Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/yEEjupq6Zm7fSgHRecqn0gdPXwk.roa
File:                     yEEjupq6Zm7fSgHRecqn0gdPXwk.roa (raw, json)
Hash identifier:          YDhRnH2dZiHejO9wcHlfAQr9J4kqqgi37tr9xeC4HFA=
Subject key identifier:   C8:41:23:BA:9A:BA:66:6E:DF:4A:01:D1:79:CA:A7:D2:07:4F:5F:09
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       01992E55E7308B49CBEEC1180BD8D1B844F5
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/yEEjupq6Zm7fSgHRecqn0gdPXwk.roa
Signing time:             Tue 09 Sep 2025 11:56:45 +0000
ROA not before:           Tue 09 Sep 2025 11:56:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49443
IP address blocks:        2a13:3b80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2e:55:e7:30:8b:49:cb:ee:c1:18:0b:d8:d1:b8:44:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Sep  9 11:56:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c84123ba9aba666edf4a01d179caa7d2074f5f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:89:52:26:59:35:c2:84:56:b5:5a:dc:f2:a8:
                    ac:d7:c9:39:9d:f2:77:66:14:69:d5:d5:2c:8f:d2:
                    a6:ec:63:b7:a0:23:26:05:9c:d0:1e:02:a9:fa:77:
                    10:45:bc:de:ad:aa:b1:3a:bc:a8:dc:38:ef:82:2e:
                    3a:d0:67:a3:e8:75:46:f5:7b:f4:4a:8b:84:70:f5:
                    d1:ee:77:c0:d7:58:15:4c:da:7d:70:a8:a4:ef:1f:
                    77:0b:a9:0c:69:97:89:6d:1b:6a:c6:db:94:9e:24:
                    5f:2c:f9:76:4a:24:75:c9:41:c0:43:56:08:73:48:
                    bf:26:df:d3:7e:6b:e0:fe:f1:22:f7:0b:39:90:1a:
                    6b:87:b9:17:cc:f5:ef:14:19:40:e8:c7:38:ec:90:
                    d6:19:94:04:b6:25:e0:05:ec:c2:e7:1a:63:d2:a7:
                    bb:9c:8f:cb:62:c5:be:80:a8:b6:72:1c:bb:56:6a:
                    fd:c8:08:15:a2:7c:f8:ff:b8:74:48:ce:6a:7d:30:
                    4b:0f:3c:47:9a:75:e7:1e:24:23:58:a0:f7:0c:ce:
                    ac:4a:03:45:13:9b:be:f9:ca:bc:af:f3:d6:01:1a:
                    c7:ea:fd:90:43:4e:f6:bb:ae:69:c9:5b:be:0d:4e:
                    fb:db:bf:28:f4:16:1c:85:45:3b:cd:13:d7:8a:f6:
                    5d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:41:23:BA:9A:BA:66:6E:DF:4A:01:D1:79:CA:A7:D2:07:4F:5F:09
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/yEEjupq6Zm7fSgHRecqn0gdPXwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:ba:0c:fd:ee:f4:66:b3:db:9c:de:7a:1b:78:65:1c:9c:a7:
         be:1e:65:9b:17:44:69:a2:42:30:bd:f4:9e:e0:42:5e:58:e5:
         71:76:20:cd:f4:ad:c4:b4:40:33:d3:20:93:1c:c0:99:3a:9f:
         5a:d4:4c:35:85:3c:b8:09:ce:a1:96:3c:5a:7e:69:98:42:1b:
         6a:b1:a7:3c:3a:70:9f:11:89:50:61:f9:09:e5:4f:2f:cf:6e:
         8c:5e:76:58:d2:e5:fe:cc:bf:0a:93:fb:64:ab:e6:f1:a0:3f:
         0f:e2:69:7f:b6:93:77:d4:1f:e1:ae:02:7e:00:7e:9c:93:ab:
         b0:f7:bc:e6:2d:d4:a1:6f:e6:b8:19:2d:fa:a0:54:9c:c4:ca:
         d3:4a:f9:b2:35:5e:27:0a:41:2f:35:e9:1f:2f:a0:3e:76:1d:
         9c:13:20:49:52:f7:a5:17:35:6f:65:31:29:35:1d:6e:40:91:
         dd:e3:64:7d:be:6e:0d:1b:41:96:66:99:17:9a:9a:ad:07:a3:
         14:26:9f:bf:ec:16:4e:7d:af:a1:a9:0c:8d:db:fa:d6:ca:49:
         1f:a8:ae:8f:5c:32:d7:59:48:89:81:bb:f0:90:be:63:62:f2:
         b9:3f:49:6e:d1:2f:72:42:58:8b:fa:75:2d:60:66:08:a6:7a:
         a1:16:93:5f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkuVecwi0nL7sEYC9jRuET1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwOTA5MTE1NjQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODQxMjNiYTlhYmE2NjZlZGY0YTAxZDE3OWNhYTdkMjA3NGY1ZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIlSJlk1woRWtVrc8qis18k5nfJ3
ZhRp1dUsj9Km7GO3oCMmBZzQHgKp+ncQRbzeraqxOryo3Djvgi460Gej6HVG9Xv0
SouEcPXR7nfA11gVTNp9cKik7x93C6kMaZeJbRtqxtuUniRfLPl2SiR1yUHAQ1YI
c0i/Jt/Tfmvg/vEi9ws5kBprh7kXzPXvFBlA6Mc47JDWGZQEtiXgBezC5xpj0qe7
nI/LYsW+gKi2chy7Vmr9yAgVonz4/7h0SM5qfTBLDzxHmnXnHiQjWKD3DM6sSgNF
E5u++cq8r/PWARrH6v2QQ072u65pyVu+DU77278o9BYchUU7zRPXivZdzwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMhBI7qaumZu30oB0XnKp9IHT18JMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEveUVFanVwcTZabTdmU2dIUmVjcW4wZ2RQWHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhM7gDAN
BgkqhkiG9w0BAQsFAAOCAQEAsboM/e70ZrPbnN56G3hlHJynvh5lmxdEaaJCML30
nuBCXljlcXYgzfStxLRAM9MgkxzAmTqfWtRMNYU8uAnOoZY8Wn5pmEIbarGnPDpw
nxGJUGH5CeVPL89ujF52WNLl/sy/CpP7ZKvm8aA/D+Jpf7aTd9Qf4a4CfgB+nJOr
sPe85i3UoW/muBkt+qBUnMTK00r5sjVeJwpBLzXpHy+gPnYdnBMgSVL3pRc1b2Ux
KTUdbkCR3eNkfb5uDRtBlmaZF5qarQejFCafv+wWTn2voakMjdv61spJH6iuj1wy
11lIiYG78JC+Y2LyuT9JbtEvckJYi/p1LWBmCKZ6oRaTXw==
-----END CERTIFICATE-----