Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/e6px4NYFUKOjtigYEtL8KdaRy0k.roa
File:                     e6px4NYFUKOjtigYEtL8KdaRy0k.roa (raw, json)
Hash identifier:          /gzrTJVVJRwKZ+ywWGLia/Q0M//BQxmw0Q5lhIV8U3Q=
Subject key identifier:   7B:AA:71:E0:D6:05:50:A3:A3:B6:28:18:12:D2:FC:29:D6:91:CB:49
Certificate issuer:       /CN=5f0211c91e9e0d35cb513345913e0a1a61bfd249
Certificate serial:       0197F8BDF7EB9A92751573E626E44893BD80
Authority key identifier: 5F:02:11:C9:1E:9E:0D:35:CB:51:33:45:91:3E:0A:1A:61:BF:D2:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwIRyR6eDTXLUTNFkT4KGmG_0kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/e6px4NYFUKOjtigYEtL8KdaRy0k.roa
Signing time:             Fri 11 Jul 2025 09:08:08 +0000
ROA not before:           Fri 11 Jul 2025 09:08:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209845
IP address blocks:        2001:67c:ad4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/XwIRyR6eDTXLUTNFkT4KGmG_0kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/XwIRyR6eDTXLUTNFkT4KGmG_0kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XwIRyR6eDTXLUTNFkT4KGmG_0kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f8:bd:f7:eb:9a:92:75:15:73:e6:26:e4:48:93:bd:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0211c91e9e0d35cb513345913e0a1a61bfd249
        Validity
            Not Before: Jul 11 09:08:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7baa71e0d60550a3a3b6281812d2fc29d691cb49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:11:32:b3:69:1f:86:59:f2:64:2d:24:f0:c9:
                    31:19:41:af:59:54:c6:ee:84:2c:6e:1e:e7:d5:b4:
                    85:57:19:b8:61:5a:e8:b2:d1:c9:0c:01:13:97:1e:
                    82:8a:76:58:fd:b7:27:3d:af:a2:ba:bc:17:df:68:
                    8e:68:4d:89:ed:61:3b:64:a5:42:3e:d8:36:b3:b7:
                    d7:6a:35:bb:57:d0:df:5d:0c:da:83:d5:54:f6:16:
                    df:cb:d0:65:77:89:df:9f:e4:0b:bd:66:85:61:e5:
                    dc:07:0b:40:4e:ea:63:8b:54:49:b1:e5:1e:41:7a:
                    14:52:18:23:17:fa:64:a4:ba:15:de:97:f0:24:e4:
                    0e:01:49:0d:76:c8:0c:6e:b8:ba:01:01:db:d2:5b:
                    0a:44:9e:bd:2d:c9:90:36:dd:36:17:2c:0b:45:3a:
                    42:7a:9a:35:27:65:49:bb:ac:60:eb:94:b5:32:f0:
                    4e:92:d6:53:88:13:3e:de:19:81:dc:e3:3e:ca:ff:
                    f2:8e:dd:fa:4a:11:2b:0e:fd:d6:d8:2d:45:40:70:
                    56:d7:33:1d:1a:54:99:de:86:ff:be:be:dc:66:b0:
                    8f:b0:82:e9:26:1c:a1:d8:9a:fa:8f:ad:ef:9c:9b:
                    42:02:07:b9:8b:3d:52:49:21:94:59:48:f5:5f:09:
                    37:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:AA:71:E0:D6:05:50:A3:A3:B6:28:18:12:D2:FC:29:D6:91:CB:49
            X509v3 Authority Key Identifier:
