Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/mEA5vNJ9taeaQwbOvWcWlKPGTac.roa
File:                     mEA5vNJ9taeaQwbOvWcWlKPGTac.roa (raw, json)
Hash identifier:          1/yidwt7RTbJqN4oAz9TnAimdriD9R7rW4SaIaw560w=
Subject key identifier:   98:40:39:BC:D2:7D:B5:A7:9A:43:06:CE:BD:67:16:94:A3:C6:4D:A7
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       01991BAF197EA6FDF29F9A50DCB6126B89D3
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/mEA5vNJ9taeaQwbOvWcWlKPGTac.roa
Signing time:             Fri 05 Sep 2025 21:01:23 +0000
ROA not before:           Fri 05 Sep 2025 21:01:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205866
IP address blocks:        2a12:1a46::/32 maxlen: 32
                          2a12:2e43::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 06:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1b:af:19:7e:a6:fd:f2:9f:9a:50:dc:b6:12:6b:89:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Sep  5 21:01:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=984039bcd27db5a79a4306cebd671694a3c64da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ab:ed:7d:21:e5:30:3a:b6:11:4f:2f:b8:08:
                    41:48:e0:aa:fd:31:4d:c9:ab:82:e1:74:16:e8:e3:
                    4e:a9:71:81:3f:50:2b:3d:e4:6b:c8:9d:77:3a:c3:
                    52:3e:33:f3:9a:ee:a2:b9:a2:b6:c9:c7:71:85:91:
                    c6:f4:26:e1:c4:78:4c:1e:76:c9:2b:6e:27:90:a7:
                    11:0d:09:1c:da:58:15:09:e9:4c:e0:24:ce:af:c4:
                    63:a0:ab:e0:5f:0b:57:ac:dc:86:84:8c:1f:b9:0a:
                    63:bf:d9:bb:2e:c7:cb:64:d7:8c:90:c8:01:1b:34:
                    9e:fc:86:e7:c2:a7:20:24:73:6b:86:15:b7:ce:2a:
                    10:6e:77:0a:0a:7d:00:5a:c5:96:19:63:f9:cb:5d:
                    58:aa:0e:9c:79:d7:df:b3:30:06:f7:75:26:8e:a1:
                    93:43:b8:79:46:cc:ce:a3:70:04:55:ae:c0:df:cc:
                    5e:54:0f:6c:dc:7a:04:5e:d5:3c:3d:a6:7c:56:01:
                    90:cf:79:63:bb:37:d2:99:68:30:34:16:e3:3c:b6:
                    6c:57:1a:6d:fc:0d:ea:e4:3c:6f:e4:60:5a:8d:83:
                    d2:ae:65:3f:4c:34:de:9b:27:62:97:de:b2:2d:39:
                    79:11:71:91:97:d5:71:38:95:99:90:49:11:37:99:
                    f1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:40:39:BC:D2:7D:B5:A7:9A:43:06:CE:BD:67:16:94:A3:C6:4D:A7
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/mEA5vNJ9taeaQwbOvWcWlKPGTac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1a46::/32
                  2a12:2e43::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:4c:4a:56:4d:da:34:8b:1d:8c:a1:2b:99:35:36:3a:fd:a1:
         dd:6e:cd:04:08:d8:d1:d3:df:f2:a1:6c:1b:87:7c:be:85:1c:
         4f:b0:fa:ec:d5:30:61:ec:62:f8:88:b5:3e:b0:19:70:d9:56:
         da:b5:79:a2:b3:3d:92:d2:76:00:a9:62:c7:87:f1:0c:79:6c:
         1e:ee:59:f8:45:c0:5f:58:9e:46:4f:85:7f:70:b4:07:2f:47:
         0c:c3:b6:bd:d0:42:40:75:55:e2:d5:bb:ea:15:b9:83:ab:09:
         72:7b:3f:c6:a1:3f:93:42:56:d2:d9:1f:66:42:75:d2:b9:a6:
         e5:02:50:7f:8c:2b:1c:ee:c6:fc:00:78:31:3f:ce:b4:6c:77:
         40:31:01:69:37:c6:f1:57:47:8c:d6:0f:5b:9d:fb:83:70:97:
         a0:e3:32:d9:a7:f2:fb:d8:34:7f:bf:2e:37:d6:3f:38:f3:71:
         fc:ff:5c:c5:f2:94:35:ff:e1:12:28:21:8e:54:13:a2:2c:47:
         c6:3c:c3:43:49:fe:07:62:0d:8c:a2:0e:74:f3:c7:25:41:ae:
         f0:a5:b2:ae:08:62:ec:d6:88:42:95:69:d3:c3:92:84:a3:aa:
         66:0c:ac:cd:db:7a:f2:fb:f3:03:24:cf:b3:a1:b9:62:a6:ee:
         59:1d:75:78
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZkbrxl+pv3yn5pQ3LYSa4nTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwOTA1MjEwMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODQwMzliY2QyN2RiNWE3OWE0MzA2Y2ViZDY3MTY5NGEzYzY0ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6vtfSHlMDq2EU8vuAhBSOCq/TFN
yauC4XQW6ONOqXGBP1ArPeRryJ13OsNSPjPzmu6iuaK2ycdxhZHG9CbhxHhMHnbJ
K24nkKcRDQkc2lgVCelM4CTOr8RjoKvgXwtXrNyGhIwfuQpjv9m7LsfLZNeMkMgB
GzSe/IbnwqcgJHNrhhW3zioQbncKCn0AWsWWGWP5y11Yqg6cedffszAG93UmjqGT
Q7h5RszOo3AEVa7A38xeVA9s3HoEXtU8PaZ8VgGQz3ljuzfSmWgwNBbjPLZsVxpt
/A3q5Dxv5GBajYPSrmU/TDTemydil96yLTl5EXGRl9VxOJWZkEkRN5nx0QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJhAObzSfbWnmkMGzr1nFpSjxk2nMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvbUVBNXZOSjl0YWVhUXdiT3ZXY1dsS1BHVGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhIaRgMF
ACoSLkMwDQYJKoZIhvcNAQELBQADggEBAElMSlZN2jSLHYyhK5k1Njr9od1uzQQI
2NHT3/KhbBuHfL6FHE+w+uzVMGHsYviItT6wGXDZVtq1eaKzPZLSdgCpYseH8Qx5
bB7uWfhFwF9YnkZPhX9wtAcvRwzDtr3QQkB1VeLVu+oVuYOrCXJ7P8ahP5NCVtLZ
H2ZCddK5puUCUH+MKxzuxvwAeDE/zrRsd0AxAWk3xvFXR4zWD1ud+4Nwl6DjMtmn
8vvYNH+/LjfWPzjzcfz/XMXylDX/4RIoIY5UE6IsR8Y8w0NJ/gdiDYyiDnTzxyVB
rvClsq4IYuzWiEKVadPDkoSjqmYMrM3bevL78wMkz7OhuWKm7lkddXg=
-----END CERTIFICATE-----