Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/dukRtbUxZBVioJQ3ztIVswrYNNA.roa
File:                     dukRtbUxZBVioJQ3ztIVswrYNNA.roa (raw, json)
Hash identifier:          UotKdLzjPrXF5MwtzJADmQZtjx5PiQOZaqVsJCIhnRQ=
Subject key identifier:   76:E9:11:B5:B5:31:64:15:62:A0:94:37:CE:D2:15:B3:0A:D8:34:D0
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       0197F586E94310E867C9308788BEBAFE725B
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/dukRtbUxZBVioJQ3ztIVswrYNNA.roa
Signing time:             Thu 10 Jul 2025 18:09:08 +0000
ROA not before:           Thu 10 Jul 2025 18:09:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213877
IP address blocks:        2a01:ecc0:40::/42 maxlen: 42
                          2a01:ecc0:200::/42 maxlen: 42
                          2a01:ecc0:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 12:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:86:e9:43:10:e8:67:c9:30:87:88:be:ba:fe:72:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Jul 10 18:09:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76e911b5b531641562a09437ced215b30ad834d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e9:b0:c3:45:8d:41:79:87:cc:31:94:89:19:
                    c2:05:2b:f6:d7:69:3a:60:56:8e:bf:10:a7:dd:8b:
                    17:3e:28:55:34:0a:8a:f1:d8:4c:f4:5e:68:d5:7d:
                    94:b4:2d:ca:21:49:1e:24:45:f0:f2:61:36:c7:43:
                    b2:9e:f8:8b:c5:7f:fc:a4:3a:35:40:54:28:1b:64:
                    4c:84:d2:4a:3d:68:fe:ea:8e:3d:10:4f:36:85:e7:
                    32:ce:95:50:d2:30:48:84:a5:38:9a:b1:21:33:98:
                    62:b0:f5:c6:d6:76:7b:6d:4f:4b:4b:82:fe:51:b9:
                    37:5e:59:88:ed:90:2c:8b:d2:8a:39:6c:16:f6:82:
                    c4:08:c7:03:f8:73:2d:6c:21:03:cf:a1:db:49:4d:
                    68:4e:e0:58:fa:26:4c:71:43:65:d1:ca:8e:3c:f3:
                    86:63:a0:74:66:b0:2c:79:89:ad:54:df:6b:77:3d:
                    e1:75:89:7d:0c:77:38:4b:c9:b0:1c:55:d2:be:78:
                    af:d0:47:3a:c9:dd:9d:bc:f5:ce:a3:0c:c3:2d:8d:
                    4b:f9:4c:42:78:8d:59:8a:5e:2e:07:2c:1d:84:52:
                    70:82:29:bb:71:d8:0b:a5:ec:60:f1:90:e8:ff:8e:
                    1c:87:84:79:d8:38:85:e4:49:ba:2d:6d:78:0d:b8:
                    35:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E9:11:B5:B5:31:64:15:62:A0:94:37:CE:D2:15:B3:0A:D8:34:D0
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/dukRtbUxZBVioJQ3ztIVswrYNNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:40::/42
                  2a01:ecc0:200::/42
                  2a01:ecc0:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         27:2b:41:e9:66:c7:ce:dc:4d:3d:2c:a2:44:84:1b:95:22:86:
         e8:6d:02:a7:1e:1b:a7:c3:96:d1:7e:fc:42:4c:be:9d:d2:cd:
         01:01:13:2a:b4:58:c9:b0:c4:c2:aa:06:c1:da:29:cf:84:73:
         6e:78:02:9c:5a:61:a7:83:46:89:8f:65:18:95:1d:a3:be:b1:
         75:18:08:5f:8c:e2:cb:37:d0:6c:15:65:d6:93:02:c5:e7:ed:
         34:5b:78:96:29:f9:f4:b3:1e:b3:e8:69:af:8b:f3:38:3d:0d:
         70:07:6f:7d:c2:39:c3:cb:4f:dc:d5:1a:e9:1e:91:3a:25:cf:
         ca:90:18:e7:b1:de:5f:46:19:48:0a:1e:55:97:a7:05:c6:8d:
         d5:12:bd:8b:8b:72:cf:4e:92:30:27:db:d2:bc:7d:e9:b2:0c:
         74:1d:72:a8:ba:eb:c7:01:a7:61:a0:ce:ba:66:04:01:6c:b8:
         1c:0b:5a:a7:53:b8:61:60:2b:2e:04:e9:73:71:bd:c4:06:ed:
         98:ad:d9:22:64:b5:ef:9b:b0:e0:b9:98:c6:40:0d:a4:8a:77:
         a0:d1:b9:a6:ee:0f:91:74:80:67:c5:b2:88:b8:3b:f5:16:0b:
         d0:d4:b5:c6:92:c3:f0:06:90:2a:3e:00:08:79:f7:37:51:86:
         b9:d1:85:07
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZf1hulDEOhnyTCHiL66/nJbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwNzEwMTgwOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmU5MTFiNWI1MzE2NDE1NjJhMDk0MzdjZWQyMTViMzBhZDgzNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjumww0WNQXmHzDGUiRnCBSv212k6
YFaOvxCn3YsXPihVNAqK8dhM9F5o1X2UtC3KIUkeJEXw8mE2x0OynviLxX/8pDo1
QFQoG2RMhNJKPWj+6o49EE82hecyzpVQ0jBIhKU4mrEhM5hisPXG1nZ7bU9LS4L+
Ubk3XlmI7ZAsi9KKOWwW9oLECMcD+HMtbCEDz6HbSU1oTuBY+iZMcUNl0cqOPPOG
Y6B0ZrAseYmtVN9rdz3hdYl9DHc4S8mwHFXSvniv0Ec6yd2dvPXOowzDLY1L+UxC
eI1Zil4uBywdhFJwgim7cdgLpexg8ZDo/44ch4R52DiF5Em6LW14Dbg1vQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFHbpEbW1MWQVYqCUN87SFbMK2DTQMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvZHVrUnRiVXhaQlZpb0pRM3p0SVZzd3JZTk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwcGKgHswABA
AwcGKgHswAIAAwYEKgHswBAwDQYJKoZIhvcNAQELBQADggEBACcrQelmx87cTT0s
okSEG5UihuhtAqceG6fDltF+/EJMvp3SzQEBEyq0WMmwxMKqBsHaKc+Ec254Apxa
YaeDRomPZRiVHaO+sXUYCF+M4ss30GwVZdaTAsXn7TRbeJYp+fSzHrPoaa+L8zg9
DXAHb33COcPLT9zVGukekTolz8qQGOex3l9GGUgKHlWXpwXGjdUSvYuLcs9OkjAn
29K8femyDHQdcqi668cBp2GgzrpmBAFsuBwLWqdTuGFgKy4E6XNxvcQG7Zit2SJk
te+bsOC5mMZADaSKd6DRuabuD5F0gGfFsoi4O/UWC9DUtcaSw/AGkCo+AAh59zdR
hrnRhQc=
-----END CERTIFICATE-----