Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/d-ay6VV9nA3AD6zYCvyRYrU6g0Q.roa
File:                     d-ay6VV9nA3AD6zYCvyRYrU6g0Q.roa (raw, json)
Hash identifier:          k3M9SZ903jC4WeNlOUcXwwLheiOlYZ3MG3Qj2QgeUrQ=
Subject key identifier:   77:E6:B2:E9:55:7D:9C:0D:C0:0F:AC:D8:0A:FC:91:62:B5:3A:83:44
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0196433ECB3C49A66605F74ACB738FA50735
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/d-ay6VV9nA3AD6zYCvyRYrU6g0Q.roa
Signing time:             Thu 17 Apr 2025 10:15:10 +0000
ROA not before:           Thu 17 Apr 2025 10:15:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        2a14:7b81::/32 maxlen: 32
                          2a14:7b82::/32 maxlen: 32
                          2a14:7b83::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 22:36:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:3e:cb:3c:49:a6:66:05:f7:4a:cb:73:8f:a5:07:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Apr 17 10:15:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77e6b2e9557d9c0dc00facd80afc9162b53a8344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d6:86:3c:f5:cc:ae:0a:6a:b6:36:2b:c9:bf:
                    22:28:7e:b9:b2:fc:9d:ab:46:7f:13:05:30:28:f3:
                    90:e7:46:99:f2:5f:69:24:3f:cc:7f:f3:c6:e2:29:
                    82:73:ff:57:26:db:99:d5:c0:7f:97:81:57:5f:b9:
                    5c:82:8c:8d:0f:0a:58:25:de:f2:c9:14:f4:0f:68:
                    4b:f2:10:f6:ac:97:31:a0:a9:7a:23:db:44:53:e8:
                    d5:f4:b6:20:bc:c7:5c:ee:74:25:3b:bd:da:0e:da:
                    5d:d7:67:27:d2:52:a2:ba:7f:96:ed:fa:57:32:95:
                    76:1d:fd:a5:2f:4a:b8:64:70:c3:2b:ae:4f:f1:9f:
                    06:4b:a2:5f:58:75:de:94:f3:96:27:65:32:35:3b:
                    05:5c:0a:a4:bb:c3:99:bd:19:ad:43:34:4e:99:52:
                    98:73:ef:02:1d:cd:26:93:0f:67:31:b5:4d:b0:93:
                    ff:94:fd:26:87:53:0e:d2:fb:5c:32:e4:42:7e:23:
                    42:bc:02:63:cf:f6:b6:04:de:df:be:1e:1d:c8:b1:
                    1c:86:b6:d5:43:7b:e1:f0:7d:f0:7f:92:36:24:a3:
                    e6:a7:08:0d:45:14:2d:a4:21:81:1b:89:0d:1e:ac:
                    06:e1:d0:d6:28:c2:ac:27:c5:d2:15:19:fd:7d:ff:
                    ee:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E6:B2:E9:55:7D:9C:0D:C0:0F:AC:D8:0A:FC:91:62:B5:3A:83:44
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/d-ay6VV9nA3AD6zYCvyRYrU6g0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7b81::-2a14:7b83:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         66:48:9f:78:6d:00:02:12:09:e8:b2:23:24:67:63:90:3e:53:
         f4:a0:df:c1:5d:4c:46:d1:00:3c:1d:27:ea:70:39:7a:5b:71:
         56:0a:ab:45:ba:08:9c:65:ff:8f:e5:83:3b:cf:00:5b:6b:20:
         fa:38:a6:23:28:6e:35:85:23:03:d4:0c:59:76:21:de:c5:59:
         7d:1d:7d:09:9b:c9:b2:4e:2e:85:a9:14:51:6a:b5:69:a1:54:
         e6:4a:ec:30:25:29:7c:2a:6d:9f:37:64:c0:c7:f8:b5:26:60:
         14:97:3e:b5:78:0d:cb:f7:f8:d9:9c:66:ba:c8:97:b9:8e:cf:
         32:6a:85:9e:23:5a:bd:a9:59:1b:4d:37:37:ca:d3:58:d1:b7:
         3e:45:cf:a0:5a:63:42:1e:29:82:0b:23:23:b6:50:e3:29:fa:
         1f:8c:97:ef:97:4b:52:a8:17:90:64:fa:08:c4:93:fa:dc:cc:
         1b:70:20:8d:ba:5e:8e:df:fe:e5:fc:67:d2:4a:33:09:4a:a3:
         29:77:f0:19:96:d2:a9:a0:bc:e8:c0:38:23:9c:92:01:a3:d0:
         6e:d7:65:49:4c:80:82:5e:c9:ae:94:9b:9e:3a:f0:e9:e5:8d:
         50:8e:bc:71:78:f8:78:2c:87:00:40:ab:e9:9d:1b:b8:42:77:
         cd:25:22:5a
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZZDPss8SaZmBfdKy3OPpQc1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwNDE3MTAxNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U2YjJlOTU1N2Q5YzBkYzAwZmFjZDgwYWZjOTE2MmI1M2E4MzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NaGPPXMrgpqtjYryb8iKH65svyd
q0Z/EwUwKPOQ50aZ8l9pJD/Mf/PG4imCc/9XJtuZ1cB/l4FXX7lcgoyNDwpYJd7y
yRT0D2hL8hD2rJcxoKl6I9tEU+jV9LYgvMdc7nQlO73aDtpd12cn0lKiun+W7fpX
MpV2Hf2lL0q4ZHDDK65P8Z8GS6JfWHXelPOWJ2UyNTsFXAqku8OZvRmtQzROmVKY
c+8CHc0mkw9nMbVNsJP/lP0mh1MO0vtcMuRCfiNCvAJjz/a2BN7fvh4dyLEchrbV
Q3vh8H3wf5I2JKPmpwgNRRQtpCGBG4kNHqwG4dDWKMKsJ8XSFRn9ff/ulwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFHfmsulVfZwNwA+s2Ar8kWK1OoNEMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvZC1heTZWVjluQTNBRDZ6WUN2eVJZclU2ZzBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqFHuB
AwUCKhR7gDANBgkqhkiG9w0BAQsFAAOCAQEAZkifeG0AAhIJ6LIjJGdjkD5T9KDf
wV1MRtEAPB0n6nA5eltxVgqrRboInGX/j+WDO88AW2sg+jimIyhuNYUjA9QMWXYh
3sVZfR19CZvJsk4uhakUUWq1aaFU5krsMCUpfCptnzdkwMf4tSZgFJc+tXgNy/f4
2ZxmusiXuY7PMmqFniNavalZG003N8rTWNG3PkXPoFpjQh4pggsjI7ZQ4yn6H4yX
75dLUqgXkGT6CMST+tzMG3Agjbpejt/+5fxn0kozCUqjKXfwGZbSqaC86MA4I5yS
AaPQbtdlSUyAgl7JrpSbnjrw6eWNUI68cXj4eCyHAECr6Z0buEJ3zSUiWg==
-----END CERTIFICATE-----