Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/7b7yTqrPaUhKpmuchWI0lR3o448.roa
File:                     7b7yTqrPaUhKpmuchWI0lR3o448.roa (raw, json)
Hash identifier:          VYBp/CvaRwtgTzlole+zPd3veaNveWdEcstdQbOvAd4=
Subject key identifier:   ED:BE:F2:4E:AA:CF:69:48:4A:A6:6B:9C:85:62:34:95:1D:E8:E3:8F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01989916F39C8D4E77F0CE74C6DBF2CFF94E
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/7b7yTqrPaUhKpmuchWI0lR3o448.roa
Signing time:             Mon 11 Aug 2025 12:24:34 +0000
ROA not before:           Mon 11 Aug 2025 12:24:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207483
IP address blocks:        31.14.10.0/24 maxlen: 24
                          176.223.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:99:16:f3:9c:8d:4e:77:f0:ce:74:c6:db:f2:cf:f9:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Aug 11 12:24:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edbef24eaacf69484aa66b9c856234951de8e38f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:83:73:32:ae:32:31:e9:9b:36:24:9b:0a:3c:
                    f8:87:90:d6:39:11:d7:4d:97:28:67:64:47:6e:b7:
                    c6:6e:28:b5:48:c2:c8:c9:26:51:9c:a0:91:d8:62:
                    e3:35:ec:30:0f:c6:bd:55:3e:69:13:0f:dd:1d:dd:
                    f6:dc:ad:e2:0d:b6:53:49:fd:1f:20:e5:88:9f:ca:
                    cd:2c:cf:25:d7:ec:20:67:74:37:77:03:a4:66:e4:
                    69:47:79:5f:d7:03:e3:ab:f9:38:a4:e4:ff:8f:98:
                    14:de:01:03:a5:4a:19:cf:81:bf:da:b1:45:88:75:
                    e3:67:2e:95:18:d1:04:53:61:29:0f:72:b7:52:69:
                    6c:4e:e0:cc:e7:b7:7b:31:19:2d:09:74:b4:db:0f:
                    6e:7d:84:ff:87:c3:63:86:1b:d8:29:8b:62:3f:c5:
                    a2:3e:b4:63:d0:6c:2e:07:67:63:0c:c5:37:63:47:
                    94:ee:b1:6f:6c:8b:96:f8:c2:a3:02:06:ff:4c:1a:
                    67:22:45:9a:2e:e0:d7:5c:6a:f1:58:cf:09:87:fb:
                    f8:34:32:fe:56:fc:3a:db:2b:95:f2:bc:9a:1b:54:
                    f5:9b:14:0d:92:2f:06:07:4f:fa:06:aa:ad:b6:5e:
                    0e:5e:e2:e3:8c:74:e1:b0:a7:9e:f5:82:e8:36:f1:
                    eb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:BE:F2:4E:AA:CF:69:48:4A:A6:6B:9C:85:62:34:95:1D:E8:E3:8F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/7b7yTqrPaUhKpmuchWI0lR3o448.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.10.0/24
                  176.223.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:dd:c6:d8:9e:b0:19:33:13:1e:8e:ed:1b:97:92:5d:9f:a4:
         56:85:07:2b:b8:e2:43:65:a3:8a:f6:53:b7:d1:f9:e8:dd:e7:
         20:cb:25:52:f0:33:cf:22:bf:01:0a:06:86:ca:ac:0a:81:a9:
         6c:e6:12:16:9c:47:5b:c2:7f:9c:f2:9e:01:93:3f:71:57:ec:
         68:f6:66:ab:1f:53:ce:56:6f:32:95:70:22:15:ab:3e:36:5f:
         dd:9a:f8:36:0d:8c:1f:bd:ed:19:2a:be:6b:9c:17:99:32:7a:
         6e:81:94:d9:7c:a3:52:f6:22:b5:cf:ee:af:60:68:da:ca:d6:
         1f:ea:77:b2:26:f4:a8:42:ce:b6:ce:83:1d:43:b6:18:69:0e:
         e7:7e:63:68:f6:b6:4d:85:d0:ae:3d:ff:b7:e4:e1:b6:21:7b:
         ac:e9:44:54:d2:6c:d2:05:cd:75:3e:95:91:2c:fc:9c:a2:06:
         79:2a:f6:fb:b2:f5:0d:71:9e:57:9f:26:04:81:d4:c6:f1:48:
         7f:f0:e4:37:dd:97:43:9b:33:a7:60:ad:2a:10:2b:d9:0c:46:
         96:cc:ed:5a:36:31:be:28:db:23:36:50:89:3f:e0:7e:1d:2b:
         7d:9a:91:ba:f9:76:dd:89:cc:97:c5:00:b5:d5:e7:83:9b:eb:
         97:c6:41:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiZFvOcjU538M50xtvyz/lOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwODExMTIyNDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGJlZjI0ZWFhY2Y2OTQ4NGFhNjZiOWM4NTYyMzQ5NTFkZThlMzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYNzMq4yMembNiSbCjz4h5DWORHX
TZcoZ2RHbrfGbii1SMLIySZRnKCR2GLjNewwD8a9VT5pEw/dHd323K3iDbZTSf0f
IOWIn8rNLM8l1+wgZ3Q3dwOkZuRpR3lf1wPjq/k4pOT/j5gU3gEDpUoZz4G/2rFF
iHXjZy6VGNEEU2EpD3K3UmlsTuDM57d7MRktCXS02w9ufYT/h8NjhhvYKYtiP8Wi
PrRj0GwuB2djDMU3Y0eU7rFvbIuW+MKjAgb/TBpnIkWaLuDXXGrxWM8Jh/v4NDL+
Vvw62yuV8ryaG1T1mxQNki8GB0/6Bqqttl4OXuLjjHThsKee9YLoNvHrVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO2+8k6qz2lISqZrnIViNJUd6OOPMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvN2I3eVRxclBhVWhLcG11Y2hXSTBsUjNvNDQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHw4KAwQA
sN9CMA0GCSqGSIb3DQEBCwUAA4IBAQB33cbYnrAZMxMeju0bl5Jdn6RWhQcruOJD
ZaOK9lO30fno3ecgyyVS8DPPIr8BCgaGyqwKgals5hIWnEdbwn+c8p4Bkz9xV+xo
9marH1POVm8ylXAiFas+Nl/dmvg2DYwfve0ZKr5rnBeZMnpugZTZfKNS9iK1z+6v
YGjaytYf6neyJvSoQs62zoMdQ7YYaQ7nfmNo9rZNhdCuPf+35OG2IXus6URU0mzS
Bc11PpWRLPycogZ5Kvb7svUNcZ5XnyYEgdTG8Uh/8OQ33ZdDmzOnYK0qECvZDEaW
zO1aNjG+KNsjNlCJP+B+HSt9mpG6+XbdicyXxQC11eeDm+uXxkFW
-----END CERTIFICATE-----