Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/v9lM91P1idR-q5WGFRllSK3OLJM.roa
File:                     v9lM91P1idR-q5WGFRllSK3OLJM.roa (raw, json)
Hash identifier:          Vxga4piV/GwmOwpyWysuavcnaFm7PoUzawpMALs6i8A=
Subject key identifier:   BF:D9:4C:F7:53:F5:89:D4:7E:AB:95:86:15:19:65:48:AD:CE:2C:93
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0198563A2ACBD9CEE97F4591DC4C64322D76
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/v9lM91P1idR-q5WGFRllSK3OLJM.roa
Signing time:             Tue 29 Jul 2025 12:48:29 +0000
ROA not before:           Tue 29 Jul 2025 12:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        103.73.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:3a:2a:cb:d9:ce:e9:7f:45:91:dc:4c:64:32:2d:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jul 29 12:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfd94cf753f589d47eab958615196548adce2c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:75:7a:6b:65:7a:b2:e5:f7:be:9f:dd:e3:83:
                    5d:4a:ba:ef:c2:75:6e:7c:c7:50:97:27:e5:ae:a3:
                    c6:b2:10:99:43:27:3c:cb:79:b9:25:0c:fe:57:ec:
                    72:b2:b4:f7:2a:29:da:31:a1:36:13:cf:d1:9a:ef:
                    4d:6b:97:f0:40:93:d6:b4:22:c4:1c:3b:58:a2:c8:
                    ac:f5:14:72:13:d8:f4:75:3f:86:f2:bc:99:d4:ba:
                    66:9f:0e:75:92:fc:2a:d1:39:2b:1d:fb:b2:9f:c8:
                    fa:eb:e6:86:9e:05:81:64:2f:59:dc:c7:a5:2d:c2:
                    1e:1e:5b:38:bd:38:0f:57:c0:dc:16:9e:c8:8a:5f:
                    bd:10:51:1f:ef:1b:28:06:d9:51:1f:b0:c2:26:65:
                    16:96:73:9a:5d:b0:f4:91:39:c8:91:6d:bb:ab:76:
                    28:02:8e:64:fc:96:b7:d6:3c:2b:0b:8b:10:60:83:
                    1f:ad:12:c4:30:21:71:32:b0:79:01:22:e7:ba:9b:
                    89:b7:20:67:6c:7c:60:fd:86:04:99:2b:fc:6e:d4:
                    39:e3:15:10:a7:7b:0c:37:e4:26:3a:47:c6:f6:2a:
                    44:b7:87:d9:1f:c9:d1:64:0a:a5:ea:22:c4:eb:82:
                    45:bf:f0:de:3d:d6:b0:a4:db:e0:79:29:22:65:24:
                    f0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D9:4C:F7:53:F5:89:D4:7E:AB:95:86:15:19:65:48:AD:CE:2C:93
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/v9lM91P1idR-q5WGFRllSK3OLJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.73.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:2f:22:01:0b:97:b5:2d:28:f2:46:cf:c9:ed:fe:d0:9f:4d:
         fd:9b:cb:67:72:41:ac:3f:f1:3d:31:b8:ee:12:06:90:88:15:
         3a:65:c6:50:10:8b:d3:2e:8c:1c:b5:69:c9:c1:3c:71:ce:92:
         0e:95:57:1b:91:83:42:41:f8:3d:bf:92:50:0f:87:e8:85:99:
         24:ce:7f:a1:1e:b4:6d:50:71:d3:8e:96:70:d0:cb:44:a4:45:
         cf:4f:39:ad:d2:93:30:ff:ef:b5:17:17:98:7a:ba:5f:5f:cc:
         a7:ee:13:b6:6b:37:15:e4:2e:34:85:c0:d1:f7:b3:2b:db:8d:
         55:c7:e8:6a:8a:c5:2f:89:79:a2:54:56:08:be:9f:7f:33:fc:
         7b:c4:86:9a:5c:2f:21:19:fc:d8:6e:a2:e4:4e:9b:b2:ff:df:
         c3:94:c9:40:bb:04:ee:f0:1b:3d:3f:27:f3:65:37:01:3e:2a:
         04:0f:7c:eb:81:a6:2c:1b:2d:15:78:fe:8e:ed:6c:df:66:08:
         de:ea:f6:1e:32:e2:0f:e5:29:7f:34:3d:a9:38:8c:25:57:22:
         30:d3:a9:e4:92:81:b7:02:52:20:17:1e:13:32:70:a1:b1:bc:
         07:85:e5:9a:3c:a2:58:2c:0d:58:96:d7:2c:f1:b1:50:2d:86:
         6a:15:ce:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhWOirL2c7pf0WR3ExkMi12MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNzI5MTI0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQ5NGNmNzUzZjU4OWQ0N2VhYjk1ODYxNTE5NjU0OGFkY2UyYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXV6a2V6suX3vp/d44NdSrrvwnVu
fMdQlyflrqPGshCZQyc8y3m5JQz+V+xysrT3KinaMaE2E8/Rmu9Na5fwQJPWtCLE
HDtYosis9RRyE9j0dT+G8ryZ1Lpmnw51kvwq0TkrHfuyn8j66+aGngWBZC9Z3Mel
LcIeHls4vTgPV8DcFp7Iil+9EFEf7xsoBtlRH7DCJmUWlnOaXbD0kTnIkW27q3Yo
Ao5k/Ja31jwrC4sQYIMfrRLEMCFxMrB5ASLnupuJtyBnbHxg/YYEmSv8btQ54xUQ
p3sMN+QmOkfG9ipEt4fZH8nRZAql6iLE64JFv/DePdawpNvgeSkiZSTwEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/ZTPdT9YnUfquVhhUZZUitziyTMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvdjlsTTkxUDFpZFItcTVXR0ZSbGxTSzNPTEpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0kjMA0G
CSqGSIb3DQEBCwUAA4IBAQCKLyIBC5e1LSjyRs/J7f7Qn039m8tnckGsP/E9Mbju
EgaQiBU6ZcZQEIvTLowctWnJwTxxzpIOlVcbkYNCQfg9v5JQD4fohZkkzn+hHrRt
UHHTjpZw0MtEpEXPTzmt0pMw/++1FxeYerpfX8yn7hO2azcV5C40hcDR97Mr241V
x+hqisUviXmiVFYIvp9/M/x7xIaaXC8hGfzYbqLkTpuy/9/DlMlAuwTu8Bs9Pyfz
ZTcBPioED3zrgaYsGy0VeP6O7WzfZgje6vYeMuIP5Sl/ND2pOIwlVyIw06nkkoG3
AlIgFx4TMnChsbwHheWaPKJYLA1Yltcs8bFQLYZqFc45
-----END CERTIFICATE-----