Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/FEp4V3P4SvU5bIxBRGf5REVatCI.roa
File:                     FEp4V3P4SvU5bIxBRGf5REVatCI.roa (raw, json)
Hash identifier:          AmoKP5wM2EI6Wb++arWmV3biIk/Ks/EcGE04F6LHmng=
Subject key identifier:   14:4A:78:57:73:F8:4A:F5:39:6C:8C:41:44:67:F9:44:45:5A:B4:22
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       0197EB0C6B6FF92C50A50E703D39C04D6668
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/FEp4V3P4SvU5bIxBRGf5REVatCI.roa
Signing time:             Tue 08 Jul 2025 17:19:09 +0000
ROA not before:           Tue 08 Jul 2025 17:19:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215258
IP address blocks:        2a09:e1c1:f020::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:eb:0c:6b:6f:f9:2c:50:a5:0e:70:3d:39:c0:4d:66:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jul  8 17:19:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=144a785773f84af5396c8c414467f944455ab422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:78:19:9c:8d:ad:4f:6b:7a:46:54:17:8c:e2:
                    fa:d6:08:d8:a2:b0:c0:b3:e2:4a:0a:a2:3a:b2:12:
                    c2:99:d3:45:25:73:ea:52:d7:99:af:85:3c:0f:81:
                    f7:4f:fc:47:90:9d:19:76:68:e2:cf:02:b8:27:36:
                    1d:b0:4c:cf:3d:9d:bf:00:ff:2e:d2:d5:e1:da:6d:
                    49:02:d1:2e:07:98:ae:28:11:66:e4:c0:f5:1a:38:
                    94:48:50:6d:f5:a6:f1:2c:a8:a3:c6:7a:20:75:f9:
                    69:24:25:e7:f5:d9:a5:e5:37:38:60:31:6e:e8:d1:
                    40:42:2c:54:7e:dc:92:e8:04:0e:27:af:75:e5:f4:
                    76:4c:9f:e2:d9:35:79:14:0e:ae:46:65:23:35:ae:
                    fa:e2:5d:64:79:a8:b0:e3:83:ff:3c:77:39:bf:b3:
                    0c:55:eb:bc:e5:45:41:4e:49:40:a1:b6:ca:ee:4f:
                    b7:31:e1:54:78:0f:c4:84:5a:75:0b:af:b3:16:56:
                    1b:c3:1e:f0:5b:f2:8a:b5:e5:2f:7a:e3:e4:82:da:
                    bc:f7:34:45:81:28:d0:70:18:90:85:2a:cd:3c:ec:
                    19:43:a7:5c:9e:96:73:47:81:1e:5a:6c:55:8a:e3:
                    46:e6:b2:a8:af:78:e2:05:ed:8b:70:b4:69:95:a2:
                    05:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:4A:78:57:73:F8:4A:F5:39:6C:8C:41:44:67:F9:44:45:5A:B4:22
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/FEp4V3P4SvU5bIxBRGf5REVatCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e1c1:f020::/44

    Signature Algorithm: sha256WithRSAEncryption
         15:82:47:60:80:ca:b7:38:34:13:64:cc:48:c1:ed:c3:ae:b7:
         85:22:98:1c:b0:11:f1:90:02:b3:98:40:20:00:a6:f1:db:10:
         6b:92:28:fe:e5:b8:47:66:82:a5:4e:86:e0:fd:6d:1a:5c:51:
         70:f1:7c:65:3f:9e:8a:47:dc:5a:7e:8c:46:d2:c0:61:02:44:
         1a:11:34:44:46:37:35:81:75:34:16:1f:ab:6c:90:ae:3c:9d:
         40:c8:02:cc:51:bd:b8:24:74:eb:60:19:ba:f5:46:49:8f:53:
         3d:5e:65:c5:a9:62:ce:e1:59:14:14:70:c7:f9:5a:00:4a:10:
         e0:8f:ad:41:c5:17:1e:98:8e:06:0c:2d:78:ff:05:4f:01:e7:
         5a:71:a3:1e:cd:43:02:27:29:79:90:58:57:6a:fe:d9:e7:8b:
         2b:58:dd:d2:55:cc:48:ea:53:b8:e6:48:6e:35:a9:9c:6c:c7:
         2a:3a:9b:e5:20:c5:ec:53:20:22:74:d2:cb:7c:9a:9b:97:b9:
         b6:be:f0:b6:9a:8b:2b:f7:47:23:f3:1c:ee:0b:f6:f3:ec:7e:
         24:cf:e8:f6:af:7a:6b:f1:21:a6:ed:bc:98:12:0d:43:22:26:
         ca:08:d3:91:58:f5:d4:ae:e7:d7:17:e2:a7:9b:31:b3:e4:fe:
         26:7d:31:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfrDGtv+SxQpQ5wPTnATWZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwNzA4MTcxOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDRhNzg1NzczZjg0YWY1Mzk2YzhjNDE0NDY3Zjk0NDQ1NWFiNDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkngZnI2tT2t6RlQXjOL61gjYorDA
s+JKCqI6shLCmdNFJXPqUteZr4U8D4H3T/xHkJ0ZdmjizwK4JzYdsEzPPZ2/AP8u
0tXh2m1JAtEuB5iuKBFm5MD1GjiUSFBt9abxLKijxnogdflpJCXn9dml5Tc4YDFu
6NFAQixUftyS6AQOJ6915fR2TJ/i2TV5FA6uRmUjNa764l1keaiw44P/PHc5v7MM
Veu85UVBTklAobbK7k+3MeFUeA/EhFp1C6+zFlYbwx7wW/KKteUveuPkgtq89zRF
gSjQcBiQhSrNPOwZQ6dcnpZzR4EeWmxViuNG5rKor3jiBe2LcLRplaIFIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBRKeFdz+Er1OWyMQURn+URFWrQiMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvRkVwNFYzUDRTdlU1Ykl4QlJHZjVSRVZhdENJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgnhwfAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAVgkdggMq3ODQTZMxIwe3DrreFIpgcsBHxkAKz
mEAgAKbx2xBrkij+5bhHZoKlTobg/W0aXFFw8XxlP56KR9xafoxG0sBhAkQaETRE
Rjc1gXU0Fh+rbJCuPJ1AyALMUb24JHTrYBm69UZJj1M9XmXFqWLO4VkUFHDH+VoA
ShDgj61BxRcemI4GDC14/wVPAedacaMezUMCJyl5kFhXav7Z54srWN3SVcxI6lO4
5khuNamcbMcqOpvlIMXsUyAidNLLfJqbl7m2vvC2mosr90cj8xzuC/bz7H4kz+j2
r3pr8SGm7byYEg1DIibKCNORWPXUrufXF+KnmzGz5P4mfTH8
-----END CERTIFICATE-----