Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fzvvk5bzP10N2OQNounBbEQbNsE.roa
File:                     fzvvk5bzP10N2OQNounBbEQbNsE.roa (raw, json)
Hash identifier:          RKFAzkj15rOGrQMxeuqq2cZQnvwnI2ibWU1wR/fhdrE=
Subject key identifier:   7F:3B:EF:93:96:F3:3F:5D:0D:D8:E4:0D:A2:E9:C1:6C:44:1B:36:C1
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01988C676B60BFA74C1B8834CB0616E39B1A
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fzvvk5bzP10N2OQNounBbEQbNsE.roa
Signing time:             Sat 09 Aug 2025 01:17:24 +0000
ROA not before:           Sat 09 Aug 2025 01:17:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        103.17.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8c:67:6b:60:bf:a7:4c:1b:88:34:cb:06:16:e3:9b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Aug  9 01:17:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f3bef9396f33f5d0dd8e40da2e9c16c441b36c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:30:f8:af:9d:87:e8:36:fb:46:d3:bf:9e:1b:
                    a7:d7:c5:63:aa:31:a1:9d:7a:df:8f:6a:d1:26:1c:
                    d6:2d:86:a1:3f:f7:2a:cc:e7:3f:3c:61:31:50:05:
                    65:d2:b3:88:92:e7:63:48:bc:34:ff:31:59:24:3b:
                    46:d2:43:b7:15:6d:57:82:58:40:9b:b0:e1:ce:d9:
                    e0:f5:5b:c5:76:d5:4e:d5:55:cd:40:f8:a0:4a:de:
                    62:a6:f9:ee:69:16:61:e9:41:58:11:3d:9d:d5:4c:
                    3a:27:b1:f6:ff:8b:3e:b8:fd:56:66:b1:1b:c0:5d:
                    d6:9e:85:db:9c:3d:2e:e0:33:18:32:92:fd:05:68:
                    50:f5:36:5c:e6:79:46:86:18:cf:a1:35:ec:4c:e9:
                    7e:5d:e3:4a:22:ed:52:1c:26:7d:74:69:68:ff:eb:
                    78:2a:65:bb:e8:11:d2:18:ac:25:b3:d8:fa:ee:1e:
                    81:0b:b7:ae:27:4d:fc:f6:51:f3:03:a8:04:a0:e4:
                    a1:b2:a5:04:48:b8:ed:8b:1f:bb:40:10:09:0f:62:
                    f6:bf:3a:50:65:17:12:20:14:7d:a8:47:be:a8:0d:
                    0a:51:30:14:54:1d:54:41:f0:8b:1a:3d:3e:84:c1:
                    e4:ea:5b:2f:9c:6d:ed:3a:f4:ea:89:38:95:34:a3:
                    66:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:3B:EF:93:96:F3:3F:5D:0D:D8:E4:0D:A2:E9:C1:6C:44:1B:36:C1
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fzvvk5bzP10N2OQNounBbEQbNsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:70:72:c7:25:83:e6:2d:41:c2:82:9a:e0:f5:59:a6:09:93:
         bb:4f:77:b7:17:d5:ea:6b:ba:7f:fd:07:fc:9c:48:dd:c9:c3:
         27:bb:d7:77:ad:1a:b7:d2:cf:18:05:f7:7b:55:d0:64:77:b4:
         6e:f7:00:bf:a3:13:8f:12:0f:76:63:d8:48:a3:0d:5a:c5:a0:
         fb:6b:90:8e:92:2d:4d:03:dd:ab:7b:b0:2c:07:47:3e:1c:79:
         3d:ee:e9:21:25:46:4e:2e:17:dd:64:e7:2a:37:6e:b1:28:c3:
         75:e4:8d:da:a4:a4:ac:26:3f:9e:e9:7c:de:05:28:c2:a8:05:
         01:3f:13:47:ea:67:0b:33:f3:0e:3a:c5:b9:df:f3:5c:5a:78:
         65:c5:b9:73:31:9f:5d:00:f7:85:a4:e0:9c:f8:1e:52:5e:02:
         74:46:5d:2e:4c:1e:57:be:22:24:0e:5e:58:a0:58:fb:69:fd:
         d1:1f:5e:70:c7:48:c8:83:11:b7:27:2b:2f:3c:81:7a:d1:13:
         04:54:f4:ce:1f:37:31:77:a3:56:e2:fa:27:69:97:17:64:b5:
         8f:65:02:e5:55:81:19:71:f0:05:a7:5f:09:e0:9c:c1:1d:12:
         fe:10:9c:6f:bd:33:92:0e:5f:fd:e2:31:a3:75:f9:a7:d7:6e:
         0f:e2:87:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiMZ2tgv6dMG4g0ywYW45saMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwODA5MDExNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjNiZWY5Mzk2ZjMzZjVkMGRkOGU0MGRhMmU5YzE2YzQ0MWIzNmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozD4r52H6Db7RtO/nhun18VjqjGh
nXrfj2rRJhzWLYahP/cqzOc/PGExUAVl0rOIkudjSLw0/zFZJDtG0kO3FW1XglhA
m7Dhztng9VvFdtVO1VXNQPigSt5ipvnuaRZh6UFYET2d1Uw6J7H2/4s+uP1WZrEb
wF3WnoXbnD0u4DMYMpL9BWhQ9TZc5nlGhhjPoTXsTOl+XeNKIu1SHCZ9dGlo/+t4
KmW76BHSGKwls9j67h6BC7euJ0389lHzA6gEoOShsqUESLjtix+7QBAJD2L2vzpQ
ZRcSIBR9qEe+qA0KUTAUVB1UQfCLGj0+hMHk6lsvnG3tOvTqiTiVNKNm2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8775OW8z9dDdjkDaLpwWxEGzbBMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZnp2dms1YnpQMTBOMk9RTm91bkJiRVFiTnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZxFhMA0G
CSqGSIb3DQEBCwUAA4IBAQBKcHLHJYPmLUHCgprg9VmmCZO7T3e3F9Xqa7p//Qf8
nEjdycMnu9d3rRq30s8YBfd7VdBkd7Ru9wC/oxOPEg92Y9hIow1axaD7a5COki1N
A92re7AsB0c+HHk97ukhJUZOLhfdZOcqN26xKMN15I3apKSsJj+e6XzeBSjCqAUB
PxNH6mcLM/MOOsW53/NcWnhlxblzMZ9dAPeFpOCc+B5SXgJ0Rl0uTB5XviIkDl5Y
oFj7af3RH15wx0jIgxG3JysvPIF60RMEVPTOHzcxd6NW4vonaZcXZLWPZQLlVYEZ
cfAFp18J4JzBHRL+EJxvvTOSDl/94jGjdfmn124P4of6
-----END CERTIFICATE-----