Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/P4PUnBd1248YaTmwBtDP6J5fWs8.roa
File:                     P4PUnBd1248YaTmwBtDP6J5fWs8.roa (raw, json)
Hash identifier:          /keox5bsKkY6B94jjXdUVZzK7QGAMHlF9rFaKPyVqXM=
Subject key identifier:   3F:83:D4:9C:17:75:DB:8F:18:69:39:B0:06:D0:CF:E8:9E:5F:5A:CF
Certificate issuer:       /CN=cd9173bc828ab71da2ebcafa7f898ec6aa1eea76
Certificate serial:       0198B7EB3E81145699BF710BEB2649E5B5FD
Authority key identifier: CD:91:73:BC:82:8A:B7:1D:A2:EB:CA:FA:7F:89:8E:C6:AA:1E:EA:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zZFzvIKKtx2i68r6f4mOxqoe6nY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/P4PUnBd1248YaTmwBtDP6J5fWs8.roa
Signing time:             Sun 17 Aug 2025 12:05:04 +0000
ROA not before:           Sun 17 Aug 2025 12:05:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213611
IP address blocks:        2a14:4040::/29 maxlen: 29
                          2a14:4040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/zZFzvIKKtx2i68r6f4mOxqoe6nY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/zZFzvIKKtx2i68r6f4mOxqoe6nY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zZFzvIKKtx2i68r6f4mOxqoe6nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b7:eb:3e:81:14:56:99:bf:71:0b:eb:26:49:e5:b5:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd9173bc828ab71da2ebcafa7f898ec6aa1eea76
        Validity
            Not Before: Aug 17 12:05:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f83d49c1775db8f186939b006d0cfe89e5f5acf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b2:bb:00:81:f4:3c:f3:20:f5:99:74:03:56:
                    80:30:ef:47:ae:e9:ce:a0:b1:65:d6:99:fd:dc:92:
                    3c:34:70:c0:37:83:5c:08:c1:49:69:94:77:a0:e9:
                    e7:e4:00:d8:73:1e:2c:af:8b:b0:d7:7e:fe:8d:f9:
                    c2:01:6a:47:9b:7a:db:73:45:c2:35:6b:cd:fc:2b:
                    2d:3f:76:07:17:bc:97:aa:97:ee:ef:e1:7a:0c:47:
                    c0:23:06:22:f7:01:78:62:bc:39:67:7b:78:82:ed:
                    15:21:41:21:14:5b:13:13:24:96:8f:12:72:24:21:
                    26:77:21:0f:28:c2:cf:fc:8c:30:f0:38:c4:d9:13:
                    a3:e4:bd:83:49:26:98:5d:46:2b:53:fc:5d:ee:ff:
                    20:33:88:bc:ae:57:78:1d:7c:d1:6b:48:74:ef:f2:
                    a4:50:12:bc:f6:eb:21:b1:d2:cd:97:45:cf:3e:15:
                    30:69:29:fa:d6:a3:8f:cf:61:c6:bd:73:98:8a:42:
                    ea:f6:44:33:05:77:49:7e:2a:bd:d8:98:0c:49:d7:
                    7e:ca:45:82:2a:22:b9:8b:1c:6a:59:ee:e5:b4:52:
                    c8:cd:54:5c:aa:b0:1c:d9:55:e0:96:9d:3e:61:44:
                    74:97:2b:90:27:95:c0:6e:c9:2f:24:5a:c4:fd:53:
                    da:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:83:D4:9C:17:75:DB:8F:18:69:39:B0:06:D0:CF:E8:9E:5F:5A:CF
            X509v3 Authority Key Identifier:
