Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/fkPctyPmNa-jHOMFlt54MEYI4-Y.roa
File:                     fkPctyPmNa-jHOMFlt54MEYI4-Y.roa (raw, json)
Hash identifier:          kbI+XVxVhIkvFoyf5y5abPuJl3WbFcY/24KPezeLpg8=
Subject key identifier:   7E:43:DC:B7:23:E6:35:AF:A3:1C:E3:05:96:DE:78:30:46:08:E3:E6
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       0196A1ABB7A6E971C27F8A587EC2BE220A5A
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/fkPctyPmNa-jHOMFlt54MEYI4-Y.roa
Signing time:             Mon 05 May 2025 18:18:27 +0000
ROA not before:           Mon 05 May 2025 18:18:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        2a14:9703::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a1:ab:b7:a6:e9:71:c2:7f:8a:58:7e:c2:be:22:0a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: May  5 18:18:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e43dcb723e635afa31ce30596de78304608e3e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:63:68:65:be:e8:15:b0:83:bb:f2:e9:fb:a8:
                    69:7c:ea:ed:62:a9:5d:02:b0:d3:1e:c0:65:77:12:
                    14:74:72:96:02:33:23:8d:e8:00:6c:19:53:f8:88:
                    f2:00:5a:94:d7:04:f3:3e:7f:e4:50:4d:71:a2:6e:
                    16:f9:04:3f:f0:10:f3:e8:35:0d:72:82:59:82:89:
                    d4:be:28:dd:2d:1b:5f:68:07:f2:7c:d9:79:62:d7:
                    55:55:54:38:fc:4e:5b:35:85:93:f4:0f:17:8d:55:
                    ad:8e:fc:96:95:e8:98:1a:6e:e0:5c:80:5d:61:dd:
                    e9:01:b4:35:db:81:0f:ec:66:24:d1:89:fc:5e:87:
                    bf:74:a3:3f:e3:d8:21:75:31:3c:27:d1:aa:4b:75:
                    82:02:fd:0d:8b:96:e7:3d:53:16:1b:2f:aa:ed:7d:
                    ef:c3:ea:ca:52:bf:6e:7b:5f:1e:ed:41:ca:4f:8b:
                    af:20:98:9e:0b:3b:1d:43:47:2d:28:23:9d:26:10:
                    a6:81:f6:fd:12:f2:d9:69:1d:83:56:c4:0a:e9:c7:
                    26:03:75:66:8b:cb:f5:1b:b9:e1:89:02:11:28:10:
                    eb:11:42:be:ce:c7:f4:24:b9:7c:96:85:cf:b2:5d:
                    63:d1:72:39:2e:61:bf:8b:0e:8e:0c:79:4c:20:c7:
                    58:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:43:DC:B7:23:E6:35:AF:A3:1C:E3:05:96:DE:78:30:46:08:E3:E6
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/fkPctyPmNa-jHOMFlt54MEYI4-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9703::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:c3:00:e0:5b:2e:71:63:67:f0:a0:b2:80:cd:ae:ee:03:79:
         7d:0d:71:0d:17:4f:b1:9f:89:f9:3d:be:d8:e1:76:af:90:de:
         33:20:b8:30:9e:0c:69:d2:79:88:d9:a4:16:cc:9a:9a:d8:c6:
         d1:36:67:f1:d0:49:d9:5f:09:99:b8:25:a8:20:6c:c0:45:ac:
         a2:33:68:69:23:b5:d9:15:2a:d7:a1:38:91:e0:b2:2d:8e:ae:
         80:1a:e0:31:4f:c1:3a:10:64:0b:e9:b9:a0:af:53:e7:be:86:
         16:f3:e5:a9:95:24:a8:8d:36:22:cf:14:2d:99:28:d6:1f:b0:
         e6:a4:75:2e:a7:14:92:4a:a7:16:01:88:54:d7:03:d9:98:56:
         14:36:98:58:88:02:1e:5f:76:5f:68:fd:21:6c:31:ea:fb:76:
         8e:d9:97:9d:53:e6:5b:e5:c8:f4:fb:04:5d:71:26:9b:45:61:
         87:81:e3:a5:b4:42:e3:0c:70:6b:be:a2:4b:4d:8d:af:e6:ed:
         2e:2d:4e:1d:6f:d4:c3:2d:ba:73:52:db:c3:4d:fa:d6:3d:d7:
         f9:c4:c8:88:6d:32:e9:72:fe:c9:dd:2d:a3:aa:f9:40:71:d2:
         11:ab:29:71:5b:14:d6:70:55:7f:f5:e4:59:cf:e4:5a:d2:7b:
         3f:79:8b:21
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZahq7em6XHCf4pYfsK+IgpaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNTA1MTgxODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQzZGNiNzIzZTYzNWFmYTMxY2UzMDU5NmRlNzgzMDQ2MDhlM2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymNoZb7oFbCDu/Lp+6hpfOrtYqld
ArDTHsBldxIUdHKWAjMjjegAbBlT+IjyAFqU1wTzPn/kUE1xom4W+QQ/8BDz6DUN
coJZgonUvijdLRtfaAfyfNl5YtdVVVQ4/E5bNYWT9A8XjVWtjvyWleiYGm7gXIBd
Yd3pAbQ124EP7GYk0Yn8Xoe/dKM/49ghdTE8J9GqS3WCAv0Ni5bnPVMWGy+q7X3v
w+rKUr9ue18e7UHKT4uvIJieCzsdQ0ctKCOdJhCmgfb9EvLZaR2DVsQK6ccmA3Vm
i8v1G7nhiQIRKBDrEUK+zsf0JLl8loXPsl1j0XI5LmG/iw6ODHlMIMdYUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH5D3Lcj5jWvoxzjBZbeeDBGCOPmMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvZmtQY3R5UG1OYS1qSE9NRmx0NTRNRVlJNC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhSXAzAN
BgkqhkiG9w0BAQsFAAOCAQEAK8MA4FsucWNn8KCygM2u7gN5fQ1xDRdPsZ+J+T2+
2OF2r5DeMyC4MJ4MadJ5iNmkFsyamtjG0TZn8dBJ2V8JmbglqCBswEWsojNoaSO1
2RUq16E4keCyLY6ugBrgMU/BOhBkC+m5oK9T576GFvPlqZUkqI02Is8ULZko1h+w
5qR1LqcUkkqnFgGIVNcD2ZhWFDaYWIgCHl92X2j9IWwx6vt2jtmXnVPmW+XI9PsE
XXEmm0Vhh4HjpbRC4wxwa76iS02Nr+btLi1OHW/Uwy26c1Lbw0361j3X+cTIiG0y
6XL+yd0to6r5QHHSEaspcVsU1nBVf/XkWc/kWtJ7P3mLIQ==
-----END CERTIFICATE-----