Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9N781uPic6VFyfJ2ZUFq8YAO19I.roa
File:                     9N781uPic6VFyfJ2ZUFq8YAO19I.roa (raw, json)
Hash identifier:          JQngV4bbHZ0V0AaDcLguOpZadQaD2iG2Fkk1fSo7z3k=
Subject key identifier:   F4:DE:FC:D6:E3:E2:73:A5:45:C9:F2:76:65:41:6A:F1:80:0E:D7:D2
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01971127E084B2719FD1EE3C497E53109258
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9N781uPic6VFyfJ2ZUFq8YAO19I.roa
Signing time:             Tue 27 May 2025 09:51:55 +0000
ROA not before:           Tue 27 May 2025 09:51:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201813
IP address blocks:        2a06:5fc7::/32 maxlen: 32
                          2a13:bb47::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:27:e0:84:b2:71:9f:d1:ee:3c:49:7e:53:10:92:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 27 09:51:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4defcd6e3e273a545c9f27665416af1800ed7d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6b:d3:bf:be:79:4e:ba:54:eb:7b:64:b0:57:
                    9d:4b:8e:69:be:f1:68:f8:9a:a8:2d:61:fe:37:fb:
                    f7:d3:c4:30:0c:a3:68:f3:76:51:b0:8d:7f:6e:8c:
                    9d:50:25:a8:a8:22:4f:3d:33:1d:4f:4a:64:a5:20:
                    8d:e0:be:39:80:c4:93:09:63:1f:de:3c:fc:f0:62:
                    66:8c:c6:b0:f3:b3:e5:1e:05:96:4a:75:bf:20:51:
                    0a:7e:2d:f3:32:2f:43:70:06:11:8f:74:a4:75:a3:
                    5d:6f:79:ca:e2:20:72:07:59:5a:ba:71:e9:ff:93:
                    bc:d2:e4:8d:e9:91:0b:f9:5a:64:ab:68:73:e8:c3:
                    01:62:9c:ff:4e:66:52:34:54:da:7e:7e:84:15:b7:
                    61:f6:ad:cb:6d:99:bc:ec:b4:6d:68:dc:32:da:dc:
                    b6:76:96:09:1a:4f:8c:88:23:2d:03:94:6f:59:89:
                    d8:3a:cd:8b:bc:98:2c:90:8f:50:29:d1:05:70:bb:
                    da:52:26:84:d8:f4:c5:c0:19:b3:33:99:c4:26:b4:
                    bc:54:74:82:58:d0:9a:b7:ff:ef:55:4c:d6:3b:61:
                    50:e3:52:da:9c:f2:64:d6:6e:bf:1a:ee:2f:ac:06:
                    49:2d:1e:66:31:a4:60:e7:8b:b1:5c:14:24:86:1d:
                    ac:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DE:FC:D6:E3:E2:73:A5:45:C9:F2:76:65:41:6A:F1:80:0E:D7:D2
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9N781uPic6VFyfJ2ZUFq8YAO19I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:5fc7::/32
                  2a13:bb47::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:a1:a9:ef:91:1e:64:36:5b:f2:52:19:e2:49:c7:c5:a4:00:
         3d:5e:02:32:3b:88:d1:cd:51:c9:0a:62:ae:69:8e:46:f5:10:
         c9:fd:19:15:64:8f:48:37:13:41:fb:93:6c:f8:a5:3e:d7:55:
         66:a1:27:e8:e2:56:68:fb:40:bd:e6:71:89:84:89:d0:8d:88:
         77:cd:0e:3f:4d:9e:0c:1d:39:c3:f1:46:2a:14:3a:6a:94:c5:
         58:8d:70:e2:4a:a6:12:e5:46:77:82:eb:7a:53:4f:3f:05:bf:
         f6:71:79:96:19:d2:07:4f:01:18:5a:92:76:f0:b8:75:1d:5a:
         34:06:8c:6d:42:06:77:00:26:f7:ca:af:68:9f:3b:42:1f:13:
         d0:36:dc:90:09:d8:da:87:1f:c0:98:f0:67:9f:4e:3c:a5:77:
         4d:25:d7:fd:27:3f:98:5d:81:b3:b9:7b:11:da:69:29:71:c7:
         61:56:2c:0f:31:b2:c6:19:56:ef:14:72:97:35:f4:33:1c:bf:
         9c:9f:e7:4f:9d:5b:ab:2b:f2:3e:8e:b2:76:43:55:87:88:e8:
         7f:92:72:23:d0:43:99:05:c4:ba:d6:36:41:9b:c5:e5:28:e3:
         d4:b2:eb:9b:5c:37:32:43:eb:2b:7d:77:b2:1e:32:1a:a2:bb:
         80:20:d5:ee
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcRJ+CEsnGf0e48SX5TEJJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI3MDk1MTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGRlZmNkNmUzZTI3M2E1NDVjOWYyNzY2NTQxNmFmMTgwMGVkN2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmvTv755TrpU63tksFedS45pvvFo
+JqoLWH+N/v308QwDKNo83ZRsI1/boydUCWoqCJPPTMdT0pkpSCN4L45gMSTCWMf
3jz88GJmjMaw87PlHgWWSnW/IFEKfi3zMi9DcAYRj3SkdaNdb3nK4iByB1launHp
/5O80uSN6ZEL+Vpkq2hz6MMBYpz/TmZSNFTafn6EFbdh9q3LbZm87LRtaNwy2ty2
dpYJGk+MiCMtA5RvWYnYOs2LvJgskI9QKdEFcLvaUiaE2PTFwBmzM5nEJrS8VHSC
WNCat//vVUzWO2FQ41LanPJk1m6/Gu4vrAZJLR5mMaRg54uxXBQkhh2sDQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPTe/Nbj4nOlRcnydmVBavGADtfSMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvOU43ODF1UGljNlZGeWZKMlpVRnE4WUFPMTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgZfxwMF
ACoTu0cwDQYJKoZIhvcNAQELBQADggEBAG+hqe+RHmQ2W/JSGeJJx8WkAD1eAjI7
iNHNUckKYq5pjkb1EMn9GRVkj0g3E0H7k2z4pT7XVWahJ+jiVmj7QL3mcYmEidCN
iHfNDj9NngwdOcPxRioUOmqUxViNcOJKphLlRneC63pTTz8Fv/ZxeZYZ0gdPARha
knbwuHUdWjQGjG1CBncAJvfKr2ifO0IfE9A23JAJ2NqHH8CY8GefTjyld00l1/0n
P5hdgbO5exHaaSlxx2FWLA8xssYZVu8Ucpc19DMcv5yf50+dW6sr8j6OsnZDVYeI
6H+SciPQQ5kFxLrWNkGbxeUo49Sy65tcNzJD6yt9d7IeMhqiu4Ag1e4=
-----END CERTIFICATE-----