Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/1E5Eo9kn-EIE-H1FRikMkq__s7A.roa
File:                     1E5Eo9kn-EIE-H1FRikMkq__s7A.roa (raw, json)
Hash identifier:          EJU0N8BH2KGMsBgxzG0oyPjH2Y4EH68EjvlKxHcS7T4=
Subject key identifier:   D4:4E:44:A3:D9:27:F8:42:04:F8:7D:45:46:29:0C:92:AF:FF:B3:B0
Certificate issuer:       /CN=3adbb475a4304c845343fd94fee9a6b88008e38b
Certificate serial:       0198BC072F6AEEF5A2BB1C65D24C6A4259B4
Authority key identifier: 3A:DB:B4:75:A4:30:4C:84:53:43:FD:94:FE:E9:A6:B8:80:08:E3:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otu0daQwTIRTQ_2U_ummuIAI44s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/1E5Eo9kn-EIE-H1FRikMkq__s7A.roa
Signing time:             Mon 18 Aug 2025 07:14:04 +0000
ROA not before:           Mon 18 Aug 2025 07:14:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210833
IP address blocks:        2001:67c:828::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/Otu0daQwTIRTQ_2U_ummuIAI44s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/Otu0daQwTIRTQ_2U_ummuIAI44s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otu0daQwTIRTQ_2U_ummuIAI44s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bc:07:2f:6a:ee:f5:a2:bb:1c:65:d2:4c:6a:42:59:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3adbb475a4304c845343fd94fee9a6b88008e38b
        Validity
            Not Before: Aug 18 07:14:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d44e44a3d927f84204f87d4546290c92afffb3b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4b:61:bf:16:cc:95:ee:71:51:22:d4:24:b9:
                    3e:3b:60:cf:e0:31:96:0b:48:38:03:c8:67:69:68:
                    36:f1:86:fc:d6:4e:0d:a0:63:37:c2:26:8b:a8:47:
                    de:a8:ea:10:bf:07:25:ed:d6:65:2a:16:13:4a:fa:
                    ac:8f:10:af:8d:92:95:0e:d0:13:95:74:41:2a:21:
                    44:f4:85:55:24:f7:88:2d:45:fc:8f:2c:18:86:32:
                    49:66:25:b1:fc:da:b0:4a:4e:9b:53:6f:8b:9a:30:
                    8c:b8:8c:fd:c4:47:f9:3f:6d:d9:94:de:24:2d:db:
                    cf:57:4c:d4:61:44:64:cd:c4:4e:be:7a:0e:68:82:
                    f1:e2:f5:ee:d8:60:fa:20:01:77:5d:00:41:f3:4c:
                    e1:a6:7b:41:a5:05:a1:52:94:57:77:84:75:d9:a1:
                    52:f6:85:3c:72:37:c2:db:b3:dc:1f:2f:54:3b:51:
                    54:65:de:7d:1b:ca:ec:b9:69:0f:db:d6:6e:1d:d3:
                    9d:10:e7:bf:53:12:33:b8:80:5a:fd:d7:1e:e6:3b:
                    b8:e0:67:e4:18:07:09:0a:96:21:cc:d7:5f:2c:20:
                    fc:44:d8:88:06:d3:a9:33:96:3f:bf:04:90:8b:ec:
                    b7:ed:52:87:9b:53:88:dd:ad:53:91:13:9c:73:fb:
                    31:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:4E:44:A3:D9:27:F8:42:04:F8:7D:45:46:29:0C:92:AF:FF:B3:B0
            X509v3 Authority Key Identifier:
