Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/a1inG8KfvIXN5vExc0NSdROHb6M.roa
File:                     a1inG8KfvIXN5vExc0NSdROHb6M.roa (raw, json)
Hash identifier:          AIPq2LbVW47spagW1XJ+tnzHBS7q8+GYATJClpwcsjQ=
Subject key identifier:   6B:58:A7:1B:C2:9F:BC:85:CD:E6:F1:31:73:43:52:75:13:87:6F:A3
Certificate issuer:       /CN=bfe9f12c96ba20683aff5c958bfad8e4c577f7fe
Certificate serial:       01992426263DB2E5A5CB0B57E8AA07CA9C2A
Authority key identifier: BF:E9:F1:2C:96:BA:20:68:3A:FF:5C:95:8B:FA:D8:E4:C5:77:F7:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-nxLJa6IGg6_1yVi_rY5MV39_4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/a1inG8KfvIXN5vExc0NSdROHb6M.roa
Signing time:             Sun 07 Sep 2025 12:28:23 +0000
ROA not before:           Sun 07 Sep 2025 12:28:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14789
IP address blocks:        2a09:bac0:439::/48 maxlen: 48
                          2a09:bac0:477::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/v-nxLJa6IGg6_1yVi_rY5MV39_4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/v-nxLJa6IGg6_1yVi_rY5MV39_4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v-nxLJa6IGg6_1yVi_rY5MV39_4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 14:10:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:24:26:26:3d:b2:e5:a5:cb:0b:57:e8:aa:07:ca:9c:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfe9f12c96ba20683aff5c958bfad8e4c577f7fe
        Validity
            Not Before: Sep  7 12:28:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b58a71bc29fbc85cde6f1317343527513876fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:09:fe:d3:d5:9b:14:5a:ab:cf:83:eb:89:85:
                    57:2a:d8:60:c2:aa:53:26:93:a4:ff:03:6c:cd:c4:
                    56:21:93:0d:61:30:2a:8d:5b:d6:a4:26:8f:03:3e:
                    ae:88:82:e6:bc:bd:75:9c:e3:e0:b4:94:42:71:72:
                    64:8b:77:b8:b4:06:4e:1c:df:78:90:61:b7:75:e6:
                    3c:a0:5a:fe:12:48:c5:6c:21:48:d2:d3:7e:30:5a:
                    46:d9:03:d0:24:e8:d2:de:2a:bd:74:80:ca:6a:2a:
                    ae:2f:72:40:c4:97:f6:4c:b7:90:14:2e:e6:d4:1b:
                    f5:21:61:20:b4:e3:fb:b6:77:8b:8e:a5:fc:fc:88:
                    86:da:4f:26:16:cb:3f:5d:1a:8a:53:da:44:a9:d4:
                    83:f4:58:2f:78:18:89:08:c5:cc:a3:d6:6f:ac:fd:
                    0c:1e:15:9e:27:80:f6:c5:46:87:cb:b6:a1:fe:3c:
                    49:c5:a7:79:53:f4:c1:0d:06:79:d1:f5:56:4b:a0:
                    cd:62:7e:5f:17:39:d5:78:27:ba:2c:d8:0a:ac:4a:
                    ed:b0:8a:04:cf:56:90:fe:c5:4b:c2:b8:ef:6f:fc:
                    d2:6d:26:62:4f:a8:cf:32:c5:47:a7:21:47:2c:8a:
                    d1:a3:8a:5f:75:e3:b3:7e:1c:c8:91:b6:93:db:41:
                    fa:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:58:A7:1B:C2:9F:BC:85:CD:E6:F1:31:73:43:52:75:13:87:6F:A3
            X509v3 Authority Key Identifier:
