Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/6Ds5RVmgnVhibq3q_o76tyxqGF0.roa
File:                     6Ds5RVmgnVhibq3q_o76tyxqGF0.roa (raw, json)
Hash identifier:          ZaNEOkNbzSY+y1rnsqLobnF8H5v0hgQ/dfmbwaaeZnc=
Subject key identifier:   E8:3B:39:45:59:A0:9D:58:62:6E:AD:EA:FE:8E:FA:B7:2C:6A:18:5D
Certificate issuer:       /CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
Certificate serial:       0199763FE878A88FC681ECC441867ECD2538
Authority key identifier: E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/6Ds5RVmgnVhibq3q_o76tyxqGF0.roa
Signing time:             Tue 23 Sep 2025 11:05:23 +0000
ROA not before:           Tue 23 Sep 2025 11:05:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12294
IP address blocks:        212.40.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:3f:e8:78:a8:8f:c6:81:ec:c4:41:86:7e:cd:25:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
        Validity
            Not Before: Sep 23 11:05:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e83b394559a09d58626eadeafe8efab72c6a185d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:22:01:6e:8b:60:df:ff:58:14:64:47:fe:d9:
                    87:ba:69:0d:66:96:64:1d:9b:d6:32:f0:8d:8e:79:
                    fb:4f:b2:b9:f4:6c:ed:da:bd:f6:70:9d:7c:8a:2c:
                    c2:f0:26:00:65:d9:e2:3a:e9:53:42:2c:67:51:7b:
                    c4:9e:a6:95:14:4b:15:bb:49:ce:b1:3e:c5:23:fe:
                    d3:b2:76:73:42:21:27:71:a0:77:38:a6:44:dd:85:
                    88:f2:62:53:a3:b6:54:e9:47:bc:24:d7:4f:ed:d6:
                    ea:85:3d:ee:e0:ac:94:a6:58:e5:4e:90:ec:63:5f:
                    7d:50:22:aa:25:78:99:6d:35:05:40:d3:b4:14:53:
                    51:d2:e5:e5:fb:1c:f9:f0:7b:21:14:5b:20:e8:cb:
                    7a:2a:6c:e9:6c:16:d8:e8:de:e2:57:e3:d5:31:bb:
                    15:ca:84:d1:36:9d:61:cb:4d:29:77:d2:dc:a1:1b:
                    60:62:cf:97:23:3c:8c:34:0e:d9:57:a1:13:d1:eb:
                    b6:65:a7:ef:ed:95:48:88:cb:b5:ae:ea:05:82:ae:
                    b0:ba:42:6d:d7:b4:03:d2:d2:ec:3e:f4:9a:15:0f:
                    7d:08:15:47:ce:0b:f9:8d:df:cd:34:0c:3e:6b:3e:
                    1f:13:81:2b:ab:ab:2b:d0:29:e8:47:6a:16:2e:26:
                    82:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:3B:39:45:59:A0:9D:58:62:6E:AD:EA:FE:8E:FA:B7:2C:6A:18:5D
            X509v3 Authority Key Identifier:
                keyid:E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/6Ds5RVmgnVhibq3q_o76tyxqGF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.40.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         87:3e:b7:7a:88:11:15:77:8a:58:00:59:18:25:37:77:3f:38:
         8e:53:d8:7c:45:0f:ea:52:0c:87:d7:c1:02:7f:db:13:0e:69:
         20:c0:cf:1e:45:ea:e9:16:35:6d:df:2a:09:08:91:b1:4e:5e:
         1f:40:85:53:79:67:92:3f:fa:19:2c:6c:83:0d:fb:58:f4:58:
         de:79:97:86:b8:17:f8:7e:59:73:03:5e:f7:2c:7a:3e:91:59:
         7b:cc:8c:9e:91:78:2d:6e:b0:98:da:35:0e:c8:fd:39:3e:1e:
         c8:d7:e7:2d:cc:a4:e6:48:37:6c:7c:f9:03:27:6b:aa:11:19:
         4d:40:84:88:b3:54:0d:d8:c8:cc:25:1f:e5:58:56:c1:92:20:
         e6:e3:7c:2b:f5:4e:c2:3e:b1:2d:27:64:10:fa:b3:ef:18:63:
         3e:e5:02:b5:0f:7c:fb:19:27:27:6a:47:3e:ed:30:d3:cb:b8:
         bd:c0:51:aa:b9:cb:8a:01:7e:a2:ca:3d:49:11:01:bb:8f:f8:
         58:b7:0e:8d:3d:41:9f:07:0a:46:c9:69:06:20:85:11:18:e1:
         c7:4a:e7:b5:3d:89:e6:99:cd:b2:ac:e4:43:2b:6f:f5:33:bb:
         2e:40:92:6b:93:51:cb:84:20:dd:f1:b5:1e:9e:07:5d:e8:3a:
         10:64:94:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl2P+h4qI/GgezEQYZ+zSU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxY2FkYzhhNDIxYzFmMjJmMWUyOTA0Y2NmZGJiY2VjNWRi
ZTFiMTEwHhcNMjUwOTIzMTEwNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODNiMzk0NTU5YTA5ZDU4NjI2ZWFkZWFmZThlZmFiNzJjNmExODVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiIBbotg3/9YFGRH/tmHumkNZpZk
HZvWMvCNjnn7T7K59Gzt2r32cJ18iizC8CYAZdniOulTQixnUXvEnqaVFEsVu0nO
sT7FI/7TsnZzQiEncaB3OKZE3YWI8mJTo7ZU6Ue8JNdP7dbqhT3u4KyUpljlTpDs
Y199UCKqJXiZbTUFQNO0FFNR0uXl+xz58HshFFsg6Mt6KmzpbBbY6N7iV+PVMbsV
yoTRNp1hy00pd9LcoRtgYs+XIzyMNA7ZV6ET0eu2Zafv7ZVIiMu1ruoFgq6wukJt
17QD0tLsPvSaFQ99CBVHzgv5jd/NNAw+az4fE4Erq6sr0CnoR2oWLiaCLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOg7OUVZoJ1YYm6t6v6O+rcsahhdMB8GA1UdIwQY
MBaAFOHK3IpCHB8i8eKQTM/bvOxdvhsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQt
NzQyZGMwYzk3MGMwLzEvNkRzNVJWbWduVmhpYnEzcV9vNzZ0eXhxR0YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQtNzQyZGMwYzk3MGMw
LzEvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1CggMA0G
CSqGSIb3DQEBCwUAA4IBAQCHPrd6iBEVd4pYAFkYJTd3PziOU9h8RQ/qUgyH18EC
f9sTDmkgwM8eRerpFjVt3yoJCJGxTl4fQIVTeWeSP/oZLGyDDftY9FjeeZeGuBf4
fllzA173LHo+kVl7zIyekXgtbrCY2jUOyP05Ph7I1+ctzKTmSDdsfPkDJ2uqERlN
QISIs1QN2MjMJR/lWFbBkiDm43wr9U7CPrEtJ2QQ+rPvGGM+5QK1D3z7GScnakc+
7TDTy7i9wFGqucuKAX6iyj1JEQG7j/hYtw6NPUGfBwpGyWkGIIURGOHHSue1PYnm
mc2yrORDK2/1M7suQJJrk1HLhCDd8bUengdd6DoQZJR9
-----END CERTIFICATE-----