Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/KqKhKARLMvPV_bRfQE5O-Q0jitE.roa
File:                     KqKhKARLMvPV_bRfQE5O-Q0jitE.roa (raw, json)
Hash identifier:          g5DaBAVimvDHhHZlO6bebh2BYJNntLdIOufL8sw6/TA=
Subject key identifier:   2A:A2:A1:28:04:4B:32:F3:D5:FD:B4:5F:40:4E:4E:F9:0D:23:8A:D1
Certificate issuer:       /CN=d8772aac1b62b87d6b01d57a1a00a6a72b8a7da6
Certificate serial:       0199A9DF39659E243222EC96BF135261D75D
Authority key identifier: D8:77:2A:AC:1B:62:B8:7D:6B:01:D5:7A:1A:00:A6:A7:2B:8A:7D:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/KqKhKARLMvPV_bRfQE5O-Q0jitE.roa
Signing time:             Fri 03 Oct 2025 11:40:02 +0000
ROA not before:           Fri 03 Oct 2025 11:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3491
IP address blocks:        139.123.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:df:39:65:9e:24:32:22:ec:96:bf:13:52:61:d7:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8772aac1b62b87d6b01d57a1a00a6a72b8a7da6
        Validity
            Not Before: Oct  3 11:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2aa2a128044b32f3d5fdb45f404e4ef90d238ad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:64:03:fc:a5:29:b5:bb:56:cb:3d:1e:e3:9c:
                    c9:48:6f:4d:c5:45:96:c7:e8:11:b8:36:7c:5f:66:
                    9b:fb:70:fe:17:48:ea:3f:87:94:6f:18:e2:04:3e:
                    a6:63:a6:8b:c1:a4:33:d5:3f:dc:2f:4d:d6:01:83:
                    b5:bb:ed:db:b3:a5:55:74:22:be:28:ec:78:5b:e0:
                    3b:90:9e:2a:6d:1a:91:c6:98:29:83:3b:e1:1f:de:
                    a7:1c:9a:9e:04:93:f9:1f:ed:fa:e6:b4:9f:40:54:
                    9c:87:a6:60:21:77:b6:2c:9e:4a:99:b3:52:b5:9b:
                    eb:35:44:1e:3b:2f:5f:d1:7f:0e:35:bb:e4:a0:1b:
                    62:70:91:72:e7:57:7e:6a:6b:da:13:a2:c0:b6:1a:
                    1e:12:f4:57:fd:92:37:8c:9f:a5:c8:e4:9e:d4:3e:
                    54:19:b2:14:1c:b9:b1:3b:2e:8b:7d:db:c8:b8:3d:
                    25:a2:bc:96:fe:06:d5:4b:e0:9c:cd:f6:87:34:cb:
                    06:be:f5:ad:d7:6f:be:f5:61:b5:e7:a1:5a:70:f0:
                    8c:89:3f:84:a2:aa:89:7a:d5:1b:8e:3a:e3:92:43:
                    2c:ff:1e:96:44:55:ed:75:e7:ae:ff:38:a5:43:ff:
                    05:cc:ba:d9:bc:36:17:6e:47:ce:26:33:ca:b5:2f:
                    4d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A2:A1:28:04:4B:32:F3:D5:FD:B4:5F:40:4E:4E:F9:0D:23:8A:D1
            X509v3 Authority Key Identifier:
                keyid:D8:77:2A:AC:1B:62:B8:7D:6B:01:D5:7A:1A:00:A6:A7:2B:8A:7D:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/KqKhKARLMvPV_bRfQE5O-Q0jitE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.123.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:cb:b4:93:7d:eb:4b:3a:6f:a2:96:9d:d4:38:a2:92:40:de:
