Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/hE1OEcZdiVTXtSCGk4RAwE5PqIY.roa
File:                     hE1OEcZdiVTXtSCGk4RAwE5PqIY.roa (raw, json)
Hash identifier:          6zzQx71jmNb7/isSS16zRdFvGPrC7dR2HDMdKb/fg/o=
Subject key identifier:   84:4D:4E:11:C6:5D:89:54:D7:B5:20:86:93:84:40:C0:4E:4F:A8:86
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       01982DD625545B62273533D8A0C3EF73ED5E
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/hE1OEcZdiVTXtSCGk4RAwE5PqIY.roa
Signing time:             Mon 21 Jul 2025 16:34:25 +0000
ROA not before:           Mon 21 Jul 2025 16:34:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142113
IP address blocks:        2a12:6c41::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:d6:25:54:5b:62:27:35:33:d8:a0:c3:ef:73:ed:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Jul 21 16:34:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=844d4e11c65d8954d7b52086938440c04e4fa886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:80:df:bc:18:89:37:1b:b2:fd:a7:e7:a1:d5:
                    27:ea:e1:1a:e9:fd:bb:b1:6b:a0:21:1e:cc:f5:03:
                    6c:d0:8c:b4:01:85:c6:04:4f:0e:83:20:1b:d6:78:
                    8a:ba:01:33:ef:6e:f6:af:8f:07:50:88:a1:03:07:
                    dc:82:49:7a:ed:cd:20:4b:d7:65:86:ad:6a:4c:e9:
                    d5:6c:d5:16:2a:4b:1c:9e:86:80:6a:e7:f6:66:62:
                    fa:f2:49:10:ff:61:a8:8a:d6:11:df:28:88:3b:bc:
                    f3:fe:a2:d2:8c:bc:87:c3:9c:a9:49:85:2d:38:f9:
                    9c:c0:94:11:2c:c3:be:c2:98:3e:cc:93:e1:4b:b4:
                    7f:da:34:34:6c:f4:1f:eb:df:62:d1:cf:77:71:b6:
                    5a:29:25:2c:ef:f4:db:5b:a3:24:00:48:ed:00:77:
                    fa:22:45:7a:c8:3c:2e:9f:d6:2d:33:f2:f7:05:50:
                    d9:c7:02:d4:76:01:f3:28:81:ec:e2:3e:d0:b2:f6:
                    88:2c:fe:fc:e8:49:ad:08:de:bb:da:70:70:66:df:
                    64:a3:0e:13:35:fb:77:21:28:60:e1:6b:66:83:9f:
                    bf:3b:ce:08:1d:e9:1b:82:c3:a9:53:69:6c:2a:5d:
                    3f:2b:87:2a:47:84:9f:e2:37:e1:27:f2:7e:fa:e9:
                    22:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:4D:4E:11:C6:5D:89:54:D7:B5:20:86:93:84:40:C0:4E:4F:A8:86
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/hE1OEcZdiVTXtSCGk4RAwE5PqIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:6c41::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:cd:36:3f:05:a9:50:91:8a:44:71:f7:78:cf:69:91:d2:a0:
         1f:84:66:72:06:96:98:a3:fa:c7:ba:63:dd:8d:61:e5:b6:48:
         96:5a:62:f1:f4:36:09:35:d2:5f:61:c8:58:ec:7a:e1:6b:09:
         a5:9f:21:fd:e5:d5:33:71:f3:7e:f9:83:92:29:12:2a:c2:13:
         1d:91:e0:bf:15:16:42:75:02:c7:88:d3:42:80:cd:15:16:03:
         a2:44:69:a0:cc:a4:48:5e:fa:78:10:0f:0a:37:1a:92:b2:76:
         7a:43:1b:76:e6:58:ef:66:fa:ec:32:43:c8:0d:2a:03:86:92:
         e7:61:cf:99:91:fb:94:56:87:0d:88:ad:23:53:e4:b3:fc:9e:
         22:c6:b8:48:1b:0c:6a:80:a6:4a:cf:e2:35:1e:ea:9a:6b:87:
         07:66:b4:70:10:57:fa:53:b6:7a:b6:37:88:40:aa:71:ad:96:
         fc:b2:ec:cf:4c:42:4e:ac:86:e4:96:8b:bf:4d:04:59:35:94:
         e2:0d:8f:03:61:5f:95:f8:8e:a8:ca:ba:02:e5:92:b1:ba:79:
         1d:81:b3:e1:d6:12:37:01:c7:0d:cf:90:cc:ef:c5:e1:0b:ea:
         75:63:13:82:27:4d:c9:06:f1:73:79:43:23:ab:94:41:51:4d:
         e1:fb:dc:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgt1iVUW2InNTPYoMPvc+1eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwNzIxMTYzNDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDRkNGUxMWM2NWQ4OTU0ZDdiNTIwODY5Mzg0NDBjMDRlNGZhODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIDfvBiJNxuy/afnodUn6uEa6f27
sWugIR7M9QNs0Iy0AYXGBE8OgyAb1niKugEz7272r48HUIihAwfcgkl67c0gS9dl
hq1qTOnVbNUWKkscnoaAauf2ZmL68kkQ/2GoitYR3yiIO7zz/qLSjLyHw5ypSYUt
OPmcwJQRLMO+wpg+zJPhS7R/2jQ0bPQf699i0c93cbZaKSUs7/TbW6MkAEjtAHf6
IkV6yDwun9YtM/L3BVDZxwLUdgHzKIHs4j7QsvaILP786EmtCN672nBwZt9kow4T
Nft3IShg4Wtmg5+/O84IHekbgsOpU2lsKl0/K4cqR4Sf4jfhJ/J++ukiGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIRNThHGXYlU17UghpOEQMBOT6iGMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvaEUxT0VjWmRpVlRYdFNDR2s0UkF3RTVQcUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJsQTAN
BgkqhkiG9w0BAQsFAAOCAQEATc02PwWpUJGKRHH3eM9pkdKgH4RmcgaWmKP6x7pj
3Y1h5bZIllpi8fQ2CTXSX2HIWOx64WsJpZ8h/eXVM3HzfvmDkikSKsITHZHgvxUW
QnUCx4jTQoDNFRYDokRpoMykSF76eBAPCjcakrJ2ekMbduZY72b67DJDyA0qA4aS
52HPmZH7lFaHDYitI1Pks/yeIsa4SBsMaoCmSs/iNR7qmmuHB2a0cBBX+lO2erY3
iECqca2W/LLsz0xCTqyG5JaLv00EWTWU4g2PA2FflfiOqMq6AuWSsbp5HYGz4dYS
NwHHDc+QzO/F4QvqdWMTgidNyQbxc3lDI6uUQVFN4fvc1w==
-----END CERTIFICATE-----