Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/Hk5Ktlh8XX2YN7sARUN-QE2JPb4.roa
File:                     Hk5Ktlh8XX2YN7sARUN-QE2JPb4.roa (raw, json)
Hash identifier:          lYdXNuwgAHw3EHxtGwjOEAw2Wc6pvQ+LS+ixRY0OXZk=
Subject key identifier:   1E:4E:4A:B6:58:7C:5D:7D:98:37:BB:00:45:43:7E:40:4D:89:3D:BE
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01982DE78A937CE5CF5AF833606DE4C6C741
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/Hk5Ktlh8XX2YN7sARUN-QE2JPb4.roa
Signing time:             Mon 21 Jul 2025 16:53:25 +0000
ROA not before:           Mon 21 Jul 2025 16:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a11:b682::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:e7:8a:93:7c:e5:cf:5a:f8:33:60:6d:e4:c6:c7:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jul 21 16:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e4e4ab6587c5d7d9837bb0045437e404d893dbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e2:8f:6e:72:ba:da:48:24:90:17:3c:41:8b:
                    30:4e:4f:e8:44:9a:5a:fc:b6:c4:ed:fc:b2:f4:83:
                    c2:03:61:a0:d7:81:f7:c6:2d:8b:0d:8d:1b:7c:e6:
                    1f:f7:3a:89:39:c6:86:d4:c5:7e:04:10:a2:4b:44:
                    3b:12:ac:39:45:51:de:32:c5:5e:61:86:fa:9b:f3:
                    b2:46:85:24:41:95:55:bb:b7:20:fe:e5:f2:33:62:
                    34:cc:1b:25:76:e5:d6:0e:54:49:99:69:ab:49:04:
                    e3:e3:f7:80:63:3e:4d:88:9b:ac:6f:03:9e:a7:37:
                    f4:bb:7b:d5:8a:74:bb:03:38:73:f4:11:16:09:41:
                    b3:91:ba:24:71:05:37:86:95:ee:c1:9e:5e:b7:1f:
                    68:9d:0b:07:5c:50:94:b7:db:5f:31:ad:89:97:74:
                    36:f4:6f:93:32:2e:ed:68:0c:9e:c4:74:1c:8e:9d:
                    bf:08:9b:79:a8:1a:4c:c6:59:6b:d3:32:3d:98:56:
                    5d:c2:b9:96:13:1a:ec:5b:3a:fa:42:99:73:04:3e:
                    e4:19:f2:fe:85:8b:ef:ef:02:78:b2:b6:25:d0:32:
                    45:59:52:d6:e3:47:c8:43:79:f4:b1:2a:da:44:e8:
                    0d:bc:9a:75:f9:92:54:b4:52:53:05:15:6d:98:0a:
                    d8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:4E:4A:B6:58:7C:5D:7D:98:37:BB:00:45:43:7E:40:4D:89:3D:BE
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/Hk5Ktlh8XX2YN7sARUN-QE2JPb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:b682::/32

    Signature Algorithm: sha256WithRSAEncryption
         cc:04:e8:c4:7d:6e:d0:cd:d3:d7:32:1f:a2:5d:be:84:76:c7:
         d8:c7:fa:d7:99:fb:be:df:91:25:10:d5:ed:33:ea:55:e1:23:
         c0:78:35:48:ea:dd:85:ba:13:42:34:b0:2b:5e:7d:2c:04:63:
         35:2d:0d:99:88:65:80:83:13:68:de:20:f1:1d:e6:16:fc:3f:
         51:76:c2:1f:d4:08:ad:58:11:85:0d:70:36:6f:5d:74:2d:28:
         9d:d9:18:5d:95:38:c7:7b:a8:6c:dc:20:30:78:30:d6:08:28:
         c9:72:89:58:6f:6b:f9:05:98:4c:5d:d2:47:a6:6b:ad:6c:a3:
         27:2e:60:99:59:e8:68:1d:4b:88:ce:c1:3a:dd:a6:3b:34:54:
         b4:4e:21:17:b5:b8:a5:0f:43:67:36:49:43:f1:3b:d5:c1:43:
         9e:cf:54:c4:6c:39:1c:0c:b7:49:27:ce:92:75:38:0e:ec:da:
         a2:27:ee:f9:f5:49:e5:25:50:c4:f6:a9:c7:70:1e:5a:7f:b6:
         89:eb:2a:e4:53:7b:a4:39:66:14:42:a9:d5:85:34:87:54:59:
         d8:92:e2:ee:52:39:d5:fc:7c:df:cb:37:c2:e0:23:3b:42:ad:
         0f:3a:c0:57:4d:f6:ca:f9:cd:d1:e7:a3:cc:82:c0:34:b9:1b:
         2d:25:96:03
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgt54qTfOXPWvgzYG3kxsdBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNzIxMTY1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTRlNGFiNjU4N2M1ZDdkOTgzN2JiMDA0NTQzN2U0MDRkODkzZGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+KPbnK62kgkkBc8QYswTk/oRJpa
/LbE7fyy9IPCA2Gg14H3xi2LDY0bfOYf9zqJOcaG1MV+BBCiS0Q7Eqw5RVHeMsVe
YYb6m/OyRoUkQZVVu7cg/uXyM2I0zBslduXWDlRJmWmrSQTj4/eAYz5NiJusbwOe
pzf0u3vVinS7Azhz9BEWCUGzkbokcQU3hpXuwZ5etx9onQsHXFCUt9tfMa2Jl3Q2
9G+TMi7taAyexHQcjp2/CJt5qBpMxllr0zI9mFZdwrmWExrsWzr6QplzBD7kGfL+
hYvv7wJ4srYl0DJFWVLW40fIQ3n0sSraROgNvJp1+ZJUtFJTBRVtmArY7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFB5OSrZYfF19mDe7AEVDfkBNiT2+MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvSGs1S3RsaDhYWDJZTjdzQVJVTi1RRTJKUGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhG2gjAN
BgkqhkiG9w0BAQsFAAOCAQEAzAToxH1u0M3T1zIfol2+hHbH2Mf615n7vt+RJRDV
7TPqVeEjwHg1SOrdhboTQjSwK159LARjNS0NmYhlgIMTaN4g8R3mFvw/UXbCH9QI
rVgRhQ1wNm9ddC0ondkYXZU4x3uobNwgMHgw1ggoyXKJWG9r+QWYTF3SR6ZrrWyj
Jy5gmVnoaB1LiM7BOt2mOzRUtE4hF7W4pQ9DZzZJQ/E71cFDns9UxGw5HAy3SSfO
knU4Duzaoifu+fVJ5SVQxPapx3AeWn+2iesq5FN7pDlmFEKp1YU0h1RZ2JLi7lI5
1fx838s3wuAjO0KtDzrAV032yvnN0eejzILANLkbLSWWAw==
-----END CERTIFICATE-----