Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/S3-UGk16fgBKghN_7jlpmFhtevk.roa
File:                     S3-UGk16fgBKghN_7jlpmFhtevk.roa (raw, json)
Hash identifier:          svmOkbDlORnE+JdlDBeTol63DbR+qbg9OLTtqku/fJk=
Subject key identifier:   4B:7F:94:1A:4D:7A:7E:00:4A:82:13:7F:EE:39:69:98:58:6D:7A:F9
Certificate issuer:       /CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
Certificate serial:       0197D6C4F904E8C9D242DD38887918DEE56B
Authority key identifier: F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/S3-UGk16fgBKghN_7jlpmFhtevk.roa
Signing time:             Fri 04 Jul 2025 18:48:42 +0000
ROA not before:           Fri 04 Jul 2025 18:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d6:c4:f9:04:e8:c9:d2:42:dd:38:88:79:18:de:e5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
        Validity
            Not Before: Jul  4 18:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b7f941a4d7a7e004a82137fee396998586d7af9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:02:c1:ae:d6:88:d6:80:88:e3:38:bb:eb:9e:
                    62:95:79:18:6d:97:c7:72:d6:a7:23:75:ef:2a:d3:
                    1c:bf:ed:ef:78:34:23:6f:c3:93:d4:36:5d:ae:d3:
                    08:c9:a8:60:d7:50:06:78:a7:b2:d9:eb:77:04:81:
                    c7:b3:60:f5:b6:44:e6:c6:2e:3b:4c:69:9e:fd:ab:
                    85:23:c4:0e:49:f3:72:02:17:3d:05:97:4e:b6:ea:
                    a3:85:c8:b1:1d:40:2c:ae:ab:86:b0:6e:b1:64:87:
                    b1:1a:23:c9:d9:b7:5a:ad:a4:e6:c0:ff:7d:d4:1c:
                    10:01:43:ed:43:7e:33:c0:0c:a9:2f:7a:e7:92:d1:
                    87:d1:a8:b4:e3:78:a2:75:8a:ed:78:e6:55:a1:60:
                    64:10:36:c9:a9:e8:1f:ac:2c:9d:82:78:3f:d5:7f:
                    7c:72:73:b6:62:7d:fe:25:dc:1c:33:08:af:e3:0c:
                    44:ce:bd:74:b4:cb:90:18:0a:9a:3b:f2:05:bc:80:
                    18:69:28:62:a2:f9:fd:bc:d1:5c:6a:0d:5d:e5:17:
                    de:5f:25:df:ff:0b:7e:9a:2e:61:86:2e:72:c2:40:
                    b8:72:e5:c2:17:40:2c:7a:a6:02:1f:94:2e:9e:99:
                    38:c2:ba:b0:49:3b:78:5f:e0:8a:be:6b:0b:ce:1c:
                    26:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7F:94:1A:4D:7A:7E:00:4A:82:13:7F:EE:39:69:98:58:6D:7A:F9
            X509v3 Authority Key Identifier:
                keyid:F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/S3-UGk16fgBKghN_7jlpmFhtevk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f140::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:f3:08:e8:06:15:e1:34:b4:4f:d4:f4:bb:f3:a0:01:46:7a:
         8a:47:e4:39:2b:21:c6:55:84:2a:c8:a6:f6:e7:8e:94:f9:0a:
         d3:0b:68:8c:5e:f8:d2:bf:6c:1f:5c:82:09:31:3d:d5:48:6d:
         0f:c8:6c:00:45:3c:98:44:1e:01:2e:59:e8:46:63:ca:b6:32:
         cd:0e:00:c4:b2:49:42:0d:8b:e2:a3:d7:41:2f:d9:35:af:b4:
         22:f0:2b:0e:c5:84:b9:62:f8:91:dc:af:71:1d:83:36:d6:7e:
         4c:46:71:f4:4c:bd:d1:31:11:d3:f5:4b:4e:8b:c1:66:18:78:
         25:ea:82:b4:6c:6a:70:e0:aa:e2:96:0b:c3:b4:5c:6f:63:cc:
         6e:fe:90:76:13:88:a5:f1:9f:7a:27:68:89:fd:da:fd:38:60:
         50:88:b1:6d:5e:27:de:de:a3:2d:2b:74:fa:61:79:dd:de:18:
         43:94:67:90:c1:5e:64:a0:da:e7:7e:f9:58:6c:bb:3b:24:16:
         35:1b:4f:4f:5e:23:af:52:2f:01:67:7e:43:91:d7:61:52:8a:
         8f:e6:d0:d0:cb:8e:40:2b:fc:92:79:d6:4d:71:00:48:94:5f:
         7b:7d:ef:5f:07:be:c6:e1:b5:c2:42:fc:b5:a5:26:27:87:2a:
         34:57:86:4a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfWxPkE6MnSQt04iHkY3uVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MmU5YzkxNDZlZDdiYzU4Yzg1Y2RhYjZlYjg1OGU0MjI4
NmVlZjQwHhcNMjUwNzA0MTg0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjdmOTQxYTRkN2E3ZTAwNGE4MjEzN2ZlZTM5Njk5ODU4NmQ3YWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwLBrtaI1oCI4zi7655ilXkYbZfH
ctanI3XvKtMcv+3veDQjb8OT1DZdrtMIyahg11AGeKey2et3BIHHs2D1tkTmxi47
TGme/auFI8QOSfNyAhc9BZdOtuqjhcixHUAsrquGsG6xZIexGiPJ2bdaraTmwP99
1BwQAUPtQ34zwAypL3rnktGH0ai043iidYrteOZVoWBkEDbJqegfrCydgng/1X98
cnO2Yn3+JdwcMwiv4wxEzr10tMuQGAqaO/IFvIAYaShiovn9vNFcag1d5RfeXyXf
/wt+mi5hhi5ywkC4cuXCF0AseqYCH5Qunpk4wrqwSTt4X+CKvmsLzhwmSwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEt/lBpNen4ASoITf+45aZhYbXr5MB8GA1UdIwQY
MBaAFPcunJFG7XvFjIXNq264WOQihu70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2Et
ZDUxNmYwZTE0ODdiLzEvUzMtVUdrMTZmZ0JLZ2hOXzdqbHBtRmh0ZXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2EtZDUxNmYwZTE0ODdi
LzEvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHxQDAN
BgkqhkiG9w0BAQsFAAOCAQEAlPMI6AYV4TS0T9T0u/OgAUZ6ikfkOSshxlWEKsim
9ueOlPkK0wtojF740r9sH1yCCTE91UhtD8hsAEU8mEQeAS5Z6EZjyrYyzQ4AxLJJ
Qg2L4qPXQS/ZNa+0IvArDsWEuWL4kdyvcR2DNtZ+TEZx9Ey90TER0/VLTovBZhh4
JeqCtGxqcOCq4pYLw7Rcb2PMbv6QdhOIpfGfeidoif3a/ThgUIixbV4n3t6jLSt0
+mF53d4YQ5RnkMFeZKDa5375WGy7OyQWNRtPT14jr1IvAWd+Q5HXYVKKj+bQ0MuO
QCv8knnWTXEASJRfe33vXwe+xuG1wkL8taUmJ4cqNFeGSg==
-----END CERTIFICATE-----