Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/951b18-5244-4b2b-a22d-ed5f00c95067/1/Y_oYNTABqXVE9GTLe20SGiBKmm8.roa
File:                     Y_oYNTABqXVE9GTLe20SGiBKmm8.roa (raw, json)
Hash identifier:          oNuhka5sSAjP9HueZy64ACfp5Ut+NkJyfMXj1b7/13Y=
Subject key identifier:   63:FA:18:35:30:01:A9:75:44:F4:64:CB:7B:6D:12:1A:20:4A:9A:6F
Certificate issuer:       /CN=20fa4eddb21f0901923c189f41e8f5c749a65829
Certificate serial:       01994DA6E04810D539213D21FB9D1C213647
Authority key identifier: 20:FA:4E:DD:B2:1F:09:01:92:3C:18:9F:41:E8:F5:C7:49:A6:58:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPpO3bIfCQGSPBifQej1x0mmWCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/951b18-5244-4b2b-a22d-ed5f00c95067/1/Y_oYNTABqXVE9GTLe20SGiBKmm8.roa
Signing time:             Mon 15 Sep 2025 13:53:25 +0000
ROA not before:           Mon 15 Sep 2025 13:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42532
IP address blocks:        2a00:1838:9100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/951b18-5244-4b2b-a22d-ed5f00c95067/1/IPpO3bIfCQGSPBifQej1x0mmWCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/951b18-5244-4b2b-a22d-ed5f00c95067/1/IPpO3bIfCQGSPBifQej1x0mmWCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPpO3bIfCQGSPBifQej1x0mmWCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4d:a6:e0:48:10:d5:39:21:3d:21:fb:9d:1c:21:36:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20fa4eddb21f0901923c189f41e8f5c749a65829
        Validity
            Not Before: Sep 15 13:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63fa18353001a97544f464cb7b6d121a204a9a6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:c7:e9:2c:9c:62:fa:24:37:da:f5:10:16:a7:
                    7d:94:4c:db:c5:98:54:1f:40:a8:69:03:0e:76:49:
                    eb:6f:cb:0d:c2:a5:32:0a:87:86:fa:32:c6:8b:44:
                    aa:83:dc:99:4c:5c:e3:bf:9c:da:5c:07:9c:87:54:
                    70:59:dd:ee:3d:2e:73:68:80:7c:33:a8:4d:b5:ca:
                    34:8e:3d:c2:65:17:29:20:bd:69:6a:93:38:57:67:
                    71:f9:16:74:1e:d7:82:07:69:04:35:fa:86:0f:d0:
                    f1:05:e1:05:71:ca:0e:e3:47:19:8a:19:69:c8:cf:
                    3b:1d:70:73:a1:e4:8c:46:80:03:72:1b:7f:9b:f7:
                    31:e2:f1:4c:19:4a:b0:e2:c8:60:27:78:37:a6:34:
                    3b:f1:eb:63:49:d2:a2:a4:1d:b2:41:43:0a:f2:3c:
                    64:dc:a3:4d:78:b7:3f:41:a3:f9:9b:d6:7e:41:b4:
                    5a:ce:fb:95:e7:57:3a:77:30:2f:f6:be:93:94:c8:
                    8b:d2:9d:0c:d8:97:43:e6:ed:ca:93:f0:ae:be:9c:
                    48:f4:a9:dc:24:42:1a:6a:23:f5:b9:45:b7:2f:a5:
                    34:d0:dc:82:89:d5:93:f0:aa:df:b5:e2:69:d6:f9:
                    3b:49:80:9b:f7:dd:87:c2:09:90:3b:a8:83:a5:10:
                    24:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FA:18:35:30:01:A9:75:44:F4:64:CB:7B:6D:12:1A:20:4A:9A:6F
            X509v3 Authority Key Identifier:
