Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kJGJLdB1Tw4PSUGXEOwfyEsLvLU.roa
File:                     kJGJLdB1Tw4PSUGXEOwfyEsLvLU.roa (raw, json)
Hash identifier:          G7Nmutf8qMYvgnc0e0ZLg5viNMBIqpfyleV7x7QERrQ=
Subject key identifier:   90:91:89:2D:D0:75:4F:0E:0F:49:41:97:10:EC:1F:C8:4B:0B:BC:B5
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01971127E0C38367A6F0F571C3BC3BFB7BEC
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kJGJLdB1Tw4PSUGXEOwfyEsLvLU.roa
Signing time:             Tue 27 May 2025 09:51:55 +0000
ROA not before:           Tue 27 May 2025 09:51:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206590
IP address blocks:        2a06:5fc4::/32 maxlen: 32
                          2a13:bb44::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:27:e0:c3:83:67:a6:f0:f5:71:c3:bc:3b:fb:7b:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 27 09:51:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9091892dd0754f0e0f49419710ec1fc84b0bbcb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cd:96:36:4b:0a:96:76:3e:33:72:c9:d6:ac:
                    19:3b:d7:eb:48:3d:7e:50:1b:6b:78:a2:2e:3d:fa:
                    66:59:ea:16:74:8d:d1:3e:fe:cc:fc:3f:3f:39:48:
                    e4:92:d2:5d:09:11:5e:0f:30:56:fd:5c:89:fa:4c:
                    3e:b2:e6:38:d4:54:26:cc:43:43:5f:ad:dc:9a:8c:
                    24:58:81:29:5b:5d:95:15:b7:c4:8c:26:12:bd:76:
                    5b:a5:c5:05:a6:77:4f:66:42:f6:08:de:3d:0b:1d:
                    dd:fb:0f:66:30:d0:c9:94:d3:79:33:88:2f:dd:f3:
                    75:8e:8c:05:68:3a:ca:a0:0f:85:4f:16:32:39:b4:
                    e0:7b:87:22:fc:c8:ed:46:79:d1:e1:1b:d9:9b:bd:
                    a9:b2:44:24:11:d4:bf:4c:1d:65:7c:69:97:04:c3:
                    57:49:38:0f:0b:7a:66:95:06:d9:76:8c:88:c5:6f:
                    de:f0:c2:86:b8:0e:58:c1:b0:2f:83:c4:6c:b2:ad:
                    ba:82:c1:4a:f7:0f:bb:82:14:6f:df:6e:4f:fa:e3:
                    b6:62:c5:70:e0:af:9f:a2:04:0d:db:31:5f:92:d9:
                    f0:5a:3b:12:a5:5f:58:fa:35:98:94:7c:47:eb:50:
                    c4:3d:93:c6:53:93:fe:bf:e5:76:72:f9:7a:95:0d:
                    69:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:91:89:2D:D0:75:4F:0E:0F:49:41:97:10:EC:1F:C8:4B:0B:BC:B5
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kJGJLdB1Tw4PSUGXEOwfyEsLvLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:5fc4::/32
                  2a13:bb44::/32

    Signature Algorithm: sha256WithRSAEncryption
         dd:d4:44:8e:31:75:f6:25:a1:46:84:e9:f5:65:02:96:48:b3:
         d2:98:dd:95:10:57:d1:19:28:73:45:d2:20:aa:8d:a3:99:3f:
         ff:3b:3a:95:c2:96:04:df:7b:a5:dc:30:6f:c4:78:8c:2e:38:
         fe:87:ba:2a:01:e8:b4:73:3c:14:6b:80:b6:64:ce:87:40:72:
         12:61:c0:3f:44:c5:87:36:d3:c1:52:58:78:93:9a:86:4f:9f:
         fc:1c:eb:a2:cd:51:19:80:d9:a0:05:ac:c5:e4:f2:33:94:2c:
         be:f6:1c:7d:26:44:4e:57:94:45:88:ec:41:e4:24:e3:a1:7b:
         97:04:90:7b:28:87:77:63:bf:85:93:5a:4b:b0:30:26:37:5a:
         57:78:6c:60:24:29:6d:c0:52:4e:03:70:27:40:e9:c1:e5:da:
         71:9c:cf:f0:ff:ba:42:58:76:0b:12:ce:cf:16:02:03:99:a1:
         b6:35:7f:25:2d:9b:4e:2b:2e:bd:2e:8a:15:09:c4:b4:6e:4c:
         70:4e:f8:c0:4d:a1:a0:31:e3:78:6c:72:27:b4:e9:76:ac:ad:
         db:e9:68:13:9a:f9:a7:81:0b:08:2e:37:db:a6:61:2c:72:90:
         2c:72:0e:5a:63:d7:53:aa:36:81:c8:4d:ee:54:e9:82:50:96:
         67:5a:f5:a6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcRJ+DDg2em8PVxw7w7+3vsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI3MDk1MTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDkxODkyZGQwNzU0ZjBlMGY0OTQxOTcxMGVjMWZjODRiMGJiY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM2WNksKlnY+M3LJ1qwZO9frSD1+
UBtreKIuPfpmWeoWdI3RPv7M/D8/OUjkktJdCRFeDzBW/VyJ+kw+suY41FQmzEND
X63cmowkWIEpW12VFbfEjCYSvXZbpcUFpndPZkL2CN49Cx3d+w9mMNDJlNN5M4gv
3fN1jowFaDrKoA+FTxYyObTge4ci/MjtRnnR4RvZm72pskQkEdS/TB1lfGmXBMNX
STgPC3pmlQbZdoyIxW/e8MKGuA5YwbAvg8Rssq26gsFK9w+7ghRv325P+uO2YsVw
4K+fogQN2zFfktnwWjsSpV9Y+jWYlHxH61DEPZPGU5P+v+V2cvl6lQ1pIwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJCRiS3QdU8OD0lBlxDsH8hLC7y1MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEva0pHSkxkQjFUdzRQU1VHWEVPd2Z5RXNMdkxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgZfxAMF
ACoTu0QwDQYJKoZIhvcNAQELBQADggEBAN3URI4xdfYloUaE6fVlApZIs9KY3ZUQ
V9EZKHNF0iCqjaOZP/87OpXClgTfe6XcMG/EeIwuOP6HuioB6LRzPBRrgLZkzodA
chJhwD9ExYc208FSWHiTmoZPn/wc66LNURmA2aAFrMXk8jOULL72HH0mRE5XlEWI
7EHkJOOhe5cEkHsoh3djv4WTWkuwMCY3Wld4bGAkKW3AUk4DcCdA6cHl2nGcz/D/
ukJYdgsSzs8WAgOZobY1fyUtm04rLr0uihUJxLRuTHBO+MBNoaAx43hscie06Xas
rdvpaBOa+aeBCwguN9umYSxykCxyDlpj11OqNoHITe5U6YJQlmda9aY=
-----END CERTIFICATE-----