Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/Ocy8B8GYPCZGmS9JKWpHx-7xVE0.roa
File:                     Ocy8B8GYPCZGmS9JKWpHx-7xVE0.roa (raw, json)
Hash identifier:          OAvrh5o6OA/RrTaG3tWg2tqIxQuUrrMi/BaxLjPughU=
Subject key identifier:   39:CC:BC:07:C1:98:3C:26:46:99:2F:49:29:6A:47:C7:EE:F1:54:4D
Certificate issuer:       /CN=d423a5be5e21ca460732ae48f385a3ea150a2be1
Certificate serial:       0198640800120E7DF27ECFFCB197F610E307
Authority key identifier: D4:23:A5:BE:5E:21:CA:46:07:32:AE:48:F3:85:A3:EA:15:0A:2B:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/Ocy8B8GYPCZGmS9JKWpHx-7xVE0.roa
Signing time:             Fri 01 Aug 2025 05:08:22 +0000
ROA not before:           Fri 01 Aug 2025 05:08:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        81.31.128.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:08:00:12:0e:7d:f2:7e:cf:fc:b1:97:f6:10:e3:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d423a5be5e21ca460732ae48f385a3ea150a2be1
        Validity
            Not Before: Aug  1 05:08:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39ccbc07c1983c2646992f49296a47c7eef1544d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:f8:29:da:f9:4e:20:0b:ef:72:0b:5d:a1:d9:
                    fd:9d:d9:94:c1:a1:f4:48:64:98:db:39:e9:68:25:
                    2b:77:9a:50:c0:62:39:bb:94:cb:77:32:89:00:76:
                    58:81:4c:19:e7:ff:e3:b7:52:15:de:9c:18:d1:19:
                    3e:70:88:c6:25:5e:d1:c3:00:ab:e2:4d:1f:a5:e7:
                    03:9d:93:85:a3:4d:09:70:0b:18:56:2d:7b:e8:4a:
                    b0:8c:96:4f:65:87:31:99:9b:62:cc:88:8b:2e:e3:
                    fc:42:a7:4f:99:c1:b3:b2:78:06:11:cf:3b:fa:ec:
                    dd:32:a3:16:ee:34:19:fd:74:3f:7a:ff:fa:f5:04:
                    ef:be:18:17:c6:dd:86:8a:6f:51:01:07:76:0f:22:
                    63:c0:e3:66:77:62:58:80:06:81:79:d0:ec:91:d5:
                    8b:a6:21:c3:a0:5a:89:af:89:c0:6e:1a:13:ed:5c:
                    62:93:53:51:30:3d:1c:03:02:2e:78:e1:66:96:54:
                    6b:67:ab:04:73:c4:ca:fd:95:32:b0:20:79:b9:8a:
                    85:25:66:17:07:35:9e:5c:77:55:5e:be:e0:79:e9:
                    bf:bf:b6:97:a8:f5:64:0d:f5:00:88:55:b1:68:6b:
                    2b:46:5b:81:99:83:03:b9:f7:ca:67:c5:b1:f8:23:
                    26:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:CC:BC:07:C1:98:3C:26:46:99:2F:49:29:6A:47:C7:EE:F1:54:4D
            X509v3 Authority Key Identifier:
                keyid:D4:23:A5:BE:5E:21:CA:46:07:32:AE:48:F3:85:A3:EA:15:0A:2B:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/Ocy8B8GYPCZGmS9JKWpHx-7xVE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3d:88:c9:26:6a:55:d4:c4:d4:31:0f:c3:a3:0b:60:dd:5e:d7:
