Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/KUdT6ERAiaY5ZjAg0l7_pkDNLCw.roa
File:                     KUdT6ERAiaY5ZjAg0l7_pkDNLCw.roa (raw, json)
Hash identifier:          JWvFQTdlTw7oZyEK0anyzQ0bLLNEO6CoBLxhpsT9tmY=
Subject key identifier:   29:47:53:E8:44:40:89:A6:39:66:30:20:D2:5E:FF:A6:40:CD:2C:2C
Certificate issuer:       /CN=e1f47c11a3a3cae06a192860a96c5053ec04b5dc
Certificate serial:       019A0B770DCFFAA3EEB361771D7A5FE86187
Authority key identifier: E1:F4:7C:11:A3:A3:CA:E0:6A:19:28:60:A9:6C:50:53:EC:04:B5:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fR8EaOjyuBqGShgqWxQU-wEtdw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/KUdT6ERAiaY5ZjAg0l7_pkDNLCw.roa
Signing time:             Wed 22 Oct 2025 10:29:02 +0000
ROA not before:           Wed 22 Oct 2025 10:29:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207544
IP address blocks:        212.6.61.0/24 maxlen: 24
                          2a0b:6c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/4fR8EaOjyuBqGShgqWxQU-wEtdw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/4fR8EaOjyuBqGShgqWxQU-wEtdw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fR8EaOjyuBqGShgqWxQU-wEtdw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:77:0d:cf:fa:a3:ee:b3:61:77:1d:7a:5f:e8:61:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f47c11a3a3cae06a192860a96c5053ec04b5dc
        Validity
            Not Before: Oct 22 10:29:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=294753e8444089a639663020d25effa640cd2c2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1b:e9:23:fd:c3:00:28:8e:bf:ca:55:c4:37:
                    63:1a:3b:8e:46:5c:c3:cb:3f:55:44:ba:fa:9e:6d:
                    79:33:c8:b0:05:58:61:4c:2f:1f:6f:05:c5:f4:64:
                    fc:f5:8c:6e:b5:00:3d:cd:0f:0c:cf:44:1e:79:e7:
                    66:c0:09:bb:2b:87:24:66:98:87:0b:cd:41:c1:2d:
                    42:b9:c4:ac:b0:0b:9b:c7:ba:bd:2e:57:9a:ce:9f:
                    8b:19:d0:c1:f1:57:10:48:77:ee:f9:98:23:fa:b7:
                    bb:31:06:6b:43:e0:36:5a:96:6f:13:e0:5d:c0:a0:
                    53:17:c1:54:3b:fa:fa:7e:c0:6c:b1:bc:8f:51:18:
                    12:95:05:6e:1f:9b:5b:e7:90:39:38:57:fb:44:1f:
                    65:bb:79:3d:7e:87:af:71:b6:0d:10:66:a8:52:d9:
                    4a:9f:cc:78:45:ee:92:b8:64:26:13:e5:39:dd:43:
                    ce:63:1e:49:7b:72:be:f4:8b:37:92:dc:39:5e:b3:
                    99:72:7f:88:fa:3d:70:7a:99:aa:d3:f4:c8:78:89:
                    3f:d9:07:17:a3:04:b3:a2:dc:91:15:c5:b8:2d:57:
                    f2:4e:95:11:17:5a:97:bf:dc:6b:3f:f3:9d:65:a2:
                    74:10:61:2f:c5:80:72:f0:6d:e1:e4:51:fa:a6:4f:
                    7b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:47:53:E8:44:40:89:A6:39:66:30:20:D2:5E:FF:A6:40:CD:2C:2C
            X509v3 Authority Key Identifier:
