Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/dNdlikygHYW9_VCSMxVInvo5wAE.roa
File:                     dNdlikygHYW9_VCSMxVInvo5wAE.roa (raw, json)
Hash identifier:          oANbFDFE9Ng6o6gqO/EcOwZNCNKxlzdWPW9zD7faSZw=
Subject key identifier:   74:D7:65:8A:4C:A0:1D:85:BD:FD:50:92:33:15:48:9E:FA:39:C0:01
Certificate issuer:       /CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Certificate serial:       0197A8454125EEEE43CEE53434CE1840602A
Authority key identifier: BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/dNdlikygHYW9_VCSMxVInvo5wAE.roa
Signing time:             Wed 25 Jun 2025 18:06:40 +0000
ROA not before:           Wed 25 Jun 2025 18:06:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211852
IP address blocks:        2a12:2fc7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 08:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a8:45:41:25:ee:ee:43:ce:e5:34:34:ce:18:40:60:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
        Validity
            Not Before: Jun 25 18:06:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74d7658a4ca01d85bdfd50923315489efa39c001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7a:33:6c:42:8e:ec:55:61:b4:eb:16:4c:1a:
                    26:e1:11:62:eb:36:f2:69:38:27:d7:25:c7:91:40:
                    bf:84:5f:73:49:43:ab:eb:d0:8a:ce:cf:79:ef:82:
                    75:68:cf:e2:8d:2d:e0:3c:96:7d:ef:5f:94:2f:b9:
                    77:23:db:c2:f6:b2:ad:17:71:e5:46:49:97:b5:b4:
                    55:63:59:b2:55:d1:5a:e9:83:6e:38:84:bc:00:66:
                    55:4d:4f:71:60:69:c5:71:17:63:01:24:1d:a2:6a:
                    a2:8e:8a:a7:85:06:a9:7e:cc:4a:15:e4:87:cf:26:
                    98:9b:8a:b7:87:07:da:67:6f:7b:cb:20:4d:e2:e5:
                    81:a7:39:70:87:00:37:8d:1e:1c:a1:58:be:21:eb:
                    67:2d:07:35:dc:2e:75:38:a2:c8:bf:04:58:50:65:
                    24:4e:b2:22:3e:d5:c8:b5:bc:15:82:a6:e4:e9:d6:
                    41:3f:ec:20:8c:e0:88:7f:96:78:f3:63:a3:d6:7f:
                    a2:1d:10:77:2b:09:a0:b0:fc:ca:cf:5a:aa:ac:b2:
                    71:9e:c6:d5:a5:4a:2e:76:8e:b9:e7:e3:e3:6c:97:
                    4d:62:bb:30:b4:ac:c0:f0:b0:c8:ab:b2:ec:13:b5:
                    cd:25:ac:86:e0:77:68:0b:45:4b:1b:f3:9e:91:f5:
                    ba:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D7:65:8A:4C:A0:1D:85:BD:FD:50:92:33:15:48:9E:FA:39:C0:01
            X509v3 Authority Key Identifier:
                keyid:BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/dNdlikygHYW9_VCSMxVInvo5wAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:2fc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:29:a8:d6:37:df:b7:b8:86:5f:c9:c7:d1:70:45:fc:93:e6:
         67:33:07:5a:03:8a:78:50:b3:73:1d:e1:85:d6:71:b1:a8:1a:
         8a:49:8e:c1:8a:da:11:80:f0:c0:64:81:da:bc:c5:57:a7:e4:
         04:29:7e:2a:3a:b8:f3:46:3d:64:bc:27:df:09:c4:b4:65:19:
         ca:12:53:cb:02:ea:ff:f2:b2:86:ce:a0:6e:13:fb:c9:d6:e2:
         05:d3:46:5a:00:04:be:5d:e3:3d:c1:7d:e0:58:f3:87:29:a9:
         7b:bb:e7:c5:b7:ae:38:4a:77:e5:60:4f:6b:bd:09:41:c9:73:
         df:20:6e:77:c7:34:cf:c8:de:98:84:25:2a:9a:f3:4d:e5:9e:
         3d:d7:3f:15:46:d0:ab:e2:7f:0d:de:86:86:d6:4b:47:da:ca:
         8f:70:3f:7c:9c:fa:48:25:89:e8:9d:0f:39:82:98:32:79:f2:
         aa:5a:08:ff:e5:71:54:cf:b1:b0:ad:53:53:ff:9a:02:c6:80:
         20:a4:33:ab:1f:cf:e5:ce:50:3a:08:b1:2b:30:44:fc:13:3b:
         41:9c:1a:67:1e:12:59:38:b8:c6:b5:c3:93:5b:a4:9b:1f:d2:
         3e:66:37:d2:55:76:c0:da:67:29:27:56:eb:7d:f0:85:bc:c0:
         30:9a:e5:61
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZeoRUEl7u5DzuU0NM4YQGAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTBmMjU4ZWVmNGIyYmY0YmJhYTg0MzBjMWU1OGNhOGMx
ODhlYTcwHhcNMjUwNjI1MTgwNjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGQ3NjU4YTRjYTAxZDg1YmRmZDUwOTIzMzE1NDg5ZWZhMzljMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnozbEKO7FVhtOsWTBom4RFi6zby
aTgn1yXHkUC/hF9zSUOr69CKzs9574J1aM/ijS3gPJZ971+UL7l3I9vC9rKtF3Hl
RkmXtbRVY1myVdFa6YNuOIS8AGZVTU9xYGnFcRdjASQdomqijoqnhQapfsxKFeSH
zyaYm4q3hwfaZ297yyBN4uWBpzlwhwA3jR4coVi+IetnLQc13C51OKLIvwRYUGUk
TrIiPtXItbwVgqbk6dZBP+wgjOCIf5Z482Oj1n+iHRB3KwmgsPzKz1qqrLJxnsbV
pUoudo655+PjbJdNYrswtKzA8LDIq7LsE7XNJayG4HdoC0VLG/OekfW6WwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHTXZYpMoB2Fvf1QkjMVSJ76OcABMB8GA1UdIwQY
MBaAFLqg8lju9LK/S7qoQwweWMqMGI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEt
ZTU3NjhkNmIxODJjLzEvZE5kbGlreWdIWVc5X1ZDU014Vkludm81d0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEtZTU3NjhkNmIxODJj
LzEvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhIvxzAN
BgkqhkiG9w0BAQsFAAOCAQEAlSmo1jfft7iGX8nH0XBF/JPmZzMHWgOKeFCzcx3h
hdZxsagaikmOwYraEYDwwGSB2rzFV6fkBCl+Kjq480Y9ZLwn3wnEtGUZyhJTywLq
//Kyhs6gbhP7ydbiBdNGWgAEvl3jPcF94Fjzhympe7vnxbeuOEp35WBPa70JQclz
3yBud8c0z8jemIQlKprzTeWePdc/FUbQq+J/Dd6GhtZLR9rKj3A/fJz6SCWJ6J0P
OYKYMnnyqloI/+VxVM+xsK1TU/+aAsaAIKQzqx/P5c5QOgixKzBE/BM7QZwaZx4S
WTi4xrXDk1ukmx/SPmY30lV2wNpnKSdW633whbzAMJrlYQ==
-----END CERTIFICATE-----