                keyid:20:FA:4E:DD:B2:1F:09:01:92:3C:18:9F:41:E8:F5:C7:49:A6:58:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPpO3bIfCQGSPBifQej1x0mmWCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/951b18-5244-4b2b-a22d-ed5f00c95067/1/Y_oYNTABqXVE9GTLe20SGiBKmm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/951b18-5244-4b2b-a22d-ed5f00c95067/1/IPpO3bIfCQGSPBifQej1x0mmWCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1838:9100::/48

    Signature Algorithm: sha256WithRSAEncryption
         ca:25:72:92:78:87:f3:e0:b8:3b:7b:fb:12:48:4f:c4:fd:cd:
         d9:54:66:ba:8b:ec:79:41:b0:10:59:73:97:83:b5:22:74:aa:
         49:bc:11:ab:14:a6:d7:00:1a:60:92:e1:8d:72:d3:98:56:b7:
         da:a2:b2:9c:42:6f:49:f8:b2:26:a9:8d:52:4b:b8:83:69:c6:
         fc:b6:b7:52:c9:e6:41:61:85:ec:61:f7:fd:10:94:84:4d:f3:
         16:de:98:d6:62:0b:92:a0:fe:c2:0a:2f:66:f4:42:c1:04:22:
         8b:b2:a6:d5:2a:ac:b7:95:dc:b7:a8:a8:1d:03:f2:d1:9a:75:
         7b:37:96:c4:c6:fd:39:93:37:32:22:ac:5d:c4:c7:74:9d:32:
         44:30:60:92:c0:cc:92:1d:a6:94:90:7a:f8:5e:a6:d9:df:8d:
         1e:04:b8:0b:57:91:1f:2d:a2:ae:1e:be:3e:7e:5c:61:96:cf:
         a4:37:5a:a1:92:b6:2f:0d:49:b3:88:ce:74:a3:6a:0d:3f:00:
         7e:22:3d:47:42:15:37:37:d6:b9:15:91:89:9a:b8:01:55:41:
         61:dc:be:83:76:f7:47:d3:c9:f6:93:0e:65:71:b2:c0:0f:31:
         ac:18:22:a0:f8:5f:a4:b9:76:0c:7d:9a:f2:c0:f0:ba:57:12:
         5a:fd:91:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlNpuBIENU5IT0h+50cITZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZmE0ZWRkYjIxZjA5MDE5MjNjMTg5ZjQxZThmNWM3NDlh
NjU4MjkwHhcNMjUwOTE1MTM1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2ZhMTgzNTMwMDFhOTc1NDRmNDY0Y2I3YjZkMTIxYTIwNGE5YTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8cfpLJxi+iQ32vUQFqd9lEzbxZhU
H0CoaQMOdknrb8sNwqUyCoeG+jLGi0Sqg9yZTFzjv5zaXAech1RwWd3uPS5zaIB8
M6hNtco0jj3CZRcpIL1papM4V2dx+RZ0HteCB2kENfqGD9DxBeEFccoO40cZihlp
yM87HXBzoeSMRoADcht/m/cx4vFMGUqw4shgJ3g3pjQ78etjSdKipB2yQUMK8jxk
3KNNeLc/QaP5m9Z+QbRazvuV51c6dzAv9r6TlMiL0p0M2JdD5u3Kk/CuvpxI9Knc
JEIaaiP1uUW3L6U00NyCidWT8KrfteJp1vk7SYCb992HwgmQO6iDpRAkJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGP6GDUwAal1RPRky3ttEhogSppvMB8GA1UdIwQY
MBaAFCD6Tt2yHwkBkjwYn0Ho9cdJplgpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBwTzNiSWZDUUdTUEJpZlFlajF4MG1tV0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC85NTFiMTgtNTI0NC00YjJiLWEyMmQt
ZWQ1ZjAwYzk1MDY3LzEvWV9vWU5UQUJxWFZFOUdUTGUyMFNHaUJLbW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC85NTFiMTgtNTI0NC00YjJiLWEyMmQtZWQ1ZjAwYzk1MDY3
LzEvSVBwTzNiSWZDUUdTUEJpZlFlajF4MG1tV0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAYOJEA
MA0GCSqGSIb3DQEBCwUAA4IBAQDKJXKSeIfz4Lg7e/sSSE/E/c3ZVGa6i+x5QbAQ
WXOXg7UidKpJvBGrFKbXABpgkuGNctOYVrfaorKcQm9J+LImqY1SS7iDacb8trdS
yeZBYYXsYff9EJSETfMW3pjWYguSoP7CCi9m9ELBBCKLsqbVKqy3ldy3qKgdA/LR
mnV7N5bExv05kzcyIqxdxMd0nTJEMGCSwMySHaaUkHr4XqbZ340eBLgLV5EfLaKu
Hr4+flxhls+kN1qhkrYvDUmziM50o2oNPwB+Ij1HQhU3N9a5FZGJmrgBVUFh3L6D
dvdH08n2kw5lcbLADzGsGCKg+F+kuXYMfZrywPC6VxJa/ZH0
-----END CERTIFICATE-----