         d1:b6:6b:1f:c3:fc:7e:0b:8b:3d:6a:bf:ef:d9:84:01:7e:14:
         a2:ba:85:68:4f:80:88:18:6e:f1:21:bd:25:55:34:70:1d:57:
         27:ee:82:9c:5d:29:9f:95:0c:6c:fe:11:38:2d:e5:9f:9c:2f:
         86:13:39:3a:29:59:cb:b4:04:7b:ec:10:3b:a6:13:22:e1:40:
         52:27:6c:60:1f:bd:47:06:2e:53:d9:7f:20:c8:ef:7f:1c:b4:
         25:bb:ae:98:d8:7d:ed:71:a8:04:3f:68:21:29:32:cc:0a:d7:
         51:cf:29:64:dc:c5:9c:04:af:57:1c:d3:fb:a6:d4:5b:74:7e:
         55:b5:c3:d7:32:ff:ad:b6:37:2c:90:53:03:59:b2:f2:a3:60:
         b4:c3:5f:b6:3a:4e:ff:e9:5f:01:07:04:2d:dd:b0:2e:a1:63:
         7f:78:21:d8:49:f1:3a:34:8b:59:47:42:e7:58:56:ce:36:85:
         73:1d:7a:2c:30:34:cf:b5:1c:22:d8:30:06:c7:32:84:d1:95:
         23:2c:7f:fc:fa:16:80:55:d1:08:7f:0b:33:b5:9d:96:0b:73:
         5c:75:52:c8:49:fe:70:5b:1f:19:a5:1a:c1:4e:ac:6f:c6:ce:
         b3:7b:e0:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhkCAASDn3yfs/8sZf2EOMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MjNhNWJlNWUyMWNhNDYwNzMyYWU0OGYzODVhM2VhMTUw
YTJiZTEwHhcNMjUwODAxMDUwODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWNjYmMwN2MxOTgzYzI2NDY5OTJmNDkyOTZhNDdjN2VlZjE1NDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7vgp2vlOIAvvcgtdodn9ndmUwaH0
SGSY2znpaCUrd5pQwGI5u5TLdzKJAHZYgUwZ5//jt1IV3pwY0Rk+cIjGJV7RwwCr
4k0fpecDnZOFo00JcAsYVi176EqwjJZPZYcxmZtizIiLLuP8QqdPmcGzsngGEc87
+uzdMqMW7jQZ/XQ/ev/69QTvvhgXxt2Gim9RAQd2DyJjwONmd2JYgAaBedDskdWL
piHDoFqJr4nAbhoT7Vxik1NRMD0cAwIueOFmllRrZ6sEc8TK/ZUysCB5uYqFJWYX
BzWeXHdVXr7geem/v7aXqPVkDfUAiFWxaGsrRluBmYMDuffKZ8Wx+CMmCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnMvAfBmDwmRpkvSSlqR8fu8VRNMB8GA1UdIwQY
MBaAFNQjpb5eIcpGBzKuSPOFo+oVCivhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUNPbHZsNGh5a1lITXE1STg0V2o2aFVLSy1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hM2UzYmItZmQ5Zi00MDQyLWIyY2It
ZDk0NzY2NjU3NTVhLzEvT2N5OEI4R1lQQ1pHbVM5SktXcEh4LTd4VkUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hM2UzYmItZmQ5Zi00MDQyLWIyY2ItZDk0NzY2NjU3NTVh
LzEvMUNPbHZsNGh5a1lITXE1STg0V2o2aFVLSy1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUR+AMA0G
CSqGSIb3DQEBCwUAA4IBAQA9iMkmalXUxNQxD8OjC2DdXtfRtmsfw/x+C4s9ar/v
2YQBfhSiuoVoT4CIGG7xIb0lVTRwHVcn7oKcXSmflQxs/hE4LeWfnC+GEzk6KVnL
tAR77BA7phMi4UBSJ2xgH71HBi5T2X8gyO9/HLQlu66Y2H3tcagEP2ghKTLMCtdR
zylk3MWcBK9XHNP7ptRbdH5VtcPXMv+ttjcskFMDWbLyo2C0w1+2Ok7/6V8BBwQt
3bAuoWN/eCHYSfE6NItZR0LnWFbONoVzHXosMDTPtRwi2DAGxzKE0ZUjLH/8+haA
VdEIfwsztZ2WC3NcdVLISf5wWx8ZpRrBTqxvxs6ze+B4
-----END CERTIFICATE-----