                keyid:CD:91:73:BC:82:8A:B7:1D:A2:EB:CA:FA:7F:89:8E:C6:AA:1E:EA:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zZFzvIKKtx2i68r6f4mOxqoe6nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/P4PUnBd1248YaTmwBtDP6J5fWs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/zZFzvIKKtx2i68r6f4mOxqoe6nY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4040::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:71:34:dc:b6:7c:77:1e:53:25:0e:05:1d:26:f9:19:2d:d6:
         4e:35:c1:f2:12:1c:f7:81:e7:1b:5e:d3:0c:98:06:c5:2e:b2:
         83:ba:57:67:91:2d:28:d7:6a:5c:6e:52:22:83:93:6e:ac:51:
         4b:6f:03:77:5d:8d:c1:55:0c:23:d0:bc:09:d8:fd:95:20:2e:
         3d:1a:fa:45:15:50:3d:78:3f:7d:c9:de:29:58:f2:f7:c0:a6:
         e9:eb:8e:d7:74:08:25:a5:65:c3:dc:bf:8e:1f:a3:c8:81:41:
         8b:e2:34:03:cd:60:a7:9c:14:94:89:71:64:e6:6a:62:b3:62:
         92:ca:66:3b:74:ed:c4:06:ae:b6:5e:87:bd:fb:ff:09:e4:f6:
         ad:11:27:3a:4c:53:53:d6:2b:d7:03:ac:c5:db:8b:31:7e:90:
         20:53:13:c4:79:81:cb:cb:55:35:b8:54:79:26:d2:aa:e8:c7:
         13:e4:1e:36:9c:53:c0:20:9f:2e:c9:9c:6d:ff:bb:6f:15:75:
         1a:26:b4:29:d6:78:21:8e:e3:04:2e:c5:09:2c:a7:97:b7:62:
         8a:0f:39:23:24:6c:95:dd:ae:fc:01:a5:3f:29:ed:2c:fc:53:
         54:83:0d:70:0c:c6:33:e7:c9:18:f9:68:c7:68:a7:44:b3:dc:
         82:1c:76:13
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZi36z6BFFaZv3EL6yZJ5bX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkOTE3M2JjODI4YWI3MWRhMmViY2FmYTdmODk4ZWM2YWEx
ZWVhNzYwHhcNMjUwODE3MTIwNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgzZDQ5YzE3NzVkYjhmMTg2OTM5YjAwNmQwY2ZlODllNWY1YWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurK7AIH0PPMg9Zl0A1aAMO9HrunO
oLFl1pn93JI8NHDAN4NcCMFJaZR3oOnn5ADYcx4sr4uw137+jfnCAWpHm3rbc0XC
NWvN/CstP3YHF7yXqpfu7+F6DEfAIwYi9wF4Yrw5Z3t4gu0VIUEhFFsTEySWjxJy
JCEmdyEPKMLP/Iww8DjE2ROj5L2DSSaYXUYrU/xd7v8gM4i8rld4HXzRa0h07/Kk
UBK89ushsdLNl0XPPhUwaSn61qOPz2HGvXOYikLq9kQzBXdJfiq92JgMSdd+ykWC
KiK5ixxqWe7ltFLIzVRcqrAc2VXglp0+YUR0lyuQJ5XAbskvJFrE/VPamQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD+D1JwXdduPGGk5sAbQz+ieX1rPMB8GA1UdIwQY
MBaAFM2Rc7yCircdouvK+n+JjsaqHup2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelpGenZJS0t0eDJpNjhyNmY0bU94cW9lNm5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS81YjhiOWMtOGYxOS00YzZiLWFmZDct
YzY5NDI2MDAxN2IwLzEvUDRQVW5CZDEyNDhZYVRtd0J0RFA2SjVmV3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS81YjhiOWMtOGYxOS00YzZiLWFmZDctYzY5NDI2MDAxN2Iw
LzEvelpGenZJS0t0eDJpNjhyNmY0bU94cW9lNm5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRAQDAN
BgkqhkiG9w0BAQsFAAOCAQEAeXE03LZ8dx5TJQ4FHSb5GS3WTjXB8hIc94HnG17T
DJgGxS6yg7pXZ5EtKNdqXG5SIoOTbqxRS28Dd12NwVUMI9C8Cdj9lSAuPRr6RRVQ
PXg/fcneKVjy98Cm6euO13QIJaVlw9y/jh+jyIFBi+I0A81gp5wUlIlxZOZqYrNi
kspmO3TtxAautl6Hvfv/CeT2rREnOkxTU9Yr1wOsxduLMX6QIFMTxHmBy8tVNbhU
eSbSqujHE+QeNpxTwCCfLsmcbf+7bxV1Gia0KdZ4IY7jBC7FCSynl7diig85IyRs
ld2u/AGlPyntLPxTVIMNcAzGM+fJGPlox2inRLPcghx2Ew==
-----END CERTIFICATE-----