                keyid:3A:DB:B4:75:A4:30:4C:84:53:43:FD:94:FE:E9:A6:B8:80:08:E3:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otu0daQwTIRTQ_2U_ummuIAI44s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/1E5Eo9kn-EIE-H1FRikMkq__s7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/Otu0daQwTIRTQ_2U_ummuIAI44s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:828::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:d8:af:59:9c:b7:38:79:cd:6b:3a:b8:92:24:e4:0a:be:ee:
         c5:f1:80:9c:09:97:fd:09:27:e5:77:01:89:f0:a0:3c:5a:f4:
         52:f0:90:21:00:cf:2f:7f:ea:56:7a:b6:b2:d1:b0:66:f1:0c:
         67:c0:08:83:66:4d:e5:c3:d3:48:d9:2e:c3:0e:71:9b:60:fb:
         16:48:20:7a:11:b8:8c:55:7c:c8:c0:fc:60:6c:7a:42:ab:ed:
         01:b4:fe:3d:ec:25:bd:bf:58:18:72:d3:f9:1a:2e:7c:0a:5d:
         10:3a:03:54:60:57:7b:ab:d0:e0:e4:d2:17:cd:45:02:d6:f7:
         18:0e:11:04:20:10:09:f4:47:78:23:78:26:0a:fb:e4:b0:e9:
         d0:8b:bb:04:fc:ca:42:08:0f:fa:cf:b8:c0:cb:7f:ab:3b:6f:
         a6:60:ab:b6:97:21:50:a9:7b:63:d7:58:19:78:0a:e8:f7:36:
         0b:6d:92:d9:34:fe:07:f0:21:3b:14:fe:89:a8:45:a3:86:5c:
         18:9d:d9:0a:10:28:26:78:3a:46:1b:3e:a9:55:65:a8:c0:37:
         5f:3c:9a:92:e0:b9:ab:d7:eb:05:08:9d:cd:ed:dc:0d:24:26:
         b1:89:7b:56:76:08:06:2d:b7:69:ae:45:ab:8f:00:9c:57:73:
         82:eb:99:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZi8By9q7vWiuxxl0kxqQlm0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZGJiNDc1YTQzMDRjODQ1MzQzZmQ5NGZlZTlhNmI4ODAw
OGUzOGIwHhcNMjUwODE4MDcxNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDRlNDRhM2Q5MjdmODQyMDRmODdkNDU0NjI5MGM5MmFmZmZiM2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEthvxbMle5xUSLUJLk+O2DP4DGW
C0g4A8hnaWg28Yb81k4NoGM3wiaLqEfeqOoQvwcl7dZlKhYTSvqsjxCvjZKVDtAT
lXRBKiFE9IVVJPeILUX8jywYhjJJZiWx/NqwSk6bU2+LmjCMuIz9xEf5P23ZlN4k
LdvPV0zUYURkzcROvnoOaILx4vXu2GD6IAF3XQBB80zhpntBpQWhUpRXd4R12aFS
9oU8cjfC27PcHy9UO1FUZd59G8rsuWkP29ZuHdOdEOe/UxIzuIBa/dce5ju44Gfk
GAcJCpYhzNdfLCD8RNiIBtOpM5Y/vwSQi+y37VKHm1OI3a1TkROcc/sxOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNRORKPZJ/hCBPh9RUYpDJKv/7OwMB8GA1UdIwQY
MBaAFDrbtHWkMEyEU0P9lP7ppriACOOLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3R1MGRhUXdUSVJUUV8yVV91bW11SUFJNDRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yMjY5MjctZDY1Ni00YjkxLWE5OTAt
MGNlMDQ5NmE5OTdiLzEvMUU1RW85a24tRUlFLUgxRlJpa01rcV9fczdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yMjY5MjctZDY1Ni00YjkxLWE5OTAtMGNlMDQ5NmE5OTdi
LzEvT3R1MGRhUXdUSVJUUV8yVV91bW11SUFJNDRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAgo
MA0GCSqGSIb3DQEBCwUAA4IBAQAA2K9ZnLc4ec1rOriSJOQKvu7F8YCcCZf9CSfl
dwGJ8KA8WvRS8JAhAM8vf+pWeray0bBm8QxnwAiDZk3lw9NI2S7DDnGbYPsWSCB6
EbiMVXzIwPxgbHpCq+0BtP497CW9v1gYctP5Gi58Cl0QOgNUYFd7q9Dg5NIXzUUC
1vcYDhEEIBAJ9Ed4I3gmCvvksOnQi7sE/MpCCA/6z7jAy3+rO2+mYKu2lyFQqXtj
11gZeAro9zYLbZLZNP4H8CE7FP6JqEWjhlwYndkKECgmeDpGGz6pVWWowDdfPJqS
4Lmr1+sFCJ3N7dwNJCaxiXtWdggGLbdprkWrjwCcV3OC65ml
-----END CERTIFICATE-----