Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/_Kt_ylx952g7HZhxMZibU4U_S9U.roa
File:                     _Kt_ylx952g7HZhxMZibU4U_S9U.roa (raw, json)
Hash identifier:          BRXKGTpDPGrVqoVy2fXV55G1/RGVRY4TQXSqB3YxXnw=
Subject key identifier:   FC:AB:7F:CA:5C:7D:E7:68:3B:1D:98:71:31:98:9B:53:85:3F:4B:D5
Certificate issuer:       /CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
Certificate serial:       01988499F82F9BFEB23073C36774407DB197
Authority key identifier: DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/_Kt_ylx952g7HZhxMZibU4U_S9U.roa
Signing time:             Thu 07 Aug 2025 12:55:39 +0000
ROA not before:           Thu 07 Aug 2025 12:55:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57903
IP address blocks:        213.109.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:84:99:f8:2f:9b:fe:b2:30:73:c3:67:74:40:7d:b1:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
        Validity
            Not Before: Aug  7 12:55:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcab7fca5c7de7683b1d987131989b53853f4bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a3:18:9c:5f:f0:2a:8e:a5:21:1d:ae:bb:1a:
                    b0:b0:75:53:b0:cd:22:f4:c8:e8:48:33:f6:00:28:
                    87:53:bf:cb:af:d6:92:60:b8:00:4c:cd:b3:0b:d7:
                    32:50:cc:6e:c5:5a:bb:d0:cc:83:bf:7b:e1:91:9c:
                    44:15:db:c5:94:1d:61:1c:91:ed:1f:b7:79:07:66:
                    91:f2:4c:cf:dd:2a:e9:d5:89:53:67:ec:73:d2:b1:
                    9f:b7:dc:39:e1:f0:23:5e:52:51:9c:ce:db:48:37:
                    63:da:15:72:2d:90:14:49:c2:17:94:ad:a4:72:55:
                    9d:9d:d9:c1:04:81:74:1a:71:d6:eb:67:ba:d2:71:
                    51:73:0c:d9:9a:87:a7:ee:57:94:14:f5:2a:28:8c:
                    83:30:00:a9:6c:02:a2:52:25:e0:ff:e7:ea:1d:e2:
                    61:37:9b:40:e7:de:54:92:bb:ce:71:ab:e7:d7:dc:
                    fe:d8:60:93:9a:35:96:30:a7:f1:a0:3d:28:da:c2:
                    27:d8:6c:8f:7b:76:c0:10:f7:97:2b:7b:cd:70:32:
                    9d:72:06:59:08:15:80:58:13:b1:93:73:ff:5b:83:
                    8a:9d:fd:e7:7e:3e:d6:49:bd:c5:b0:cf:93:6a:50:
                    c7:d8:1e:45:d4:39:36:21:a6:e6:dc:40:34:e2:c1:
                    86:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:AB:7F:CA:5C:7D:E7:68:3B:1D:98:71:31:98:9B:53:85:3F:4B:D5
            X509v3 Authority Key Identifier:
                keyid:DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/_Kt_ylx952g7HZhxMZibU4U_S9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:66:d1:f3:ae:b8:11:b4:0a:73:59:66:f2:cd:ed:f7:c8:da:
         5e:c9:65:db:12:4f:54:c2:c4:2c:ca:87:88:71:dd:30:23:42:
         d4:c2:95:ee:75:c8:7e:0e:70:6d:67:d6:8a:5a:02:82:48:e5:
         a0:62:65:4c:cf:c2:f5:47:bb:fd:44:a6:7c:6f:fb:c5:15:a6:
         c5:21:06:d0:d5:9f:63:b7:b6:f9:f2:a2:cf:e8:c8:ed:ea:ff:
         26:ac:40:78:43:8a:ad:ed:07:16:4f:92:9b:8b:47:bc:47:88:
         ae:4b:6b:67:bc:1c:59:6e:1c:96:8e:24:1c:52:ed:c0:5b:90:
         c8:fb:6c:f0:aa:6b:08:40:02:8a:e1:f2:52:7c:32:13:cc:74:
         f6:f3:78:7a:28:62:c8:48:82:8d:84:53:b4:eb:47:59:18:0b:
         83:85:37:de:e7:7f:61:7a:c6:9b:0d:cb:ab:ff:b6:3c:a2:9e:
         d0:c3:82:3a:e3:5e:4e:83:4b:c2:5b:4d:5b:30:03:a3:f4:59:
         97:20:1a:17:64:72:5d:f7:d8:91:af:fb:10:f9:30:08:54:43:
         9d:5d:0d:84:3e:04:50:2c:30:5a:81:81:8c:a1:38:4a:d3:28:
         80:e7:61:21:79:97:b3:17:2e:04:3a:6d:b5:f3:84:fd:88:e3:
         a6:94:ad:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiEmfgvm/6yMHPDZ3RAfbGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNzI1YzRkMDk1M2U3ZWNmNDZmMzdlMTRmY2ExNGZkMDlh
MTJkMTYwHhcNMjUwODA3MTI1NTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2FiN2ZjYTVjN2RlNzY4M2IxZDk4NzEzMTk4OWI1Mzg1M2Y0YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaMYnF/wKo6lIR2uuxqwsHVTsM0i
9MjoSDP2ACiHU7/Lr9aSYLgATM2zC9cyUMxuxVq70MyDv3vhkZxEFdvFlB1hHJHt
H7d5B2aR8kzP3Srp1YlTZ+xz0rGft9w54fAjXlJRnM7bSDdj2hVyLZAUScIXlK2k
clWdndnBBIF0GnHW62e60nFRcwzZmoen7leUFPUqKIyDMACpbAKiUiXg/+fqHeJh
N5tA595UkrvOcavn19z+2GCTmjWWMKfxoD0o2sIn2GyPe3bAEPeXK3vNcDKdcgZZ
CBWAWBOxk3P/W4OKnf3nfj7WSb3FsM+TalDH2B5F1Dk2Iabm3EA04sGGkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyrf8pcfedoOx2YcTGYm1OFP0vVMB8GA1UdIwQY
MBaAFN1yXE0JU+fs9G834U/KFP0JoS0WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYt
OGYyMGNiNzM0NDg4LzEvX0t0X3lseDk1Mmc3SFpoeE1aaWJVNFVfUzlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYtOGYyMGNiNzM0NDg4
LzEvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1W00MA0G
CSqGSIb3DQEBCwUAA4IBAQBJZtHzrrgRtApzWWbyze33yNpeyWXbEk9UwsQsyoeI
cd0wI0LUwpXudch+DnBtZ9aKWgKCSOWgYmVMz8L1R7v9RKZ8b/vFFabFIQbQ1Z9j
t7b58qLP6Mjt6v8mrEB4Q4qt7QcWT5Kbi0e8R4iuS2tnvBxZbhyWjiQcUu3AW5DI
+2zwqmsIQAKK4fJSfDITzHT283h6KGLISIKNhFO060dZGAuDhTfe539hesabDcur
/7Y8op7Qw4I6415Og0vCW01bMAOj9FmXIBoXZHJd99iRr/sQ+TAIVEOdXQ2EPgRQ
LDBagYGMoThK0yiA52EheZezFy4EOm2184T9iOOmlK2o
-----END CERTIFICATE-----