Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/vkmUdjCWN1ZeVuWp7Z6DgVm4SGk.roa
File:                     vkmUdjCWN1ZeVuWp7Z6DgVm4SGk.roa (raw, json)
Hash identifier:          1vheYcmcnb4TdJ7xu17GBmTQ7bM9CvRsfJ3QRM8fYsc=
Subject key identifier:   BE:49:94:76:30:96:37:56:5E:56:E5:A9:ED:9E:83:81:59:B8:48:69
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       0198FEC628EAC618E8E514561FE1A67B8222
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/vkmUdjCWN1ZeVuWp7Z6DgVm4SGk.roa
Signing time:             Sun 31 Aug 2025 06:17:36 +0000
ROA not before:           Sun 31 Aug 2025 06:17:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        31.223.192.0/21 maxlen: 24
                          31.223.200.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fe:c6:28:ea:c6:18:e8:e5:14:56:1f:e1:a6:7b:82:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Aug 31 06:17:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be499476309637565e56e5a9ed9e838159b84869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:27:5a:15:d7:07:19:76:0b:d6:ee:56:2e:f5:
                    80:2e:0a:7f:19:6b:d7:42:00:b1:76:9a:eb:27:27:
                    45:71:f4:32:8b:0a:b8:de:7d:75:d7:d1:28:e6:95:
                    17:4d:c4:87:ad:51:1e:a4:8b:87:68:bb:52:12:60:
                    b2:43:97:e1:39:41:83:de:b4:f3:d9:be:33:67:3d:
                    b8:2e:32:b3:ea:0d:52:b0:13:d3:82:d7:c2:00:cf:
                    39:69:bf:1b:86:cf:09:da:93:a6:6e:ad:8c:24:51:
                    80:76:6f:2e:75:7f:40:a4:5e:f1:3b:80:26:86:5a:
                    d7:0f:bc:eb:c6:1a:7e:68:af:52:14:04:66:be:d2:
                    14:ff:7c:c0:2b:9b:6f:09:c7:60:7a:ed:52:78:07:
                    cd:4e:df:d6:02:ed:81:1a:f9:e0:ad:ec:b6:c5:ba:
                    c3:58:57:dd:d5:24:8e:cb:ca:36:83:48:c2:da:d1:
                    44:97:57:96:13:c4:83:9f:6f:cf:c8:4b:9d:59:20:
                    8b:28:8b:b8:fe:15:21:e1:f1:b7:52:ea:67:cc:e2:
                    73:84:f9:63:bf:43:8a:89:c5:0e:e6:81:54:c5:3d:
                    c7:92:3e:59:fc:06:83:e2:22:1f:34:53:f7:fa:e5:
                    ec:bd:13:e6:8f:a7:fd:0c:1d:7e:64:57:34:40:8c:
                    9b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:49:94:76:30:96:37:56:5E:56:E5:A9:ED:9E:83:81:59:B8:48:69
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/vkmUdjCWN1ZeVuWp7Z6DgVm4SGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.223.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7b:1b:8e:cf:49:a5:5c:49:18:ce:13:83:60:4e:1a:5f:79:78:
         b3:9b:9d:c5:d9:fa:e0:59:95:0e:29:8c:39:5f:ac:94:b9:5c:
         32:90:76:4e:e2:ce:e1:ef:90:35:b1:cf:3b:bb:4e:8e:b6:be:
         41:a2:c4:2c:3c:8b:93:3a:49:5c:aa:a3:a3:c9:e2:d2:77:13:
         28:92:f1:a4:aa:07:04:28:18:b0:89:27:3d:50:d7:5e:a1:c7:
         e0:83:73:e5:3b:78:ed:74:26:ba:05:67:5c:da:9a:a0:f3:7f:
         48:b0:ac:47:bb:8e:3a:f3:9c:88:37:f5:ec:f0:5a:cf:d1:b8:
         a1:c7:3c:e1:f9:f6:10:88:76:81:f8:18:df:7b:b1:88:18:75:
         31:69:dc:9d:a6:60:5f:b6:19:a6:47:03:95:3a:e8:99:d6:51:
         43:93:cc:a7:6e:3f:04:85:24:f1:aa:86:f4:af:23:99:b9:b1:
         24:f5:c0:e1:47:db:79:18:bb:7d:ed:94:d9:25:8d:b2:48:6d:
         20:44:ea:8c:1e:8b:15:61:af:7f:7c:35:45:fe:fe:38:c4:ff:
         4d:87:f6:85:67:58:7e:23:37:1c:30:75:43:0a:08:f5:67:c6:
         60:f7:e7:fc:a8:23:63:d4:0f:75:6a:b1:c9:5e:9f:05:a2:5b:
         ed:89:40:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj+xijqxhjo5RRWH+Gme4IiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjUwODMxMDYxNzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQ5OTQ3NjMwOTYzNzU2NWU1NmU1YTllZDllODM4MTU5Yjg0ODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySdaFdcHGXYL1u5WLvWALgp/GWvX
QgCxdprrJydFcfQyiwq43n1119Eo5pUXTcSHrVEepIuHaLtSEmCyQ5fhOUGD3rTz
2b4zZz24LjKz6g1SsBPTgtfCAM85ab8bhs8J2pOmbq2MJFGAdm8udX9ApF7xO4Am
hlrXD7zrxhp+aK9SFARmvtIU/3zAK5tvCcdgeu1SeAfNTt/WAu2BGvngrey2xbrD
WFfd1SSOy8o2g0jC2tFEl1eWE8SDn2/PyEudWSCLKIu4/hUh4fG3UupnzOJzhPlj
v0OKicUO5oFUxT3Hkj5Z/AaD4iIfNFP3+uXsvRPmj6f9DB1+ZFc0QIybPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5JlHYwljdWXlblqe2eg4FZuEhpMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvdmttVWRqQ1dOMVplVnVXcDdaNkRnVm00U0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEH9/AMA0G
CSqGSIb3DQEBCwUAA4IBAQB7G47PSaVcSRjOE4NgThpfeXizm53F2frgWZUOKYw5
X6yUuVwykHZO4s7h75A1sc87u06Otr5BosQsPIuTOklcqqOjyeLSdxMokvGkqgcE
KBiwiSc9UNdeocfgg3PlO3jtdCa6BWdc2pqg839IsKxHu44685yIN/Xs8FrP0bih
xzzh+fYQiHaB+Bjfe7GIGHUxadydpmBfthmmRwOVOuiZ1lFDk8ynbj8EhSTxqob0
ryOZubEk9cDhR9t5GLt97ZTZJY2ySG0gROqMHosVYa9/fDVF/v44xP9Nh/aFZ1h+
IzccMHVDCgj1Z8Zg9+f8qCNj1A91arHJXp8FolvtiUDj
-----END CERTIFICATE-----