Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/LzdMGu0OcRYHQY1HlpwxQLBRuSY.roa
File:                     LzdMGu0OcRYHQY1HlpwxQLBRuSY.roa (raw, json)
Hash identifier:          8UTPwSHPxxCJvAY5ZTsxLYAysZ1uLF0MwZ9WftvyUs4=
Subject key identifier:   2F:37:4C:1A:ED:0E:71:16:07:41:8D:47:96:9C:31:40:B0:51:B9:26
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01977DBE9C095F874180E7ED3482B99E3E55
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/LzdMGu0OcRYHQY1HlpwxQLBRuSY.roa
Signing time:             Tue 17 Jun 2025 11:55:33 +0000
ROA not before:           Tue 17 Jun 2025 11:55:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215434
IP address blocks:        2a13:afc0::/29 maxlen: 29
                          2a14:61c0::/29 maxlen: 29
                          2a14:69c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:be:9c:09:5f:87:41:80:e7:ed:34:82:b9:9e:3e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 17 11:55:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f374c1aed0e711607418d47969c3140b051b926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7a:93:c9:22:dd:99:c8:85:d0:a1:89:23:f0:
                    1b:5a:ff:c7:ae:01:5d:24:87:b2:04:c1:1f:f2:36:
                    64:54:e3:93:ee:48:b3:62:5c:97:a4:b9:8f:3a:7d:
                    ad:48:a2:f5:26:ff:66:c5:0c:50:e9:47:26:b9:ff:
                    fb:20:72:5e:9f:93:97:0b:75:50:27:f6:48:24:4b:
                    3b:ca:cb:bc:e9:ac:5c:41:96:26:89:fe:21:33:48:
                    96:30:b1:67:2b:ad:15:6d:d4:ee:09:1e:50:68:34:
                    eb:2d:a0:a6:89:53:d3:94:c1:29:bc:a5:51:72:b7:
                    d4:6a:9d:6f:2d:0c:64:ef:88:5d:14:12:2c:9b:ca:
                    09:2c:4b:6d:0d:ae:81:7e:d8:30:50:99:5e:6e:d7:
                    de:d0:26:fe:19:79:49:de:22:b7:0e:04:f0:0b:1d:
                    3d:cf:6f:c2:fe:5c:b6:87:8c:af:16:d0:da:58:ca:
                    9b:a8:e6:f6:f7:77:4f:3b:66:00:ab:e4:45:36:e5:
                    6c:8b:ba:a6:f9:7d:23:a1:d2:f7:c7:7b:03:be:9d:
                    1d:27:df:49:c1:09:7b:af:5a:ff:1d:b0:52:28:87:
                    da:e5:3f:9d:ab:79:0a:58:d5:df:40:79:09:3f:03:
                    c7:a5:90:48:f6:0e:ab:65:27:af:e9:2f:00:20:2f:
                    e8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:37:4C:1A:ED:0E:71:16:07:41:8D:47:96:9C:31:40:B0:51:B9:26
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/LzdMGu0OcRYHQY1HlpwxQLBRuSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:afc0::/29
                  2a14:61c0::/29
                  2a14:69c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:fe:73:3e:7c:c2:c2:1b:d6:d3:7d:da:7d:48:07:0c:a4:0c:
         51:e6:d5:08:30:09:f5:66:e1:70:f6:40:2c:e8:ca:f7:e3:2a:
         94:c4:fe:dd:ca:b9:d3:c2:ad:32:d4:70:e7:ae:1e:a6:1f:ed:
         f2:e5:48:14:4e:87:13:10:62:09:6b:8a:23:19:d2:70:56:cf:
         f5:62:e4:99:98:46:0c:a2:4e:7a:9b:5c:3c:52:a5:ae:b2:8c:
         bc:c3:67:65:d5:43:7b:0e:ae:c7:61:5c:53:0e:91:23:16:a5:
         4a:ab:00:5e:c7:9a:69:39:b8:68:e6:b3:f2:a5:91:d7:cd:e5:
         2e:e5:99:c0:00:ff:0b:2e:12:17:54:b3:3e:9e:2f:09:37:a4:
         c1:ff:f1:72:97:8c:5c:a1:8a:68:a8:ae:3d:7f:bd:44:7a:ef:
         ad:90:1f:32:87:87:d6:6d:85:73:c4:57:e6:21:7d:10:ad:ba:
         0f:93:f4:51:e0:5f:4d:a9:03:64:af:26:a4:ac:81:62:d2:ca:
         01:d6:1a:f5:b7:2c:af:3c:29:c3:e5:9f:4a:c3:0b:8a:8f:26:
         52:bb:bf:ef:f3:13:68:aa:f7:31:dc:fb:b8:51:ea:47:de:24:
         c8:c4:84:05:ec:7f:de:97:57:08:87:3c:af:81:25:c8:93:fd:
         a3:1b:d4:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZd9vpwJX4dBgOftNIK5nj5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjE3MTE1NTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjM3NGMxYWVkMGU3MTE2MDc0MThkNDc5NjljMzE0MGIwNTFiOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3qTySLdmciF0KGJI/AbWv/HrgFd
JIeyBMEf8jZkVOOT7kizYlyXpLmPOn2tSKL1Jv9mxQxQ6Ucmuf/7IHJen5OXC3VQ
J/ZIJEs7ysu86axcQZYmif4hM0iWMLFnK60VbdTuCR5QaDTrLaCmiVPTlMEpvKVR
crfUap1vLQxk74hdFBIsm8oJLEttDa6BftgwUJlebtfe0Cb+GXlJ3iK3DgTwCx09
z2/C/ly2h4yvFtDaWMqbqOb293dPO2YAq+RFNuVsi7qm+X0jodL3x3sDvp0dJ99J
wQl7r1r/HbBSKIfa5T+dq3kKWNXfQHkJPwPHpZBI9g6rZSev6S8AIC/oEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC83TBrtDnEWB0GNR5acMUCwUbkmMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTHpkTUd1ME9jUllIUVkxSGxwd3hRTEJSdVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhOvwAMF
AyoUYcADBQMqFGnAMA0GCSqGSIb3DQEBCwUAA4IBAQCM/nM+fMLCG9bTfdp9SAcM
pAxR5tUIMAn1ZuFw9kAs6Mr34yqUxP7dyrnTwq0y1HDnrh6mH+3y5UgUTocTEGIJ
a4ojGdJwVs/1YuSZmEYMok56m1w8UqWusoy8w2dl1UN7Dq7HYVxTDpEjFqVKqwBe
x5ppObho5rPypZHXzeUu5ZnAAP8LLhIXVLM+ni8JN6TB//Fyl4xcoYpoqK49f71E
eu+tkB8yh4fWbYVzxFfmIX0QrboPk/RR4F9NqQNkryakrIFi0soB1hr1tyyvPCnD
5Z9KwwuKjyZSu7/v8xNoqvcx3Pu4UepH3iTIxIQF7H/el1cIhzyvgSXIk/2jG9Tq
-----END CERTIFICATE-----