxy2J+a/qx7INKPdFxi4A92e5D8pZyHUpP84JpGHKLzt8BpyMmeJu2tvR17FG5H
dAe/BcTiYqYUyFNVRaHpmcu4vARodkZs/lPzpt5rrZmSy4/8xR//WGmbphbTNZqX
dt6WlBNfXaz29hTWAqBg9F5zllV84Uhmg1QoGMBNgOE8KEfU9C7mWrg+ndnyunk0
z7x0KIdGSqdDJIKAB3ZxKkGvV8ahRaSjs053BHw2RvlnFvzUcnwE1nyQX09UEYQR
vZEBFCMKzTpq/p3Y0H0gUPPwchfsRGepoz5Bcbs1ok8Ylh2XIJBInHA4zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJN8EXke7Jqh0bbWKf2MrSCFVJ4BMB8GA1UdIwQY
MBaAFIPzawre5stVGHY7W8jqo9QfI+k4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGIt
YWY2NGYzZmEyNDU5LzEvazN3UmVSN3NtcUhSdHRZcF9ZeXRJSVZVbmdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGItYWY2NGYzZmEyNDU5
LzEvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsGSAMA0G
CSqGSIb3DQEBCwUAA4IBAQAQO3rGCcNZha8TKaIjg/GBGRs7YHWs+SM/6u3ssnDh
LHHCmL84OVQ0UIIPTGweNOoehjcpqrTo39O66ghpZZbDsKZXiwwKM4QAO7HLIcJW
4NkoIoyYsGluMh6+2FxKW0fDOnP02RY3NrJvf/4pOe8trVXdjJ9YzX0FXGzvmCWY
zZiebtNQNrmx0NNlSfptrGKTB/6sAsXzfXH4/TzlLAj54NgE3eNjbFccAMva9OBU
e8eg4oIQPeNNxD6shZiJPNQlW7XZe1u7zq9JqoTI6VuZKgD1ZKzC2JjLqeSJx3Xs
Jj9GUajfYF2YpmVCQMhNURspZGFJIx9nEL2tD6WsMu0H
-----END CERTIFICATE-----