                keyid:5F:02:11:C9:1E:9E:0D:35:CB:51:33:45:91:3E:0A:1A:61:BF:D2:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwIRyR6eDTXLUTNFkT4KGmG_0kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/e6px4NYFUKOjtigYEtL8KdaRy0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/66d057-77e5-4241-80aa-21fd35cf4bb9/1/XwIRyR6eDTXLUTNFkT4KGmG_0kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ad4::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:f2:1e:9a:8e:c0:40:86:c8:4d:c2:33:77:ee:3c:1a:05:e5:
         a8:48:d4:2d:b4:13:2b:aa:34:a6:74:1d:24:f0:80:ea:45:a3:
         d5:e3:fc:10:94:72:56:36:8c:ef:3e:4a:61:e0:ab:84:10:73:
         c2:77:7e:55:f9:dd:b2:48:9c:31:3b:ae:00:f9:6c:b6:df:d7:
         3a:f3:00:a4:f8:da:39:a0:fe:53:44:60:87:28:e3:c3:dc:89:
         cf:a5:11:44:3a:a4:6a:72:cb:f0:46:62:be:ac:84:ee:52:cb:
         f4:a3:f1:77:45:ae:93:7f:d2:30:20:d3:13:0b:a4:20:2f:e4:
         25:8c:72:49:a0:ef:d5:5a:61:05:af:a3:ce:c4:1c:05:f9:fc:
         7a:53:09:74:e5:5a:8f:ea:82:b6:e5:bf:44:d2:73:d0:8b:7a:
         b3:bb:f6:c2:3e:63:ba:3f:f3:a6:75:61:31:d0:ea:8d:8e:e9:
         10:83:59:67:7c:4e:89:8a:2e:bd:1c:8e:1f:8d:be:d3:55:a4:
         cc:18:5b:02:ba:b8:1e:07:11:fd:cd:d6:de:4e:38:ca:58:e0:
         2d:af:8e:f1:1c:05:a0:7b:48:b5:70:6e:45:44:46:bc:5e:7a:
         67:e6:63:bc:19:b5:33:0d:30:22:cf:d9:79:dd:2b:2c:b1:ad:
         58:34:b1:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZf4vffrmpJ1FXPmJuRIk72AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDIxMWM5MWU5ZTBkMzVjYjUxMzM0NTkxM2UwYTFhNjFi
ZmQyNDkwHhcNMjUwNzExMDkwODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmFhNzFlMGQ2MDU1MGEzYTNiNjI4MTgxMmQyZmMyOWQ2OTFjYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBEys2kfhlnyZC0k8MkxGUGvWVTG
7oQsbh7n1bSFVxm4YVrostHJDAETlx6CinZY/bcnPa+iurwX32iOaE2J7WE7ZKVC
Ptg2s7fXajW7V9DfXQzag9VU9hbfy9Bld4nfn+QLvWaFYeXcBwtATupji1RJseUe
QXoUUhgjF/pkpLoV3pfwJOQOAUkNdsgMbri6AQHb0lsKRJ69LcmQNt02FywLRTpC
epo1J2VJu6xg65S1MvBOktZTiBM+3hmB3OM+yv/yjt36ShErDv3W2C1FQHBW1zMd
GlSZ3ob/vr7cZrCPsILpJhyh2Jr6j63vnJtCAge5iz1SSSGUWUj1Xwk3twIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHuqceDWBVCjo7YoGBLS/CnWkctJMB8GA1UdIwQY
MBaAFF8CEckeng01y1EzRZE+Chphv9JJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdJUnlSNmVEVFhMVVRORmtUNEtHbUdfMGtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82NmQwNTctNzdlNS00MjQxLTgwYWEt
MjFmZDM1Y2Y0YmI5LzEvZTZweDROWUZVS09qdGlnWUV0TDhLZGFSeTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82NmQwNTctNzdlNS00MjQxLTgwYWEtMjFmZDM1Y2Y0YmI5
LzEvWHdJUnlSNmVEVFhMVVRORmtUNEtHbUdfMGtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArU
MA0GCSqGSIb3DQEBCwUAA4IBAQCM8h6ajsBAhshNwjN37jwaBeWoSNQttBMrqjSm
dB0k8IDqRaPV4/wQlHJWNozvPkph4KuEEHPCd35V+d2ySJwxO64A+Wy239c68wCk
+No5oP5TRGCHKOPD3InPpRFEOqRqcsvwRmK+rITuUsv0o/F3Ra6Tf9IwINMTC6Qg
L+QljHJJoO/VWmEFr6POxBwF+fx6Uwl05VqP6oK25b9E0nPQi3qzu/bCPmO6P/Om
dWEx0OqNjukQg1lnfE6Jii69HI4fjb7TVaTMGFsCurgeBxH9zdbeTjjKWOAtr47x
HAWge0i1cG5FREa8Xnpn5mO8GbUzDTAiz9l53Ssssa1YNLEc
-----END CERTIFICATE-----