Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/RuN1CEEKgWM9o41cCPWtfZFuKKk.roa
File:                     RuN1CEEKgWM9o41cCPWtfZFuKKk.roa (raw, json)
Hash identifier:          KY9kNkQ0Sz03RyPbQ91gb1ujhJwFYP1J5IWur4t9itw=
Subject key identifier:   46:E3:75:08:41:0A:81:63:3D:A3:8D:5C:08:F5:AD:7D:91:6E:28:A9
Certificate issuer:       /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial:       0197A6EDEEDDA5697D3BBAF440E7F1380FDC
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/RuN1CEEKgWM9o41cCPWtfZFuKKk.roa
Signing time:             Wed 25 Jun 2025 11:51:40 +0000
ROA not before:           Wed 25 Jun 2025 11:51:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133944
IP address blocks:        2a02:e9c5::/32 maxlen: 32
                          2a13:6cc5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:ed:ee:dd:a5:69:7d:3b:ba:f4:40:e7:f1:38:0f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
        Validity
            Not Before: Jun 25 11:51:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46e37508410a81633da38d5c08f5ad7d916e28a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:7d:d9:6f:b3:be:4e:47:8d:5c:a5:f1:32:fa:
                    c3:17:13:82:f4:43:79:fe:d7:fa:ca:28:cc:4e:46:
                    21:27:7f:2c:d3:d0:d6:44:1f:a2:03:2c:c8:8e:32:
                    9e:f9:2d:c2:00:0e:f1:b2:38:12:a2:f2:bd:dd:78:
                    f8:e9:55:76:8f:24:a0:f5:5e:9f:40:06:73:d1:b4:
                    af:98:d3:58:77:65:9e:3e:0d:b7:0b:1f:a9:c5:2d:
                    9b:dd:f7:87:03:ab:be:e5:12:9d:8c:2e:d0:d3:59:
                    57:98:b3:33:6b:c1:af:14:1a:f5:23:f2:29:6c:e8:
                    88:69:9a:bb:b2:a7:39:a9:ba:54:98:70:ca:f5:bb:
                    ee:d6:ba:26:32:52:3a:7e:02:66:96:68:d6:3f:1a:
                    d7:e9:2d:aa:56:99:07:9d:4e:3a:46:9c:9f:53:ce:
                    3b:59:06:81:e8:11:39:af:2c:3b:fc:52:99:5d:a9:
                    d5:7f:dd:6f:f4:ec:03:00:9e:91:d6:25:66:ea:38:
                    3e:15:db:ef:65:8f:b1:f3:36:45:76:d1:5c:92:37:
                    11:07:81:2a:d6:57:65:a7:52:d5:b3:94:c0:06:bc:
                    af:38:8a:c9:8c:d7:29:7d:ae:19:a0:5b:f0:4b:80:
                    28:64:1c:be:12:d7:2e:89:2e:c2:8d:87:be:91:71:
                    91:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:E3:75:08:41:0A:81:63:3D:A3:8D:5C:08:F5:AD:7D:91:6E:28:A9
            X509v3 Authority Key Identifier:
                keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/RuN1CEEKgWM9o41cCPWtfZFuKKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e9c5::/32
                  2a13:6cc5::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:f3:fb:95:1c:2d:76:0d:a7:11:2e:f3:26:c5:8c:ef:ec:35:
         67:de:6f:88:8f:95:9f:7a:e9:9d:35:1f:1d:52:7c:73:49:f4:
         c1:6f:64:73:19:45:5f:75:a0:c4:b2:4b:cb:2f:63:cb:6e:d0:
         11:20:ff:a3:99:54:69:22:1c:dd:c1:3b:f3:66:ed:88:55:87:
         e4:4f:c4:c8:f3:63:ef:5a:82:97:9f:28:f7:0e:9b:53:3f:91:
         00:b5:31:fa:91:c3:c3:fc:ba:c2:b7:6e:b8:c2:d4:dd:43:00:
         fb:7e:f4:7a:0a:52:13:3e:26:f4:52:87:32:d4:fd:ac:84:92:
         32:90:c2:ab:50:6c:1a:9f:39:8f:b3:0d:72:0b:4e:7a:55:3b:
         65:81:6f:74:7b:5b:93:1a:6a:a9:b6:6d:eb:1b:55:f7:ae:8d:
         dd:65:80:72:c4:38:30:63:d5:87:c0:6d:a3:50:eb:ae:c4:11:
         fe:33:cf:a5:ba:ca:42:dd:2b:dc:0f:c1:a8:90:dd:a6:2b:6d:
         c7:e7:ee:08:e8:30:83:e8:19:52:29:fb:d5:66:35:ad:fb:01:
         f6:62:aa:98:ed:dc:6f:60:8d:4a:94:f0:bb:cc:ea:03:44:d4:
         a6:4f:19:65:c0:f5:c6:a6:95:8b:ae:4a:c3:3a:03:03:85:99:
         63:65:73:73
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZem7e7dpWl9O7r0QOfxOA/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjUwNjI1MTE1MTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmUzNzUwODQxMGE4MTYzM2RhMzhkNWMwOGY1YWQ3ZDkxNmUyOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2n3Zb7O+TkeNXKXxMvrDFxOC9EN5
/tf6yijMTkYhJ38s09DWRB+iAyzIjjKe+S3CAA7xsjgSovK93Xj46VV2jySg9V6f
QAZz0bSvmNNYd2WePg23Cx+pxS2b3feHA6u+5RKdjC7Q01lXmLMza8GvFBr1I/Ip
bOiIaZq7sqc5qbpUmHDK9bvu1romMlI6fgJmlmjWPxrX6S2qVpkHnU46RpyfU847
WQaB6BE5ryw7/FKZXanVf91v9OwDAJ6R1iVm6jg+FdvvZY+x8zZFdtFckjcRB4Eq
1ldlp1LVs5TABryvOIrJjNcpfa4ZoFvwS4AoZBy+EtcuiS7CjYe+kXGRtwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEbjdQhBCoFjPaONXAj1rX2RbiipMB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvUnVOMUNFRUtnV005bzQxY0NQV3RmWkZ1S0trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgLpxQMF
ACoTbMUwDQYJKoZIhvcNAQELBQADggEBABLz+5UcLXYNpxEu8ybFjO/sNWfeb4iP
lZ966Z01Hx1SfHNJ9MFvZHMZRV91oMSyS8svY8tu0BEg/6OZVGkiHN3BO/Nm7YhV
h+RPxMjzY+9agpefKPcOm1M/kQC1MfqRw8P8usK3brjC1N1DAPt+9HoKUhM+JvRS
hzLU/ayEkjKQwqtQbBqfOY+zDXILTnpVO2WBb3R7W5Maaqm2besbVfeujd1lgHLE
ODBj1YfAbaNQ667EEf4zz6W6ykLdK9wPwaiQ3aYrbcfn7gjoMIPoGVIp+9VmNa37
AfZiqpjt3G9gjUqU8LvM6gNE1KZPGWXA9camlYuuSsM6AwOFmWNlc3M=
-----END CERTIFICATE-----