                keyid:BF:E9:F1:2C:96:BA:20:68:3A:FF:5C:95:8B:FA:D8:E4:C5:77:F7:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-nxLJa6IGg6_1yVi_rY5MV39_4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/a1inG8KfvIXN5vExc0NSdROHb6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/v-nxLJa6IGg6_1yVi_rY5MV39_4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:bac0:439::/48
                  2a09:bac0:477::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:99:69:6a:0f:67:d4:35:21:6c:d4:33:24:d1:05:69:f8:d7:
         09:b4:9c:e9:97:7c:52:07:a3:11:59:ef:f8:28:ce:a7:db:ee:
         79:f8:57:6c:33:f3:c5:f9:4b:e4:4b:c6:2f:90:f5:b7:ac:db:
         36:79:5d:38:92:ca:d2:ae:ac:84:9a:5d:a2:aa:a0:f7:32:9c:
         52:41:d8:cd:50:da:f5:7f:33:fb:46:38:5d:1a:9e:7f:db:34:
         19:cc:f7:cd:f6:89:a7:97:c5:3c:d6:f4:5a:cc:1a:e2:6c:d2:
         2a:f9:5f:61:1c:cb:cf:7f:98:a5:14:c4:11:d3:6f:49:e4:62:
         41:56:9c:fa:95:02:77:d3:f2:98:35:43:fe:e4:c4:e5:b9:2b:
         e8:42:67:b3:5b:7f:e9:b0:a4:69:92:aa:1a:5e:7c:91:db:02:
         08:30:06:b3:0f:32:d2:11:de:a1:89:83:96:85:cd:63:6d:df:
         f0:2b:a3:9c:41:3a:4b:32:25:13:3a:9f:f5:cc:71:62:ff:bf:
         22:9b:43:4a:fb:0f:21:42:b9:e7:e6:da:78:ce:8b:2f:fb:ad:
         83:58:e1:d8:fa:51:df:8b:1e:d5:55:c9:0d:93:ff:3f:0a:b6:
         bb:95:04:19:00:d7:63:c5:ca:c4:e2:31:bb:27:07:d5:eb:34:
         23:e2:a3:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkkJiY9suWlywtX6KoHypwqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZTlmMTJjOTZiYTIwNjgzYWZmNWM5NThiZmFkOGU0YzU3
N2Y3ZmUwHhcNMjUwOTA3MTIyODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjU4YTcxYmMyOWZiYzg1Y2RlNmYxMzE3MzQzNTI3NTEzODc2ZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAn+09WbFFqrz4PriYVXKthgwqpT
JpOk/wNszcRWIZMNYTAqjVvWpCaPAz6uiILmvL11nOPgtJRCcXJki3e4tAZOHN94
kGG3deY8oFr+EkjFbCFI0tN+MFpG2QPQJOjS3iq9dIDKaiquL3JAxJf2TLeQFC7m
1Bv1IWEgtOP7tneLjqX8/IiG2k8mFss/XRqKU9pEqdSD9FgveBiJCMXMo9ZvrP0M
HhWeJ4D2xUaHy7ah/jxJxad5U/TBDQZ50fVWS6DNYn5fFznVeCe6LNgKrErtsIoE
z1aQ/sVLwrjvb/zSbSZiT6jPMsVHpyFHLIrRo4pfdeOzfhzIkbaT20H6yQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGtYpxvCn7yFzebxMXNDUnUTh2+jMB8GA1UdIwQY
MBaAFL/p8SyWuiBoOv9clYv62OTFd/f+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1ueExKYTZJR2c2XzF5Vmlfclk1TVYzOV80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80Y2U1NTgtNjNkNi00NjlhLWJiNWQt
Zjc4MjBjNWU5NjZhLzEvYTFpbkc4S2Z2SVhONXZFeGMwTlNkUk9IYjZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80Y2U1NTgtNjNkNi00NjlhLWJiNWQtZjc4MjBjNWU5NjZh
LzEvdi1ueExKYTZJR2c2XzF5Vmlfclk1TVYzOV80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgm6wAQ5
AwcAKgm6wAR3MA0GCSqGSIb3DQEBCwUAA4IBAQAumWlqD2fUNSFs1DMk0QVp+NcJ
tJzpl3xSB6MRWe/4KM6n2+55+FdsM/PF+UvkS8YvkPW3rNs2eV04ksrSrqyEml2i
qqD3MpxSQdjNUNr1fzP7RjhdGp5/2zQZzPfN9omnl8U81vRazBribNIq+V9hHMvP
f5ilFMQR029J5GJBVpz6lQJ30/KYNUP+5MTluSvoQmezW3/psKRpkqoaXnyR2wII
MAazDzLSEd6hiYOWhc1jbd/wK6OcQTpLMiUTOp/1zHFi/78im0NK+w8hQrnn5tp4
zosv+62DWOHY+lHfix7VVckNk/8/Cra7lQQZANdjxcrE4jG7JwfV6zQj4qOH
-----END CERTIFICATE-----