Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/P_YrqrFp8qFACBOuK-Z6Qw7eZq0.roa
File:                     P_YrqrFp8qFACBOuK-Z6Qw7eZq0.roa (raw, json)
Hash identifier:          Hcdm4ocRxMkNA/bbdADoMEzvZvEEy+9TR0wc9RV/RHs=
Subject key identifier:   3F:F6:2B:AA:B1:69:F2:A1:40:08:13:AE:2B:E6:7A:43:0E:DE:66:AD
Certificate issuer:       /CN=e80ec31635f4d91bb11312ba0a3465c18f233f68
Certificate serial:       01990F7E38D47F7F136E049E90D04221C4E4
Authority key identifier: E8:0E:C3:16:35:F4:D9:1B:B1:13:12:BA:0A:34:65:C1:8F:23:3F:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6A7DFjX02RuxExK6CjRlwY8jP2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/P_YrqrFp8qFACBOuK-Z6Qw7eZq0.roa
Signing time:             Wed 03 Sep 2025 12:12:34 +0000
ROA not before:           Wed 03 Sep 2025 12:12:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214078
IP address blocks:        2a10:ed40:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/6A7DFjX02RuxExK6CjRlwY8jP2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/6A7DFjX02RuxExK6CjRlwY8jP2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6A7DFjX02RuxExK6CjRlwY8jP2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 15:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:7e:38:d4:7f:7f:13:6e:04:9e:90:d0:42:21:c4:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e80ec31635f4d91bb11312ba0a3465c18f233f68
        Validity
            Not Before: Sep  3 12:12:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ff62baab169f2a1400813ae2be67a430ede66ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b8:74:a8:08:8e:ad:89:47:19:b6:df:87:f5:
                    13:5a:c6:a2:85:a2:d2:94:a7:27:4f:f7:d4:21:6c:
                    c8:61:dc:01:52:8f:22:11:54:8d:5c:ec:48:71:7d:
                    00:4b:b4:3b:cc:73:29:94:7f:3b:72:00:e2:0d:fa:
                    5f:13:df:54:5b:e8:75:66:cb:dd:da:73:8e:92:fe:
                    23:7c:5b:19:67:90:2d:2b:09:cd:98:97:5d:1e:df:
                    36:08:34:db:77:5a:b2:e0:99:2b:84:56:ed:6d:55:
                    46:bf:ee:94:4f:6a:c9:f5:ef:5f:52:f3:14:27:21:
                    a9:30:c7:25:24:28:34:c6:9b:e1:61:60:e4:95:07:
                    ef:2b:f0:93:59:67:d5:c7:78:be:7a:f7:c9:8c:42:
                    45:f7:e3:ca:54:fd:72:a5:6d:4a:27:fe:51:68:10:
                    ae:e1:e8:77:90:a9:38:57:dc:94:cb:04:be:67:19:
                    96:15:7a:da:86:50:16:5e:ff:a2:1c:cd:d2:a1:45:
                    64:ff:44:3a:aa:96:63:6b:9d:0c:b6:5a:50:3a:ad:
                    5c:f0:1e:cf:cf:47:09:ad:d5:14:f5:92:06:87:dd:
                    d8:d9:86:fa:a6:85:79:d6:67:ba:30:b4:33:98:61:
                    f0:7a:6c:b0:4a:7e:e2:a4:8f:bd:d9:b7:17:6c:8b:
                    5e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F6:2B:AA:B1:69:F2:A1:40:08:13:AE:2B:E6:7A:43:0E:DE:66:AD
            X509v3 Authority Key Identifier:
