Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/IP68UOvXPyWPTz1HEiqzKfoK6Cs.roa
File:                     IP68UOvXPyWPTz1HEiqzKfoK6Cs.roa (raw, json)
Hash identifier:          n43Fl2cEvcoNW70BeYlNpuQb8SDIrjxfDRF6/OaDk9A=
Subject key identifier:   20:FE:BC:50:EB:D7:3F:25:8F:4F:3D:47:12:2A:B3:29:FA:0A:E8:2B
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0197B2375EE64626BE723FC45F1A16BCC6C9
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/IP68UOvXPyWPTz1HEiqzKfoK6Cs.roa
Signing time:             Fri 27 Jun 2025 16:27:42 +0000
ROA not before:           Fri 27 Jun 2025 16:27:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152672
IP address blocks:        2a0f:7802:e2d5::/48 maxlen: 48
                          2a0f:7802:e2f8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b2:37:5e:e6:46:26:be:72:3f:c4:5f:1a:16:bc:c6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun 27 16:27:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20febc50ebd73f258f4f3d47122ab329fa0ae82b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:54:12:a4:2b:9c:6f:dc:3b:35:ce:d4:dc:3d:
                    80:3a:cc:55:73:33:f1:43:bb:07:4a:1b:0d:e1:f9:
                    6e:5a:6a:de:47:b3:02:1f:5d:22:ae:23:cd:a1:7e:
                    e6:73:12:dd:45:86:88:80:1c:5c:b4:7b:25:bf:9b:
                    97:29:3f:14:a8:af:e9:f1:ca:ba:44:0e:8a:cb:15:
                    ea:3b:31:e3:44:5c:0a:2e:55:c7:70:7d:15:55:bf:
                    fc:fe:53:ff:2a:f4:3b:d3:54:03:57:55:01:d5:f5:
                    69:0a:b3:a8:55:4f:f3:9c:14:20:ca:4d:49:90:77:
                    4c:65:ae:6f:66:7d:31:23:40:0c:bd:7e:d8:cb:89:
                    25:b5:67:b8:90:d6:c4:df:6a:ee:d5:43:6b:e2:dd:
                    a9:b3:22:c8:f8:71:3d:1d:06:53:42:ee:11:f0:06:
                    1b:b6:7c:6a:0e:b9:74:a1:7a:5f:c7:6d:39:e1:8e:
                    b5:24:f6:37:28:62:1e:65:bf:3f:3e:e4:35:98:e9:
                    b7:be:7d:bf:72:a0:1c:a1:be:aa:44:00:0a:4a:d6:
                    2a:92:2b:db:1c:5a:d0:81:37:41:94:88:59:b3:9b:
                    66:6d:6b:68:ec:3d:55:cf:61:c3:2f:38:a1:f6:3a:
                    2d:e7:f0:7a:76:78:03:ec:2a:07:a8:c7:bd:17:94:
                    39:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:FE:BC:50:EB:D7:3F:25:8F:4F:3D:47:12:2A:B3:29:FA:0A:E8:2B
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/IP68UOvXPyWPTz1HEiqzKfoK6Cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:e2d5::/48
                  2a0f:7802:e2f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:7e:b4:08:2b:4f:10:d7:b4:17:e5:70:b0:03:86:50:06:4f:
         2a:4a:73:6f:63:af:35:02:be:0e:99:57:53:cd:6f:37:39:6c:
         c8:a3:a5:5f:86:b7:59:e1:c5:c3:3d:d5:cd:a2:96:9a:e8:5c:
         03:fd:96:9d:f0:40:67:ca:94:7b:41:09:6f:c1:e2:bf:0b:96:
         74:05:67:69:3c:be:cc:d6:f5:b3:11:c5:d5:7e:be:7b:9a:fc:
         70:e2:61:dd:86:1d:98:ec:3f:2d:ef:ea:cb:36:4e:17:7f:8a:
         ce:6e:12:10:28:18:8a:ed:e1:69:13:be:b5:a9:82:95:b6:f6:
         24:00:27:a0:0e:12:8c:ac:c9:c5:8f:d7:b6:71:08:70:cd:9f:
         27:3a:69:1d:5e:66:35:d5:3b:50:5d:fe:65:47:db:69:97:e4:
         6a:1b:cb:16:82:b2:a7:a5:62:77:6a:b7:65:cd:9c:a4:87:2f:
         c3:c6:4a:cd:9d:1b:9a:85:22:6e:c8:23:d2:6c:ab:65:71:d2:
         d1:67:77:f3:99:3f:65:a7:74:70:7f:4d:46:16:06:db:7a:9e:
         b2:6e:9b:54:f9:4f:bc:af:ed:3b:1f:7b:78:3b:8d:f1:79:1d:
         67:38:8b:93:5f:fb:06:a9:ea:f7:26:35:c6:cd:28:86:70:d2:
         4e:b5:8d:aa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZeyN17mRia+cj/EXxoWvMbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwNjI3MTYyNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGZlYmM1MGViZDczZjI1OGY0ZjNkNDcxMjJhYjMyOWZhMGFlODJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVQSpCucb9w7Nc7U3D2AOsxVczPx
Q7sHShsN4fluWmreR7MCH10iriPNoX7mcxLdRYaIgBxctHslv5uXKT8UqK/p8cq6
RA6KyxXqOzHjRFwKLlXHcH0VVb/8/lP/KvQ701QDV1UB1fVpCrOoVU/znBQgyk1J
kHdMZa5vZn0xI0AMvX7Yy4kltWe4kNbE32ru1UNr4t2psyLI+HE9HQZTQu4R8AYb
tnxqDrl0oXpfx2054Y61JPY3KGIeZb8/PuQ1mOm3vn2/cqAcob6qRAAKStYqkivb
HFrQgTdBlIhZs5tmbWto7D1Vz2HDLzih9jot5/B6dngD7CoHqMe9F5Q5rwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCD+vFDr1z8lj089RxIqsyn6CugrMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvSVA2OFVPdlhQeVdQVHoxSEVpcXpLZm9LNkNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg94AuLV
AwcAKg94AuL4MA0GCSqGSIb3DQEBCwUAA4IBAQCOfrQIK08Q17QX5XCwA4ZQBk8q
SnNvY681Ar4OmVdTzW83OWzIo6VfhrdZ4cXDPdXNopaa6FwD/Zad8EBnypR7QQlv
weK/C5Z0BWdpPL7M1vWzEcXVfr57mvxw4mHdhh2Y7D8t7+rLNk4Xf4rObhIQKBiK
7eFpE761qYKVtvYkACegDhKMrMnFj9e2cQhwzZ8nOmkdXmY11TtQXf5lR9tpl+Rq
G8sWgrKnpWJ3ardlzZykhy/DxkrNnRuahSJuyCPSbKtlcdLRZ3fzmT9lp3Rwf01G
Fgbbep6ybptU+U+8r+07H3t4O43xeR1nOIuTX/sGqer3JjXGzSiGcNJOtY2q
-----END CERTIFICATE-----