Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/ih1LP2cGqlVQHikYpwL2pIG0XVM.roa
File:                     ih1LP2cGqlVQHikYpwL2pIG0XVM.roa (raw, json)
Hash identifier:          h6zo3/SLfHjtag1fEwxOU+/Ets25J7YE06oH4c+p1oU=
Subject key identifier:   8A:1D:4B:3F:67:06:AA:55:50:1E:29:18:A7:02:F6:A4:81:B4:5D:53
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       01980E6BE7A2B9E6590959E43186A34B9506
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/ih1LP2cGqlVQHikYpwL2pIG0XVM.roa
Signing time:             Tue 15 Jul 2025 14:10:09 +0000
ROA not before:           Tue 15 Jul 2025 14:10:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207901
IP address blocks:        2a03:5840:127::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0e:6b:e7:a2:b9:e6:59:09:59:e4:31:86:a3:4b:95:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jul 15 14:10:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a1d4b3f6706aa55501e2918a702f6a481b45d53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ed:10:9e:0d:f2:6d:16:68:58:0d:03:7e:e7:
                    3d:b9:26:f5:7a:76:15:28:8c:25:78:56:ee:a5:e1:
                    9a:3c:df:14:9e:04:a0:52:50:b9:cc:22:40:7b:21:
                    9c:03:f8:ae:00:49:aa:1e:00:a2:1b:77:3a:7e:0d:
                    47:bd:da:2d:f9:1c:74:9d:c0:1a:d4:b1:28:4e:2e:
                    19:b1:1b:d7:d4:98:95:ba:b8:53:c4:6d:a1:e6:08:
                    92:b7:a7:4e:db:bf:7e:0a:b5:b2:f2:2c:11:d1:87:
                    ed:d6:64:58:b7:c8:53:11:d7:68:67:bb:f9:0f:81:
                    4f:b6:bb:94:bf:72:d2:40:ac:b2:f3:e4:ae:9f:33:
                    0f:c2:72:06:8a:e4:5f:79:5a:7c:0c:c3:55:2f:dd:
                    82:93:68:24:e0:da:b0:67:24:9b:53:2a:27:3c:90:
                    b4:e0:2d:96:2d:68:ed:ba:ea:44:16:12:fb:db:8b:
                    db:80:e9:e2:c5:51:12:41:41:17:3d:d4:ff:87:4f:
                    04:c3:81:c9:3f:4a:b8:d4:31:2c:52:a0:c9:6d:38:
                    19:15:f3:77:4b:e9:e4:5c:67:ab:5f:a4:70:d8:97:
                    92:54:e2:d6:f7:2b:6a:18:58:f4:6b:e4:62:4f:b8:
                    77:51:60:32:72:46:d8:d5:d4:ae:21:5e:01:6f:5c:
                    ce:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:1D:4B:3F:67:06:AA:55:50:1E:29:18:A7:02:F6:A4:81:B4:5D:53
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/ih1LP2cGqlVQHikYpwL2pIG0XVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:127::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:cd:cc:dc:37:00:a9:98:a0:cd:d7:9a:94:84:87:c8:d9:61:
         55:c0:65:c1:c1:51:fc:a5:90:59:37:ad:b4:24:c9:68:6f:2e:
         99:28:d1:27:e6:d2:9f:92:0b:1d:8e:da:e7:a7:61:bd:28:62:
         d3:75:1b:81:f6:49:95:68:dd:01:41:33:25:2e:2d:b7:da:83:
         61:69:38:67:7c:9e:79:68:41:0c:92:57:92:04:99:c5:6a:ab:
         58:92:ea:ed:b7:a1:78:c3:e3:10:dd:77:c2:26:92:ff:a1:bb:
         b1:ce:6a:64:08:28:17:ab:7b:31:e6:df:bb:cd:c4:b5:b1:5c:
         8a:00:c9:42:c3:73:5b:c4:cf:c8:42:b3:ac:e9:43:71:3e:08:
         04:7b:7d:fe:9c:d0:8d:48:93:ab:31:b2:e2:70:45:a2:91:45:
         de:62:13:e2:78:bb:8a:3f:25:00:86:83:76:34:8f:17:b1:a4:
         2b:5f:cc:9e:97:0e:4e:44:10:2d:55:bd:4b:cf:61:fd:8d:2f:
         7b:7e:c8:7e:ab:17:c2:28:fa:48:f4:bc:10:1b:41:cb:34:ac:
         76:ab:c0:c8:9c:2b:3a:3e:85:22:4e:f5:4c:42:b0:97:76:ff:
         3d:66:ed:e6:d8:9e:64:50:ce:7b:5f:d5:13:6b:1b:a5:cf:64:
         f6:1d:8e:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgOa+eiueZZCVnkMYajS5UGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwNzE1MTQxMDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTFkNGIzZjY3MDZhYTU1NTAxZTI5MThhNzAyZjZhNDgxYjQ1ZDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkO0Qng3ybRZoWA0Dfuc9uSb1enYV
KIwleFbupeGaPN8UngSgUlC5zCJAeyGcA/iuAEmqHgCiG3c6fg1Hvdot+Rx0ncAa
1LEoTi4ZsRvX1JiVurhTxG2h5giSt6dO279+CrWy8iwR0Yft1mRYt8hTEddoZ7v5
D4FPtruUv3LSQKyy8+SunzMPwnIGiuRfeVp8DMNVL92Ck2gk4NqwZySbUyonPJC0
4C2WLWjtuupEFhL724vbgOnixVESQUEXPdT/h08Ew4HJP0q41DEsUqDJbTgZFfN3
S+nkXGerX6Rw2JeSVOLW9ytqGFj0a+RiT7h3UWAyckbY1dSuIV4Bb1zOvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIodSz9nBqpVUB4pGKcC9qSBtF1TMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvaWgxTFAyY0dxbFZRSGlrWXB3TDJwSUcwWFZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEn
MA0GCSqGSIb3DQEBCwUAA4IBAQA4zczcNwCpmKDN15qUhIfI2WFVwGXBwVH8pZBZ
N620JMloby6ZKNEn5tKfkgsdjtrnp2G9KGLTdRuB9kmVaN0BQTMlLi232oNhaThn
fJ55aEEMkleSBJnFaqtYkurtt6F4w+MQ3XfCJpL/obuxzmpkCCgXq3sx5t+7zcS1
sVyKAMlCw3NbxM/IQrOs6UNxPggEe33+nNCNSJOrMbLicEWikUXeYhPieLuKPyUA
hoN2NI8XsaQrX8yelw5ORBAtVb1Lz2H9jS97fsh+qxfCKPpI9LwQG0HLNKx2q8DI
nCs6PoUiTvVMQrCXdv89Zu3m2J5kUM57X9UTaxulz2T2HY5G
-----END CERTIFICATE-----