                keyid:E8:0E:C3:16:35:F4:D9:1B:B1:13:12:BA:0A:34:65:C1:8F:23:3F:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6A7DFjX02RuxExK6CjRlwY8jP2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/P_YrqrFp8qFACBOuK-Z6Qw7eZq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/13072f-178d-4f0c-9ffb-4dbe10c3a71f/1/6A7DFjX02RuxExK6CjRlwY8jP2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ed40:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:91:d2:da:0a:1c:18:c2:27:b3:fa:a4:5f:76:69:a4:ef:2f:
         fe:5f:0a:f1:de:84:97:c6:8d:72:d6:1e:8e:45:7a:6a:f1:25:
         20:52:7a:49:39:be:59:b8:f2:1d:d7:8e:76:1e:21:00:ff:80:
         58:cc:c3:58:15:73:8a:ec:9d:00:32:76:9d:8c:30:ba:d0:57:
         02:00:c3:27:4c:df:f2:12:22:8a:be:2e:57:02:ca:09:95:35:
         b7:8a:fc:2d:3d:dc:92:09:cc:fd:62:8d:a4:1a:cf:22:2a:4a:
         51:7b:1e:fb:26:82:5a:31:38:75:61:95:73:82:0a:9a:ef:10:
         ae:f6:0f:ee:b0:df:7b:1c:95:ab:38:45:22:10:41:15:52:d3:
         5a:53:72:a4:fa:5a:1b:c0:79:f5:8d:70:40:cb:23:70:0d:dc:
         96:53:d2:9a:49:de:75:7d:da:ad:1e:5e:0e:35:e6:84:3b:a7:
         bf:3c:a5:75:04:ae:38:42:14:52:ec:12:ed:21:3f:bb:80:e7:
         9e:db:fc:85:a1:f9:e4:0e:62:ca:31:28:42:33:48:43:59:62:
         00:57:75:a4:08:f1:b4:20:c6:88:d4:44:21:1d:fb:4e:5e:b9:
         9b:a9:59:c7:69:81:82:06:e9:fd:28:b5:ad:52:59:06:ec:32:
         eb:1e:77:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkPfjjUf38TbgSekNBCIcTkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MGVjMzE2MzVmNGQ5MWJiMTEzMTJiYTBhMzQ2NWMxOGYy
MzNmNjgwHhcNMjUwOTAzMTIxMjM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY2MmJhYWIxNjlmMmExNDAwODEzYWUyYmU2N2E0MzBlZGU2NmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurh0qAiOrYlHGbbfh/UTWsaihaLS
lKcnT/fUIWzIYdwBUo8iEVSNXOxIcX0AS7Q7zHMplH87cgDiDfpfE99UW+h1Zsvd
2nOOkv4jfFsZZ5AtKwnNmJddHt82CDTbd1qy4JkrhFbtbVVGv+6UT2rJ9e9fUvMU
JyGpMMclJCg0xpvhYWDklQfvK/CTWWfVx3i+evfJjEJF9+PKVP1ypW1KJ/5RaBCu
4eh3kKk4V9yUywS+ZxmWFXrahlAWXv+iHM3SoUVk/0Q6qpZja50MtlpQOq1c8B7P
z0cJrdUU9ZIGh93Y2Yb6poV51me6MLQzmGHwemywSn7ipI+92bcXbIte6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD/2K6qxafKhQAgTrivmekMO3matMB8GA1UdIwQY
MBaAFOgOwxY19NkbsRMSugo0ZcGPIz9oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkE3REZqWDAyUnV4RXhLNkNqUmx3WThqUDJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8xMzA3MmYtMTc4ZC00ZjBjLTlmZmIt
NGRiZTEwYzNhNzFmLzEvUF9ZcnFyRnA4cUZBQ0JPdUstWjZRdzdlWnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8xMzA3MmYtMTc4ZC00ZjBjLTlmZmItNGRiZTEwYzNhNzFm
LzEvNkE3REZqWDAyUnV4RXhLNkNqUmx3WThqUDJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDtQAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQCTkdLaChwYwiez+qRfdmmk7y/+Xwrx3oSXxo1y
1h6ORXpq8SUgUnpJOb5ZuPId1452HiEA/4BYzMNYFXOK7J0AMnadjDC60FcCAMMn
TN/yEiKKvi5XAsoJlTW3ivwtPdySCcz9Yo2kGs8iKkpRex77JoJaMTh1YZVzggqa
7xCu9g/usN97HJWrOEUiEEEVUtNaU3Kk+lobwHn1jXBAyyNwDdyWU9KaSd51fdqt
Hl4ONeaEO6e/PKV1BK44QhRS7BLtIT+7gOee2/yFofnkDmLKMShCM0hDWWIAV3Wk
CPG0IMaI1EQhHftOXrmbqVnHaYGCBun9KLWtUlkG7DLrHnfW
-----END CERTIFICATE-----