Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9pLJXGQg2xVxvreN9q4q48FwZDM.roa
File:                     9pLJXGQg2xVxvreN9q4q48FwZDM.roa (raw, json)
Hash identifier:          09sETGPOferlmJ4Twh6z/F5jw3+1zOIqnUzU1auXPnQ=
Subject key identifier:   F6:92:C9:5C:64:20:DB:15:71:BE:B7:8D:F6:AE:2A:E3:C1:70:64:33
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01971126F41DAE3924DF64949A6709C09CB3
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9pLJXGQg2xVxvreN9q4q48FwZDM.roa
Signing time:             Tue 27 May 2025 09:50:54 +0000
ROA not before:           Tue 27 May 2025 09:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205770
IP address blocks:        2a06:5fc2::/32 maxlen: 32
                          2a13:bb42::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:26:f4:1d:ae:39:24:df:64:94:9a:67:09:c0:9c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 27 09:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f692c95c6420db1571beb78df6ae2ae3c1706433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:79:b9:52:d6:32:e4:fa:fa:02:b0:05:3b:f1:
                    8c:92:ee:6a:f4:ad:5a:21:4f:f3:fa:f5:02:1d:96:
                    94:34:a3:f1:29:c8:04:db:d6:fa:41:a0:97:1b:9e:
                    c3:ab:b4:8c:f4:a9:69:5e:45:6f:60:25:fa:20:56:
                    74:5b:39:9e:0c:43:7f:c7:2b:08:7d:ff:f8:bb:ce:
                    a5:3e:ed:a0:91:12:9e:af:7b:45:32:a9:4c:17:1b:
                    d0:ae:84:cb:67:4c:a2:14:40:69:7c:33:b2:53:82:
                    13:91:92:3b:c4:90:c1:b9:f9:b2:65:3a:04:7d:ef:
                    27:f7:9a:93:be:ef:14:f2:b5:2f:4f:0b:0f:70:eb:
                    55:f6:12:a5:7a:23:ba:75:21:9a:40:34:59:90:d5:
                    d7:36:25:15:2f:4f:07:da:cc:a4:08:56:10:a5:c8:
                    58:a0:5a:0a:91:14:81:79:de:b2:26:99:42:00:84:
                    8b:17:21:d5:5c:ae:e3:64:98:d6:43:a3:cf:e6:a3:
                    0f:05:58:41:98:48:81:d0:b6:31:97:cb:ed:33:88:
                    74:d8:a7:f6:22:7d:57:90:56:50:86:7f:77:6f:7a:
                    2f:28:1d:03:a0:1b:49:91:a0:91:13:71:07:2d:13:
                    fc:15:05:8a:f9:e2:8f:ce:40:ac:d4:e4:9d:5b:c9:
                    17:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:92:C9:5C:64:20:DB:15:71:BE:B7:8D:F6:AE:2A:E3:C1:70:64:33
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9pLJXGQg2xVxvreN9q4q48FwZDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:5fc2::/32
                  2a13:bb42::/32

    Signature Algorithm: sha256WithRSAEncryption
         e0:08:62:c1:2c:05:01:98:85:31:8a:e9:45:49:e3:de:33:53:
         bc:26:20:e6:8d:8c:fc:0e:72:45:7e:dd:30:2b:e8:d7:10:2c:
         54:3e:6f:b4:45:91:df:30:e4:c9:b6:c6:aa:79:09:bb:4c:dd:
         1f:80:f8:76:b8:67:ec:94:0f:8e:1b:4a:6a:56:4a:64:22:5b:
         21:23:33:70:d9:72:b6:cf:0c:1c:48:a3:4c:8a:02:0b:b4:58:
         dd:56:1d:bd:9e:bb:b4:d5:ac:24:63:e2:12:9d:a9:07:1f:db:
         3a:95:82:16:ce:fc:d8:34:2f:82:3f:d5:c7:a2:80:d2:1a:68:
         c2:82:38:c5:36:89:71:4e:06:1c:dd:0f:3f:91:4e:7d:cf:3f:
         c6:9c:d2:88:1d:0b:77:08:8c:cf:42:59:77:cb:b5:38:a5:f4:
         17:00:9d:34:b2:6c:3c:db:1d:28:c4:d3:f6:08:5b:32:1d:4a:
         56:31:c6:fb:28:57:c3:69:e5:da:dd:1b:dc:d4:6c:ce:bb:39:
         f1:e1:5b:2d:c0:f0:a2:36:ab:6d:b7:40:e1:8d:98:ae:25:1f:
         9e:61:aa:5f:b4:aa:d8:0d:42:b9:27:f1:00:9a:fc:b9:f9:77:
         53:43:1a:de:e6:2a:88:31:88:3c:19:76:68:34:d8:a7:80:e8:
         41:2e:a7:e8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcRJvQdrjkk32SUmmcJwJyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI3MDk1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjkyYzk1YzY0MjBkYjE1NzFiZWI3OGRmNmFlMmFlM2MxNzA2NDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnm5UtYy5Pr6ArAFO/GMku5q9K1a
IU/z+vUCHZaUNKPxKcgE29b6QaCXG57Dq7SM9KlpXkVvYCX6IFZ0WzmeDEN/xysI
ff/4u86lPu2gkRKer3tFMqlMFxvQroTLZ0yiFEBpfDOyU4ITkZI7xJDBufmyZToE
fe8n95qTvu8U8rUvTwsPcOtV9hKleiO6dSGaQDRZkNXXNiUVL08H2sykCFYQpchY
oFoKkRSBed6yJplCAISLFyHVXK7jZJjWQ6PP5qMPBVhBmEiB0LYxl8vtM4h02Kf2
In1XkFZQhn93b3ovKB0DoBtJkaCRE3EHLRP8FQWK+eKPzkCs1OSdW8kXIwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPaSyVxkINsVcb63jfauKuPBcGQzMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvOXBMSlhHUWcyeFZ4dnJlTjlxNHE0OEZ3WkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgZfwgMF
ACoTu0IwDQYJKoZIhvcNAQELBQADggEBAOAIYsEsBQGYhTGK6UVJ494zU7wmIOaN
jPwOckV+3TAr6NcQLFQ+b7RFkd8w5Mm2xqp5CbtM3R+A+Ha4Z+yUD44bSmpWSmQi
WyEjM3DZcrbPDBxIo0yKAgu0WN1WHb2eu7TVrCRj4hKdqQcf2zqVghbO/Ng0L4I/
1ceigNIaaMKCOMU2iXFOBhzdDz+RTn3PP8ac0ogdC3cIjM9CWXfLtTil9BcAnTSy
bDzbHSjE0/YIWzIdSlYxxvsoV8Np5drdG9zUbM67OfHhWy3A8KI2q223QOGNmK4l
H55hql+0qtgNQrkn8QCa/Ln5d1NDGt7mKogxiDwZdmg02KeA6EEup+g=
-----END CERTIFICATE-----