Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/r8-SUFWAg2vcESn0sctzbA8FPI0.roa
File:                     r8-SUFWAg2vcESn0sctzbA8FPI0.roa (raw, json)
Hash identifier:          MKE5QhXy4sl46VybpUvHUfihk+xWiIZVC9/Kv/CScvM=
Subject key identifier:   AF:CF:92:50:55:80:83:6B:DC:11:29:F4:B1:CB:73:6C:0F:05:3C:8D
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0199F2451A4F5BA1880AA0E23639D56816F9
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/r8-SUFWAg2vcESn0sctzbA8FPI0.roa
Signing time:             Fri 17 Oct 2025 13:03:58 +0000
ROA not before:           Fri 17 Oct 2025 13:03:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202
IP address blocks:        157.25.130.0/23 maxlen: 23
                          157.25.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:45:1a:4f:5b:a1:88:0a:a0:e2:36:39:d5:68:16:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Oct 17 13:03:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afcf92505580836bdc1129f4b1cb736c0f053c8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:06:ed:2f:f3:ad:bb:f9:18:e5:25:6e:46:b3:
                    da:e3:0c:35:4d:93:8f:e2:57:3b:3d:39:e1:2e:3a:
                    1d:e6:9a:40:71:fd:4c:e5:8c:5f:90:57:d7:d2:36:
                    00:6e:bc:b7:80:04:35:34:9a:46:98:92:64:67:04:
                    6e:8e:d7:7d:2d:14:55:bd:e4:fb:45:cc:6e:57:3c:
                    29:40:8e:d0:ed:d2:64:52:78:48:7e:9c:68:f9:0c:
                    3d:69:7d:18:3e:14:4d:81:7b:b2:20:02:37:a9:20:
                    64:af:da:57:00:bc:d3:80:9d:a2:a7:e3:16:69:be:
                    cd:ac:88:e7:9c:fe:e1:ca:bc:8c:ff:df:94:85:a2:
                    60:85:36:cb:da:c4:85:fc:e3:17:ea:03:12:63:16:
                    b2:0c:c3:58:f9:2e:cf:3f:35:60:8f:c1:e1:6d:dd:
                    1b:8e:56:c0:1e:3e:f6:e1:1b:e5:7c:fc:b1:e8:83:
                    f2:b5:31:fe:f2:55:47:21:f6:da:52:76:09:c3:18:
                    cb:38:8e:7f:74:26:09:ea:12:45:7c:0a:59:bb:87:
                    d6:f3:27:5c:d0:44:dc:fd:af:ad:5b:28:08:e6:90:
                    ad:c9:5c:b9:74:c0:38:7a:09:5b:ce:f1:bf:80:38:
                    2c:f6:83:3b:c1:54:9f:e6:9f:2c:3b:ed:07:5d:2e:
                    da:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:CF:92:50:55:80:83:6B:DC:11:29:F4:B1:CB:73:6C:0F:05:3C:8D
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/r8-SUFWAg2vcESn0sctzbA8FPI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.130.0/23
                  157.25.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:a3:eb:23:8b:74:54:71:6c:9f:5c:c6:58:59:f9:bd:f4:66:
         4e:95:99:1b:41:b0:6c:a1:cd:22:99:e1:ce:29:2d:41:52:be:
         47:e9:39:c4:a6:5a:14:c5:c1:a8:02:83:e0:d7:fe:e6:f4:a5:
         a3:7f:16:1e:8d:38:d1:f3:fe:3d:d3:a7:9a:26:4f:62:d1:99:
         a5:67:bf:7a:14:61:ac:59:2c:87:1f:cc:53:15:f4:d8:9f:02:
         96:a7:b7:df:b9:1b:cd:e9:c3:38:6f:d3:3a:db:53:15:75:a9:
         15:5a:eb:90:03:4c:4a:06:7a:ad:24:3c:55:33:b6:5c:99:c5:
         0d:a4:0e:62:17:8d:00:0c:d3:9a:5e:a4:f6:5d:ec:ab:e2:14:
         3e:8b:e4:0c:dd:9a:95:d5:a9:b8:97:a8:c8:80:8c:22:8a:07:
         8e:ca:40:a8:52:11:27:f1:54:57:a0:48:16:28:e3:0f:5e:80:
         70:3e:ae:de:44:30:a2:73:c5:a7:11:77:dd:60:ba:4e:c8:94:
         24:06:0d:8f:90:87:ac:aa:12:26:71:52:20:58:90:31:c5:74:
         2a:88:2f:d1:d9:93:c1:bf:29:a8:e0:05:0b:5a:5f:04:e7:ee:
         f9:22:2e:a8:be:a3:2f:4c:67:ac:aa:c1:e5:ad:b6:2b:f8:83:
         63:df:a5:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnyRRpPW6GICqDiNjnVaBb5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUxMDE3MTMwMzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmNmOTI1MDU1ODA4MzZiZGMxMTI5ZjRiMWNiNzM2YzBmMDUzYzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQbtL/Otu/kY5SVuRrPa4ww1TZOP
4lc7PTnhLjod5ppAcf1M5YxfkFfX0jYAbry3gAQ1NJpGmJJkZwRujtd9LRRVveT7
RcxuVzwpQI7Q7dJkUnhIfpxo+Qw9aX0YPhRNgXuyIAI3qSBkr9pXALzTgJ2ip+MW
ab7NrIjnnP7hyryM/9+UhaJghTbL2sSF/OMX6gMSYxayDMNY+S7PPzVgj8Hhbd0b
jlbAHj724RvlfPyx6IPytTH+8lVHIfbaUnYJwxjLOI5/dCYJ6hJFfApZu4fW8ydc
0ETc/a+tWygI5pCtyVy5dMA4eglbzvG/gDgs9oM7wVSf5p8sO+0HXS7aYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK/PklBVgINr3BEp9LHLc2wPBTyNMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvcjgtU1VGV0FnMnZjRVNuMHNjdHpiQThGUEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBnRmCAwQB
nRmuMA0GCSqGSIb3DQEBCwUAA4IBAQAgo+sji3RUcWyfXMZYWfm99GZOlZkbQbBs
oc0imeHOKS1BUr5H6TnEploUxcGoAoPg1/7m9KWjfxYejTjR8/4906eaJk9i0Zml
Z796FGGsWSyHH8xTFfTYnwKWp7ffuRvN6cM4b9M621MVdakVWuuQA0xKBnqtJDxV
M7ZcmcUNpA5iF40ADNOaXqT2Xeyr4hQ+i+QM3ZqV1am4l6jIgIwiigeOykCoUhEn
8VRXoEgWKOMPXoBwPq7eRDCic8WnEXfdYLpOyJQkBg2PkIesqhImcVIgWJAxxXQq
iC/R2ZPBvymo4AULWl8E5+75Ii6ovqMvTGesqsHlrbYr+INj36UQ
-----END CERTIFICATE-----