         ad:42:14:ef:11:f1:eb:57:22:f5:b9:bc:c3:e8:44:9d:1e:c2:
         b8:30:fb:eb:0b:0a:6b:d4:8b:34:ee:73:44:cf:36:dc:8b:88:
         f0:0b:cc:52:1d:60:bc:6e:98:bd:59:75:f0:19:06:77:26:40:
         57:f5:96:19:66:76:fa:8e:1a:02:07:41:4d:ce:88:de:5c:50:
         fc:1c:3d:db:37:6a:45:97:34:2e:05:8f:47:7c:39:c0:db:b1:
         86:28:d3:f2:48:24:55:eb:29:00:8b:d1:f9:54:67:20:72:bd:
         e2:ac:ea:92:40:95:bf:36:01:2e:a4:c8:8f:ec:fd:ae:7b:ab:
         24:e3:fe:ce:78:8a:b0:1e:66:fe:b4:79:e5:a2:55:e4:cd:a8:
         12:49:65:31:c2:d6:fd:b6:d4:c7:60:db:24:23:81:4b:19:0f:
         9e:ef:04:54:08:f0:ea:90:67:94:41:10:82:59:4d:dc:aa:b1:
         e6:20:f1:d3:73:4d:6a:1d:fd:f0:3e:33:dc:f5:d5:b9:6c:f7:
         80:32:8c:82:45:c1:a1:f5:ff:29:a5:86:38:16:90:3d:79:f2:
         ea:f4:d2:fd:62:0f:59:92:c1:88:ca:9f:61:31:75:20:eb:d0:
         38:3e:a0:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmp3zllniQyIuyWvxNSYdddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NzcyYWFjMWI2MmI4N2Q2YjAxZDU3YTFhMDBhNmE3MmI4
YTdkYTYwHhcNMjUxMDAzMTE0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWEyYTEyODA0NGIzMmYzZDVmZGI0NWY0MDRlNGVmOTBkMjM4YWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGQD/KUptbtWyz0e45zJSG9NxUWW
x+gRuDZ8X2ab+3D+F0jqP4eUbxjiBD6mY6aLwaQz1T/cL03WAYO1u+3bs6VVdCK+
KOx4W+A7kJ4qbRqRxpgpgzvhH96nHJqeBJP5H+365rSfQFSch6ZgIXe2LJ5KmbNS
tZvrNUQeOy9f0X8ONbvkoBticJFy51d+amvaE6LAthoeEvRX/ZI3jJ+lyOSe1D5U
GbIUHLmxOy6LfdvIuD0loryW/gbVS+CczfaHNMsGvvWt12++9WG156FacPCMiT+E
oqqJetUbjjrjkkMs/x6WRFXtdeeu/zilQ/8FzLrZvDYXbkfOJjPKtS9NbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqioSgESzLz1f20X0BOTvkNI4rRMB8GA1UdIwQY
MBaAFNh3KqwbYrh9awHVehoApqcrin2mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkhjcXJCdGl1SDFyQWRWNkdnQ21weXVLZmFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My82MTZhNTgtNTM0Mi00MzJjLWE5YzUt
MzMzYmVlY2ZmNmY0LzEvS3FLaEtBUkxNdlBWX2JSZlFFNU8tUTBqaXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My82MTZhNTgtNTM0Mi00MzJjLWE5YzUtMzMzYmVlY2ZmNmY0
LzEvMkhjcXJCdGl1SDFyQWRWNkdnQ21weXVLZmFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAi3voMA0G
CSqGSIb3DQEBCwUAA4IBAQAay7STfetLOm+ilp3UOKKSQN6tQhTvEfHrVyL1ubzD
6ESdHsK4MPvrCwpr1Is07nNEzzbci4jwC8xSHWC8bpi9WXXwGQZ3JkBX9ZYZZnb6
jhoCB0FNzojeXFD8HD3bN2pFlzQuBY9HfDnA27GGKNPySCRV6ykAi9H5VGcgcr3i
rOqSQJW/NgEupMiP7P2ue6sk4/7OeIqwHmb+tHnlolXkzagSSWUxwtb9ttTHYNsk
I4FLGQ+e7wRUCPDqkGeUQRCCWU3cqrHmIPHTc01qHf3wPjPc9dW5bPeAMoyCRcGh
9f8ppYY4FpA9efLq9NL9Yg9ZksGIyp9hMXUg69A4PqA1
-----END CERTIFICATE-----