Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/uXnXM2doRdgPxPLss67yZDybX3c.roa
File:                     uXnXM2doRdgPxPLss67yZDybX3c.roa (raw, json)
Hash identifier:          v/9LpKS+fRbveb8mkVXNCZiCRRTvaRsQbncri3yjFJk=
Subject key identifier:   B9:79:D7:33:67:68:45:D8:0F:C4:F2:EC:B3:AE:F2:64:3C:9B:5F:77
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0198BEB5D5539CA59C3F4D63B82350EC32D8
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/uXnXM2doRdgPxPLss67yZDybX3c.roa
Signing time:             Mon 18 Aug 2025 19:44:04 +0000
ROA not before:           Mon 18 Aug 2025 19:44:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401163
IP address blocks:        31.42.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:13:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:be:b5:d5:53:9c:a5:9c:3f:4d:63:b8:23:50:ec:32:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Aug 18 19:44:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b979d733676845d80fc4f2ecb3aef2643c9b5f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:25:3e:5a:f6:f6:36:cb:72:3a:f4:d5:12:56:
                    27:65:a0:57:7b:34:f4:8b:05:5d:d4:3e:ee:af:f4:
                    9d:f0:56:a8:97:9e:66:22:e5:fd:7e:66:49:d5:51:
                    6f:1d:1f:66:9c:5d:4a:60:80:00:10:c8:af:20:fd:
                    43:70:e5:5a:57:c6:56:1e:ab:98:0e:80:ad:c8:6d:
                    cf:a9:21:90:c0:6d:99:03:2c:12:a1:a6:1e:02:64:
                    ff:e1:00:4d:f2:e6:09:d8:c3:88:fb:36:3e:73:42:
                    cd:6a:3c:77:21:66:bf:25:ed:a5:79:2f:d6:26:92:
                    22:a7:52:e2:ff:0c:f5:68:ad:e7:3b:94:e8:04:fc:
                    15:2b:74:05:ee:cc:0b:e6:c2:ee:ad:64:80:47:35:
                    c4:65:c9:4d:6c:ee:10:67:9b:f3:6d:1b:89:7d:6e:
                    99:b7:89:23:76:8a:4a:24:f6:eb:a3:7c:ce:f6:75:
                    82:b6:6e:ed:7b:b6:74:9e:86:17:91:6f:21:8a:a5:
                    b5:40:2e:e0:7d:48:5b:72:98:4f:d5:a0:fb:f0:ca:
                    4e:a1:c0:15:9c:d9:8f:29:7b:11:97:45:ff:8b:d9:
                    c6:bf:c0:0b:1e:0b:57:8f:eb:3c:76:b4:9e:63:0e:
                    8e:04:9d:77:32:44:83:de:a0:61:f4:f1:41:75:75:
                    58:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:79:D7:33:67:68:45:D8:0F:C4:F2:EC:B3:AE:F2:64:3C:9B:5F:77
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/uXnXM2doRdgPxPLss67yZDybX3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:3a:73:15:78:7c:5e:56:b2:0c:ad:41:e0:52:b1:93:71:5d:
         b0:ee:d8:c4:34:24:fd:c1:23:5d:e5:cb:16:8d:0a:20:64:d6:
         a7:80:bd:d1:1c:2b:79:e4:f3:3a:d9:1d:58:32:dc:16:31:15:
         31:a3:5b:ae:d4:f4:29:f1:f8:c5:10:c1:67:58:0b:80:f1:c0:
         af:dd:f5:e8:ad:db:9d:bc:da:d7:02:8f:ca:d7:d7:ec:fa:d8:
         f6:dc:04:b9:cc:94:ee:34:18:2a:e2:ec:75:b4:6e:55:2c:18:
         f6:3a:fc:36:1a:62:7d:38:d9:35:8c:43:98:4f:1d:5b:df:11:
         69:6c:88:3d:01:44:24:9a:c4:05:39:11:50:c5:20:9c:18:e9:
         16:1a:91:75:4e:47:74:48:db:44:6a:4d:3d:68:3d:a5:4b:71:
         db:d7:7a:db:29:e0:b5:40:31:b8:1a:2a:c2:5d:2e:d8:cf:be:
         60:74:d6:fa:a8:42:ba:62:ac:dd:73:1b:46:0d:bd:1a:30:2a:
         db:b2:b4:0e:19:cf:96:d8:b6:b7:d0:47:3a:cb:34:f4:f1:2b:
         1c:04:db:79:f5:9f:dd:7e:15:4f:a2:a7:4e:df:0d:bb:8f:19:
         3d:57:e7:c0:0e:00:c5:43:8e:48:63:1a:7e:01:83:45:aa:09:
         8f:56:e7:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi+tdVTnKWcP01juCNQ7DLYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwODE4MTk0NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTc5ZDczMzY3Njg0NWQ4MGZjNGYyZWNiM2FlZjI2NDNjOWI1Zjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SU+Wvb2NstyOvTVElYnZaBXezT0
iwVd1D7ur/Sd8Faol55mIuX9fmZJ1VFvHR9mnF1KYIAAEMivIP1DcOVaV8ZWHquY
DoCtyG3PqSGQwG2ZAywSoaYeAmT/4QBN8uYJ2MOI+zY+c0LNajx3IWa/Je2leS/W
JpIip1Li/wz1aK3nO5ToBPwVK3QF7swL5sLurWSARzXEZclNbO4QZ5vzbRuJfW6Z
t4kjdopKJPbro3zO9nWCtm7te7Z0noYXkW8hiqW1QC7gfUhbcphP1aD78MpOocAV
nNmPKXsRl0X/i9nGv8ALHgtXj+s8drSeYw6OBJ13MkSD3qBh9PFBdXVYhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLl51zNnaEXYD8Ty7LOu8mQ8m193MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvdVhuWE0yZG9SZGdQeFBMc3M2N3laRHliWDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp/MA0G
CSqGSIb3DQEBCwUAA4IBAQBdOnMVeHxeVrIMrUHgUrGTcV2w7tjENCT9wSNd5csW
jQogZNangL3RHCt55PM62R1YMtwWMRUxo1uu1PQp8fjFEMFnWAuA8cCv3fXordud
vNrXAo/K19fs+tj23AS5zJTuNBgq4ux1tG5VLBj2Ovw2GmJ9ONk1jEOYTx1b3xFp
bIg9AUQkmsQFORFQxSCcGOkWGpF1Tkd0SNtEak09aD2lS3Hb13rbKeC1QDG4GirC
XS7Yz75gdNb6qEK6YqzdcxtGDb0aMCrbsrQOGc+W2La30Ec6yzT08SscBNt59Z/d
fhVPoqdO3w27jxk9V+fADgDFQ45IYxp+AYNFqgmPVufa
-----END CERTIFICATE-----