Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/CFhlrDajXf3prASuHUigrlnSiAU.roa
File:                     CFhlrDajXf3prASuHUigrlnSiAU.roa (raw, json)
Hash identifier:          S45pXkeadV6pfqDwvbXAapLz/gU90+zWr5XqA0RMwBY=
Subject key identifier:   08:58:65:AC:36:A3:5D:FD:E9:AC:04:AE:1D:48:A0:AE:59:D2:88:05
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       01990F1E17B61BABF317F65E2D27B6BC8E97
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/CFhlrDajXf3prASuHUigrlnSiAU.roa
Signing time:             Wed 03 Sep 2025 10:27:34 +0000
ROA not before:           Wed 03 Sep 2025 10:27:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8285
IP address blocks:        2a06:e8c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 10:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:1e:17:b6:1b:ab:f3:17:f6:5e:2d:27:b6:bc:8e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Sep  3 10:27:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=085865ac36a35dfde9ac04ae1d48a0ae59d28805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:3f:f2:1c:17:4b:f8:a5:94:cc:10:a1:b3:f1:
                    e1:96:72:3e:3a:a6:d3:dc:5f:c8:8a:5e:21:79:ee:
                    5e:ed:d2:6e:f9:bb:2e:18:f9:3d:1b:78:2f:a1:c5:
                    c7:df:bb:5c:e2:7a:73:74:c1:93:12:c9:67:aa:69:
                    fa:00:fb:8a:cd:94:17:60:56:a0:08:c4:e6:80:ff:
                    d3:2e:ff:4f:17:a7:ac:74:36:d3:36:67:a5:99:7e:
                    07:b0:d2:c6:17:9a:96:3f:dc:de:3e:4c:e5:c6:3b:
                    72:ff:b0:9f:24:94:35:77:60:c1:18:32:a2:83:9d:
                    a0:4e:50:fd:d2:bc:7f:21:31:ff:81:6a:51:23:4a:
                    c9:a7:b7:d5:d9:d8:2e:db:65:93:9b:09:3d:4f:da:
                    20:01:23:1a:20:16:3b:72:ac:97:20:b5:cf:4b:05:
                    d3:b2:90:e5:29:97:be:2f:00:68:c1:03:a5:8b:68:
                    16:a2:6d:80:93:50:84:21:a2:a3:3e:e4:ed:94:7e:
                    6b:a3:3f:62:3d:9a:f8:a0:ff:c3:a8:20:66:ee:ec:
                    83:fb:4a:4a:35:82:a7:db:20:c6:58:58:a0:75:7e:
                    18:b9:c1:c2:3a:f4:c9:38:95:60:ca:35:74:02:31:
                    93:08:bc:5a:e6:f0:96:57:33:2a:7e:ef:ae:9a:72:
                    ec:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:58:65:AC:36:A3:5D:FD:E9:AC:04:AE:1D:48:A0:AE:59:D2:88:05
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/CFhlrDajXf3prASuHUigrlnSiAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:11:55:5a:13:6f:c5:d8:23:c2:fc:c2:a5:98:9c:00:25:e9:
         7b:55:84:33:4e:b8:c9:28:8e:12:fc:e1:48:02:fa:54:98:1f:
         ee:00:1c:cc:34:e0:9f:6e:ae:da:82:a9:71:b6:3a:d6:3d:4f:
         ec:60:26:cd:32:eb:3a:01:89:6b:bd:c2:cc:2a:65:9a:50:98:
         38:52:38:f5:f8:78:d1:1e:c7:40:eb:c0:55:99:3c:b5:07:17:
         02:91:9e:e6:8a:fa:f3:ff:82:1d:a9:15:a0:14:83:63:e1:57:
         ea:3d:9f:e6:91:c2:39:ce:87:be:ca:4c:ac:cd:21:41:f0:36:
         d1:43:b5:37:08:af:55:d2:09:a2:6d:11:e5:3a:01:9d:49:89:
         ae:09:12:05:d2:40:25:86:9b:03:41:bc:57:ea:34:3a:86:a3:
         89:35:e8:d9:38:49:b9:70:ce:a0:ea:7f:85:f6:6e:b2:0c:b6:
         4f:08:56:ac:2f:ac:06:3c:bc:2e:c7:18:ac:0e:5a:4b:dd:0a:
         dd:dd:ef:e2:a9:c8:2c:15:4d:d5:82:17:73:e2:a5:fd:db:af:
         ba:ca:7e:46:7d:6d:0b:79:34:3c:b0:d1:07:9b:e7:50:b2:a7:
         59:8a:45:8f:86:0e:55:92:d0:a2:0a:1c:80:f7:fd:67:5e:ec:
         14:5a:fe:c4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkPHhe2G6vzF/ZeLSe2vI6XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUwOTAzMTAyNzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODU4NjVhYzM2YTM1ZGZkZTlhYzA0YWUxZDQ4YTBhZTU5ZDI4ODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjz/yHBdL+KWUzBChs/HhlnI+OqbT
3F/Iil4hee5e7dJu+bsuGPk9G3gvocXH37tc4npzdMGTEslnqmn6APuKzZQXYFag
CMTmgP/TLv9PF6esdDbTNmelmX4HsNLGF5qWP9zePkzlxjty/7CfJJQ1d2DBGDKi
g52gTlD90rx/ITH/gWpRI0rJp7fV2dgu22WTmwk9T9ogASMaIBY7cqyXILXPSwXT
spDlKZe+LwBowQOli2gWom2Ak1CEIaKjPuTtlH5roz9iPZr4oP/DqCBm7uyD+0pK
NYKn2yDGWFigdX4YucHCOvTJOJVgyjV0AjGTCLxa5vCWVzMqfu+umnLsfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAhYZaw2o1396awErh1IoK5Z0ogFMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvQ0ZobHJEYWpYZjNwckFTdUhVaWdybG5TaUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgbowDAN
BgkqhkiG9w0BAQsFAAOCAQEAihFVWhNvxdgjwvzCpZicACXpe1WEM064ySiOEvzh
SAL6VJgf7gAczDTgn26u2oKpcbY61j1P7GAmzTLrOgGJa73CzCplmlCYOFI49fh4
0R7HQOvAVZk8tQcXApGe5or68/+CHakVoBSDY+FX6j2f5pHCOc6HvspMrM0hQfA2
0UO1NwivVdIJom0R5ToBnUmJrgkSBdJAJYabA0G8V+o0OoajiTXo2ThJuXDOoOp/
hfZusgy2TwhWrC+sBjy8LscYrA5aS90K3d3v4qnILBVN1YIXc+Kl/duvusp+Rn1t
C3k0PLDRB5vnULKnWYpFj4YOVZLQogocgPf9Z17sFFr+xA==
-----END CERTIFICATE-----