                keyid:E1:F4:7C:11:A3:A3:CA:E0:6A:19:28:60:A9:6C:50:53:EC:04:B5:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fR8EaOjyuBqGShgqWxQU-wEtdw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/KUdT6ERAiaY5ZjAg0l7_pkDNLCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/908070-fd94-4a75-9872-31c733197073/1/4fR8EaOjyuBqGShgqWxQU-wEtdw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.61.0/24
                IPv6:
                  2a0b:6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:94:bc:91:37:b0:09:03:bd:fb:4f:52:39:55:16:7e:73:fd:
         d2:fb:4b:71:72:7f:67:8f:f1:9a:bf:c9:1d:2f:77:89:87:7d:
         8b:02:ae:00:df:14:d8:a9:96:06:31:b7:27:8a:08:4e:fa:2d:
         fa:08:16:51:d3:2e:fa:f4:81:1d:0d:40:5a:33:cf:e1:bc:4c:
         9e:a1:ba:61:ea:24:58:21:ea:11:e8:43:58:0e:2f:8f:c6:f6:
         5f:dd:9b:85:e7:7c:06:42:54:e4:f7:eb:e6:a2:ce:d3:4b:ff:
         13:11:b5:18:d4:74:2e:cd:87:59:fd:fa:a1:56:bf:a6:1c:cf:
         81:39:10:ac:d8:2d:3b:8d:7a:f1:50:9d:c5:7d:6f:d6:d6:29:
         84:17:20:68:6b:86:86:ce:c1:80:a9:6f:5b:6c:49:69:e9:fc:
         08:93:2f:9c:5d:80:16:db:84:fd:22:75:b1:f2:8a:06:30:05:
         59:e2:e5:71:49:80:e8:3c:6b:b8:dd:8c:95:4d:78:f0:eb:b4:
         7f:37:bd:3d:97:ca:62:3e:68:a6:82:b6:fb:02:77:67:ca:fc:
         eb:5c:12:aa:f0:21:50:ae:60:35:09:1e:f5:c9:6b:f6:f9:50:
         3a:40:d7:b5:43:4c:1d:ec:8c:0e:13:7b:82:65:06:10:ef:6b:
         6c:8d:e5:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoLdw3P+qPus2F3HXpf6GGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZjQ3YzExYTNhM2NhZTA2YTE5Mjg2MGE5NmM1MDUzZWMw
NGI1ZGMwHhcNMjUxMDIyMTAyOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ3NTNlODQ0NDA4OWE2Mzk2NjMwMjBkMjVlZmZhNjQwY2QyYzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRvpI/3DACiOv8pVxDdjGjuORlzD
yz9VRLr6nm15M8iwBVhhTC8fbwXF9GT89YxutQA9zQ8Mz0QeeedmwAm7K4ckZpiH
C81BwS1CucSssAubx7q9Lleazp+LGdDB8VcQSHfu+Zgj+re7MQZrQ+A2WpZvE+Bd
wKBTF8FUO/r6fsBssbyPURgSlQVuH5tb55A5OFf7RB9lu3k9foevcbYNEGaoUtlK
n8x4Re6SuGQmE+U53UPOYx5Je3K+9Is3ktw5XrOZcn+I+j1wepmq0/TIeIk/2QcX
owSzotyRFcW4LVfyTpURF1qXv9xrP/OdZaJ0EGEvxYBy8G3h5FH6pk97HQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFClHU+hEQImmOWYwINJe/6ZAzSwsMB8GA1UdIwQY
MBaAFOH0fBGjo8rgahkoYKlsUFPsBLXcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGZSOEVhT2p5dUJxR1NoZ3FXeFFVLXdFdGR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC85MDgwNzAtZmQ5NC00YTc1LTk4NzIt
MzFjNzMzMTk3MDczLzEvS1VkVDZFUkFpYVk1WmpBZzBsN19wa0ROTEN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC85MDgwNzAtZmQ5NC00YTc1LTk4NzItMzFjNzMzMTk3MDcz
LzEvNGZSOEVhT2p5dUJxR1NoZ3FXeFFVLXdFdGR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1AY9MA0E
AgACMAcDBQMqCwbAMA0GCSqGSIb3DQEBCwUAA4IBAQBslLyRN7AJA737T1I5VRZ+
c/3S+0txcn9nj/Gav8kdL3eJh32LAq4A3xTYqZYGMbcnighO+i36CBZR0y769IEd
DUBaM8/hvEyeobph6iRYIeoR6ENYDi+PxvZf3ZuF53wGQlTk9+vmos7TS/8TEbUY
1HQuzYdZ/fqhVr+mHM+BORCs2C07jXrxUJ3FfW/W1imEFyBoa4aGzsGAqW9bbElp
6fwIky+cXYAW24T9InWx8ooGMAVZ4uVxSYDoPGu43YyVTXjw67R/N709l8piPmim
grb7AndnyvzrXBKq8CFQrmA1CR71yWv2+VA6QNe1Q0wd7IwOE3uCZQYQ72tsjeXj
-----END CERTIFICATE-----