Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/FpUONkQdaqv2Rv9yYXuuU5484b4.roa
File:                     FpUONkQdaqv2Rv9yYXuuU5484b4.roa (raw, json)
Hash identifier:          s8fjXQWhK2u6VImvQBksJDBrALRZJPf8LAm3HxwOROQ=
Subject key identifier:   16:95:0E:36:44:1D:6A:AB:F6:46:FF:72:61:7B:AE:53:9E:3C:E1:BE
Certificate issuer:       /CN=351a14ce9d25239b92fe5abce532515044c1aba4
Certificate serial:       0198399F6896FDAA82E06C34231C85B7E543
Authority key identifier: 35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/FpUONkQdaqv2Rv9yYXuuU5484b4.roa
Signing time:             Wed 23 Jul 2025 23:30:04 +0000
ROA not before:           Wed 23 Jul 2025 23:30:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8708
IP address blocks:        2a05:91c3:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 20:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:39:9f:68:96:fd:aa:82:e0:6c:34:23:1c:85:b7:e5:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a14ce9d25239b92fe5abce532515044c1aba4
        Validity
            Not Before: Jul 23 23:30:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16950e36441d6aabf646ff72617bae539e3ce1be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:8f:0c:b5:81:6b:b3:2f:8a:3a:79:42:4f:fb:
                    57:d5:a2:6e:0e:a8:d0:7c:53:08:f4:f8:4e:ff:fc:
                    e3:9d:b1:67:e4:d3:d7:ce:0b:d3:b0:c3:96:57:7f:
                    ab:05:a1:c5:a8:eb:e5:d4:e8:61:3c:fa:5d:a7:97:
                    41:7d:93:db:b5:5f:37:2e:a4:04:91:a3:67:c0:8e:
                    f5:a1:01:40:b7:e5:cc:18:7f:37:cd:a1:db:2f:d8:
                    0b:e2:6c:cc:6b:a8:f1:31:ff:94:a4:ee:d7:72:b4:
                    9b:f3:2b:e7:4f:0b:79:14:37:a9:6d:96:83:be:97:
                    d1:24:09:72:f6:dc:16:d4:19:6e:72:e1:8e:62:88:
                    36:91:5d:02:9b:8a:4b:d0:7e:1b:05:ea:0f:ae:3e:
                    cf:af:b7:b8:a6:d6:3d:17:82:ba:41:e4:d0:dd:77:
                    ad:79:1e:34:72:73:42:00:45:b4:f2:9f:06:78:ca:
                    61:24:a7:ea:8b:78:e3:f8:5b:35:11:df:67:bf:c7:
                    2a:2e:a5:cc:e7:33:09:9f:f1:46:45:50:e5:d0:9d:
                    63:f1:c5:66:59:1e:50:59:19:c5:38:31:00:20:4f:
                    22:11:2d:ec:39:16:5d:3f:34:f2:9d:d0:8c:d9:82:
                    7c:ee:54:20:c5:58:c0:d7:f2:86:5b:e8:f6:26:57:
                    5b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:95:0E:36:44:1D:6A:AB:F6:46:FF:72:61:7B:AE:53:9E:3C:E1:BE
            X509v3 Authority Key Identifier:
                keyid:35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/FpUONkQdaqv2Rv9yYXuuU5484b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:91c3:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:a4:5c:ce:31:ea:c0:bf:71:70:e6:ee:8e:df:dc:3f:6e:ea:
         a8:81:78:a3:a9:53:00:b5:82:4e:28:2c:09:b5:1b:55:fc:96:
         6a:60:ce:a3:cb:ad:0b:8d:93:92:08:77:22:48:06:86:e0:f1:
         95:b6:29:dd:2a:c6:1f:2c:91:f7:1c:79:e5:6f:e0:3e:0b:15:
         cb:33:3e:3d:8c:f4:14:4e:c6:19:14:3b:2c:32:26:f4:a0:2a:
         c8:c1:a6:34:3d:7b:e7:7e:c4:0b:05:36:cc:18:e0:11:24:ec:
         61:ff:da:22:73:3e:d1:33:02:7a:3d:f4:11:e6:f0:e0:d5:44:
         b7:f9:e0:bf:64:6c:67:1d:7f:f5:60:9b:d3:54:68:27:69:b3:
         c0:9a:d0:1a:53:50:ba:84:09:a9:7d:70:43:5e:c6:97:1f:a1:
         77:93:af:28:d0:0d:22:e7:7a:13:7f:12:30:68:f8:58:a1:a5:
         20:17:9e:f9:9d:d2:c2:f2:62:98:ed:0d:42:56:0b:ed:77:26:
         e0:ce:76:d3:d3:0c:d4:d9:3f:dd:43:e6:e0:34:17:4a:70:90:
         64:8a:dd:23:ae:67:8c:39:93:fc:4a:31:c9:bb:53:46:a1:01:
         52:88:9a:97:b5:18:97:58:7b:62:b6:f1:cb:f8:92:34:c5:ea:
         5c:89:85:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZg5n2iW/aqC4Gw0IxyFt+VDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWExNGNlOWQyNTIzOWI5MmZlNWFiY2U1MzI1MTUwNDRj
MWFiYTQwHhcNMjUwNzIzMjMzMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjk1MGUzNjQ0MWQ2YWFiZjY0NmZmNzI2MTdiYWU1MzllM2NlMWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA348MtYFrsy+KOnlCT/tX1aJuDqjQ
fFMI9PhO//zjnbFn5NPXzgvTsMOWV3+rBaHFqOvl1OhhPPpdp5dBfZPbtV83LqQE
kaNnwI71oQFAt+XMGH83zaHbL9gL4mzMa6jxMf+UpO7XcrSb8yvnTwt5FDepbZaD
vpfRJAly9twW1BlucuGOYog2kV0Cm4pL0H4bBeoPrj7Pr7e4ptY9F4K6QeTQ3Xet
eR40cnNCAEW08p8GeMphJKfqi3jj+Fs1Ed9nv8cqLqXM5zMJn/FGRVDl0J1j8cVm
WR5QWRnFODEAIE8iES3sORZdPzTyndCM2YJ87lQgxVjA1/KGW+j2JldbtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBaVDjZEHWqr9kb/cmF7rlOePOG+MB8GA1UdIwQY
MBaAFDUaFM6dJSObkv5avOUyUVBEwaukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEt
Mjk1Mzg5NGIxZjZkLzEvRnBVT05rUWRhcXYyUnY5eVlYdXVVNTQ4NGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEtMjk1Mzg5NGIxZjZk
LzEvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWRwwAC
MA0GCSqGSIb3DQEBCwUAA4IBAQAipFzOMerAv3Fw5u6O39w/buqogXijqVMAtYJO
KCwJtRtV/JZqYM6jy60LjZOSCHciSAaG4PGVtindKsYfLJH3HHnlb+A+CxXLMz49
jPQUTsYZFDssMib0oCrIwaY0PXvnfsQLBTbMGOARJOxh/9oicz7RMwJ6PfQR5vDg
1US3+eC/ZGxnHX/1YJvTVGgnabPAmtAaU1C6hAmpfXBDXsaXH6F3k68o0A0i53oT
fxIwaPhYoaUgF575ndLC8mKY7Q1CVgvtdybgznbT0wzU2T/dQ+bgNBdKcJBkit0j
rmeMOZP8SjHJu1NGoQFSiJqXtRiXWHtitvHL+JI0xepciYWk
-----END CERTIFICATE-----