Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/LPKpfkMJen9TUH4ZfxgOzxqHkNU.roa
File:                     LPKpfkMJen9TUH4ZfxgOzxqHkNU.roa (raw, json)
Hash identifier:          ING4rNZCefT1Q8B8npudHtyqQQUdosJKFpOv34aIHJk=
Subject key identifier:   2C:F2:A9:7E:43:09:7A:7F:53:50:7E:19:7F:18:0E:CF:1A:87:90:D5
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       019977EB751CEFDCA0EDB394F37FE165DDC9
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/LPKpfkMJen9TUH4ZfxgOzxqHkNU.roa
Signing time:             Tue 23 Sep 2025 18:52:23 +0000
ROA not before:           Tue 23 Sep 2025 18:52:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12389
IP address blocks:        2a12:1c40::/29 maxlen: 29
                          2a12:3dc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:77:eb:75:1c:ef:dc:a0:ed:b3:94:f3:7f:e1:65:dd:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Sep 23 18:52:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cf2a97e43097a7f53507e197f180ecf1a8790d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:26:ce:8f:f9:3a:10:b4:98:73:58:01:f8:c0:
                    6a:15:c8:21:b1:cd:77:1e:68:6f:f8:cc:d9:36:69:
                    1b:82:4a:cc:b1:51:d0:ed:e1:cb:da:a8:07:e8:0f:
                    ab:18:13:20:17:99:ef:14:28:d8:ea:bc:9c:97:09:
                    22:e5:ae:75:31:1e:08:bd:c0:bc:f5:f7:86:9c:15:
                    e3:af:a6:d2:4c:7d:64:a4:59:3c:b9:6a:c8:73:5d:
                    29:45:f7:70:d7:78:39:62:8e:35:84:2f:23:dc:50:
                    cc:44:4e:06:76:ae:48:20:38:78:b0:e9:37:50:98:
                    09:7a:a7:e3:7c:6f:17:10:8e:0e:f3:01:59:d7:c4:
                    fc:fa:ab:12:d6:eb:fd:64:8d:77:f8:a7:ba:10:e0:
                    20:92:2a:93:ad:4d:a2:85:20:46:64:15:ab:e2:1d:
                    77:27:c2:ed:f7:6a:ce:6a:f1:24:21:cb:3c:37:cb:
                    c0:71:18:db:d1:c9:b5:8e:5a:fe:1a:51:42:d9:75:
                    33:b0:2d:f2:16:f5:7f:69:c3:b3:0e:07:16:f3:ce:
                    0e:27:5b:70:40:dc:7c:8b:b0:b5:4d:b5:44:d9:93:
                    42:8b:f8:99:41:12:70:dc:e9:4a:7e:5c:f5:6a:69:
                    7c:25:52:4f:e8:7a:b0:bc:b5:cf:4f:24:9c:a8:1f:
                    9b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:F2:A9:7E:43:09:7A:7F:53:50:7E:19:7F:18:0E:CF:1A:87:90:D5
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/LPKpfkMJen9TUH4ZfxgOzxqHkNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:1c40::/29
                  2a12:3dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:5e:11:cd:de:5a:78:56:47:b3:ad:c8:5c:02:87:8f:d9:e2:
         d5:42:e9:5a:a2:63:8f:87:e5:b7:ba:b6:5b:65:7a:ae:64:d1:
         7e:e2:94:36:0e:bb:82:4d:be:35:62:9d:4d:3f:c7:b1:bb:ae:
         14:76:35:b1:9f:12:e0:71:b6:69:78:57:b6:e1:84:66:56:46:
         35:e0:09:cb:c8:de:7e:b3:00:15:9a:b0:3d:c1:4b:bf:92:d5:
         27:00:59:92:93:32:50:60:69:ee:47:f6:72:92:95:f0:63:76:
         e9:93:f9:4d:c4:fb:57:30:51:7b:f8:05:fd:01:b2:d6:c0:9c:
         75:1f:ff:43:29:8f:10:c3:2e:d6:78:df:12:c6:73:0e:a2:7f:
         23:41:52:45:f8:27:b5:67:c0:c1:f3:a2:8c:cf:f1:81:6d:88:
         3d:bc:e2:85:61:32:0b:32:ed:d8:6c:77:6d:4b:67:47:78:50:
         c4:1c:ca:6c:0f:ce:fa:52:cd:a2:03:05:2d:b2:66:60:6b:63:
         99:0e:7a:22:9a:5c:f6:74:58:9f:4b:2a:06:1c:e4:85:96:d5:
         b6:88:4e:ee:dc:66:04:b8:6b:ab:62:72:87:ae:bb:2a:08:ae:
         91:e7:5d:f9:80:0c:45:06:08:ab:3f:93:9d:80:36:b8:e2:2d:
         92:5f:03:ab
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZl363Uc79yg7bOU83/hZd3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwOTIzMTg1MjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2YyYTk3ZTQzMDk3YTdmNTM1MDdlMTk3ZjE4MGVjZjFhODc5MGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ibOj/k6ELSYc1gB+MBqFcghsc13
Hmhv+MzZNmkbgkrMsVHQ7eHL2qgH6A+rGBMgF5nvFCjY6ryclwki5a51MR4IvcC8
9feGnBXjr6bSTH1kpFk8uWrIc10pRfdw13g5Yo41hC8j3FDMRE4Gdq5IIDh4sOk3
UJgJeqfjfG8XEI4O8wFZ18T8+qsS1uv9ZI13+Ke6EOAgkiqTrU2ihSBGZBWr4h13
J8Lt92rOavEkIcs8N8vAcRjb0cm1jlr+GlFC2XUzsC3yFvV/acOzDgcW884OJ1tw
QNx8i7C1TbVE2ZNCi/iZQRJw3OlKflz1aml8JVJP6HqwvLXPTyScqB+bVwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCzyqX5DCXp/U1B+GX8YDs8ah5DVMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvTFBLcGZrTUplbjlUVUg0WmZ4Z096eHFIa05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhIcQAMF
AyoSPcAwDQYJKoZIhvcNAQELBQADggEBAApeEc3eWnhWR7OtyFwCh4/Z4tVC6Vqi
Y4+H5be6tltleq5k0X7ilDYOu4JNvjVinU0/x7G7rhR2NbGfEuBxtml4V7bhhGZW
RjXgCcvI3n6zABWasD3BS7+S1ScAWZKTMlBgae5H9nKSlfBjdumT+U3E+1cwUXv4
Bf0BstbAnHUf/0MpjxDDLtZ43xLGcw6ifyNBUkX4J7VnwMHzoozP8YFtiD284oVh
Mgsy7dhsd21LZ0d4UMQcymwPzvpSzaIDBS2yZmBrY5kOeiKaXPZ0WJ9LKgYc5IWW
1baITu7cZgS4a6ticoeuuyoIrpHnXfmADEUGCKs/k52ANrjiLZJfA6s=
-----END CERTIFICATE-----