Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/uSNyXYF_RYxqMWJ-BoKGvCaEc-s.roa
File:                     uSNyXYF_RYxqMWJ-BoKGvCaEc-s.roa (raw, json)
Hash identifier:          8D4dZe9H4ebN7Tqe52HwGqc+pcqAPmBIgiWk9T48LV0=
Subject key identifier:   B9:23:72:5D:81:7F:45:8C:6A:31:62:7E:06:82:86:BC:26:84:73:EB
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       0198A746B15951B94EE21F227D9B400C25B4
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/uSNyXYF_RYxqMWJ-BoKGvCaEc-s.roa
Signing time:             Thu 14 Aug 2025 06:31:24 +0000
ROA not before:           Thu 14 Aug 2025 06:31:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205441
IP address blocks:        2a03:5840:12e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:46:b1:59:51:b9:4e:e2:1f:22:7d:9b:40:0c:25:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Aug 14 06:31:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b923725d817f458c6a31627e068286bc268473eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:59:27:56:04:d9:67:12:44:b8:53:44:33:0d:
                    2b:0c:30:b5:de:df:ca:c9:16:08:cf:66:b0:7a:66:
                    48:8d:c8:f0:4e:b6:03:0c:b5:49:6d:2e:68:b6:f8:
                    d4:34:d4:42:f1:f2:bc:11:a7:13:47:27:d6:21:92:
                    23:4e:b1:cf:29:56:cf:4f:2c:c2:b1:85:05:06:e3:
                    27:05:6b:6a:fb:b9:63:f8:79:81:e2:b7:2f:7c:63:
                    6c:db:dd:55:e3:d5:a9:f0:34:c0:93:1b:f2:39:31:
                    70:0b:40:15:50:84:68:f5:76:0d:59:c2:e0:7d:1c:
                    98:1a:5a:56:ba:2d:45:1f:66:b0:37:de:5b:12:d6:
                    f6:66:96:d1:ab:9d:94:82:93:87:fe:17:ab:37:0e:
                    87:76:dd:0d:97:55:2c:40:6c:28:e4:f7:2b:71:73:
                    c6:a6:ee:92:7e:20:eb:8e:29:00:94:bf:fa:7e:6d:
                    63:95:2d:6a:95:c0:0a:08:fb:f1:57:c5:91:f5:12:
                    9b:a8:37:fd:05:69:ee:29:9f:b3:2c:bc:78:a7:0e:
                    8b:5c:50:2b:30:dd:a3:14:da:7f:60:64:10:59:dc:
                    f4:ca:6c:d4:fb:97:20:93:e7:14:79:de:d2:9f:f2:
                    fd:df:e4:80:b6:86:e1:e3:98:41:0d:6b:85:a9:1a:
                    37:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:23:72:5D:81:7F:45:8C:6A:31:62:7E:06:82:86:BC:26:84:73:EB
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/uSNyXYF_RYxqMWJ-BoKGvCaEc-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:12e::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:b8:2e:00:2b:26:60:12:43:7b:85:ac:fd:c0:e8:f9:57:61:
         48:cc:16:e2:3c:c8:4a:8f:5b:80:7a:70:4b:6b:54:da:58:6d:
         42:65:85:f2:43:3a:4a:c7:75:95:49:41:32:82:e7:af:c8:15:
         6f:59:b5:ab:47:0c:ae:cf:89:f9:31:5b:40:1b:ea:5d:b7:ca:
         ef:28:75:11:11:bf:59:05:14:0e:09:36:ac:68:f2:4b:20:f2:
         96:2f:78:32:f6:75:94:b4:7a:1a:d2:8f:c5:0f:7b:b6:c3:34:
         df:ff:8d:c7:30:a7:95:7a:fb:8f:35:72:33:76:81:ad:5e:c5:
         a7:3d:c4:de:c1:f2:e4:d6:10:62:aa:6a:18:c7:da:b9:c5:a8:
         bd:7d:a6:d9:8f:c9:14:e4:e0:55:8f:c8:72:01:73:2e:8c:94:
         cb:4b:a1:ee:f8:6e:f4:11:61:a1:83:b9:f5:af:88:18:e5:6f:
         a5:c2:47:da:51:de:55:cd:1a:52:09:80:1e:74:cc:c1:a4:b2:
         6e:e3:12:c7:e0:ef:d7:f8:f5:56:a5:7b:dc:8f:08:6a:d6:97:
         a5:10:82:d7:7e:93:e5:ce:5c:18:98:52:31:7b:44:1d:0e:41:
         df:c2:b5:f7:c4:61:64:54:38:2e:f1:62:0f:91:d1:1a:08:46:
         d2:bb:cb:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZinRrFZUblO4h8ifZtADCW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwODE0MDYzMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTIzNzI1ZDgxN2Y0NThjNmEzMTYyN2UwNjgyODZiYzI2ODQ3M2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFknVgTZZxJEuFNEMw0rDDC13t/K
yRYIz2awemZIjcjwTrYDDLVJbS5otvjUNNRC8fK8EacTRyfWIZIjTrHPKVbPTyzC
sYUFBuMnBWtq+7lj+HmB4rcvfGNs291V49Wp8DTAkxvyOTFwC0AVUIRo9XYNWcLg
fRyYGlpWui1FH2awN95bEtb2ZpbRq52UgpOH/herNw6Hdt0Nl1UsQGwo5PcrcXPG
pu6SfiDrjikAlL/6fm1jlS1qlcAKCPvxV8WR9RKbqDf9BWnuKZ+zLLx4pw6LXFAr
MN2jFNp/YGQQWdz0ymzU+5cgk+cUed7Sn/L93+SAtobh45hBDWuFqRo30wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLkjcl2Bf0WMajFifgaChrwmhHPrMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvdVNOeVhZRl9SWXhxTVdKLUJvS0d2Q2FFYy1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEu
MA0GCSqGSIb3DQEBCwUAA4IBAQA7uC4AKyZgEkN7haz9wOj5V2FIzBbiPMhKj1uA
enBLa1TaWG1CZYXyQzpKx3WVSUEyguevyBVvWbWrRwyuz4n5MVtAG+pdt8rvKHUR
Eb9ZBRQOCTasaPJLIPKWL3gy9nWUtHoa0o/FD3u2wzTf/43HMKeVevuPNXIzdoGt
XsWnPcTewfLk1hBiqmoYx9q5xai9fabZj8kU5OBVj8hyAXMujJTLS6Hu+G70EWGh
g7n1r4gY5W+lwkfaUd5VzRpSCYAedMzBpLJu4xLH4O/X+PVWpXvcjwhq1pelEILX
fpPlzlwYmFIxe0QdDkHfwrX3xGFkVDgu8WIPkdEaCEbSu8uR
-----END CERTIFICATE-----