Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Y977UyHoGuq9LnD17c_fWUv9WVk.roa
File:                     Y977UyHoGuq9LnD17c_fWUv9WVk.roa (raw, json)
Hash identifier:          7MYA2N+MqOsCsfzqDzotiGyA8NFRfNtXI65cwRT+ogk=
Subject key identifier:   63:DE:FB:53:21:E8:1A:EA:BD:2E:70:F5:ED:CF:DF:59:4B:FD:59:59
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019809FAD231703C167B8E998470FEFA6A8F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Y977UyHoGuq9LnD17c_fWUv9WVk.roa
Signing time:             Mon 14 Jul 2025 17:28:09 +0000
ROA not before:           Mon 14 Jul 2025 17:28:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34641
IP address blocks:        2a0f:8400::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:fa:d2:31:70:3c:16:7b:8e:99:84:70:fe:fa:6a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jul 14 17:28:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63defb5321e81aeabd2e70f5edcfdf594bfd5959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:76:83:af:39:e9:ad:cc:86:94:1d:82:5d:22:
                    2f:88:af:ed:3a:6f:36:39:25:18:1b:96:be:3b:e7:
                    1a:6d:f8:3f:b8:5f:f4:b9:fe:21:5b:ef:b5:ec:7d:
                    2e:06:37:82:72:86:67:bf:77:73:0d:ae:c0:dc:69:
                    68:d3:94:9a:6b:68:0e:0f:af:ce:f6:4d:1e:a0:93:
                    fa:4a:25:27:a2:f5:a0:38:48:ea:eb:cf:20:d9:b0:
                    15:74:b9:43:9f:25:80:7b:c0:83:2c:c5:aa:bc:44:
                    90:83:92:f4:82:d8:aa:80:5a:d0:00:f5:93:58:d3:
                    c0:df:a8:76:a9:53:00:b3:e3:89:d4:7d:c0:6a:5f:
                    0b:af:03:90:87:dd:63:66:10:42:ae:ef:19:f6:40:
                    de:1f:37:46:6c:0d:7d:fc:51:96:24:d9:82:18:b8:
                    9e:11:3d:82:dd:c6:e4:ad:dd:89:c5:eb:1d:13:e9:
                    0d:3e:d9:23:34:a9:32:18:ea:46:45:d2:77:c5:44:
                    23:d6:e1:91:d9:da:a2:54:a1:5a:05:dc:ba:d2:e0:
                    c2:54:ae:45:09:d3:ca:c0:a2:6d:f2:7a:1a:94:f6:
                    c1:c3:f4:22:bc:de:d3:f6:10:a5:56:dc:09:95:cf:
                    7b:37:25:62:69:a0:bb:bf:5f:2e:37:38:0f:c2:22:
                    1c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:DE:FB:53:21:E8:1A:EA:BD:2E:70:F5:ED:CF:DF:59:4B:FD:59:59
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Y977UyHoGuq9LnD17c_fWUv9WVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:8400::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:ae:dd:f3:ab:dc:d1:a5:4a:1b:b8:19:2d:83:a6:90:88:e8:
         30:c6:0b:b4:28:9a:d3:b8:aa:eb:d1:ac:d1:bd:66:53:19:3f:
         76:7f:0e:83:60:b3:da:0f:c0:66:33:9b:6c:aa:23:56:09:fa:
         50:60:63:48:54:59:d5:df:96:04:ca:b6:4b:c8:c7:aa:ff:37:
         c5:fa:ee:14:d3:a5:9a:73:c9:79:f6:f2:e2:df:93:50:f1:26:
         fd:24:8f:f8:71:49:c2:f4:b6:57:ee:c7:82:d7:91:09:cd:47:
         7d:28:a1:b4:02:24:ee:e2:c0:38:e3:50:55:83:60:51:c4:f9:
         db:a7:37:a3:f9:22:b8:da:05:35:cd:50:b5:b3:dd:ba:f5:5b:
         06:5d:88:d2:c6:e2:2d:72:44:90:99:08:21:51:bd:e7:a4:c5:
         fa:da:33:ba:fd:6a:0e:83:d7:d2:9d:58:85:d3:64:77:4f:f4:
         24:42:25:a8:a7:1c:c2:2d:cf:ad:fa:8c:a9:59:b5:0a:67:f2:
         ba:23:0a:d8:e4:c9:65:97:83:2a:02:23:70:78:ca:8c:c6:bf:
         0f:4c:74:9b:74:bf:0e:7c:3e:c9:c0:b1:3d:32:7e:bc:69:92:
         f3:d7:8c:97:20:ce:fa:97:e0:db:35:9a:34:d9:51:d2:48:47:
         37:11:41:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgJ+tIxcDwWe46ZhHD++mqPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNzE0MTcyODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2RlZmI1MzIxZTgxYWVhYmQyZTcwZjVlZGNmZGY1OTRiZmQ1OTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXaDrznprcyGlB2CXSIviK/tOm82
OSUYG5a+O+cabfg/uF/0uf4hW++17H0uBjeCcoZnv3dzDa7A3Glo05Saa2gOD6/O
9k0eoJP6SiUnovWgOEjq688g2bAVdLlDnyWAe8CDLMWqvESQg5L0gtiqgFrQAPWT
WNPA36h2qVMAs+OJ1H3Aal8LrwOQh91jZhBCru8Z9kDeHzdGbA19/FGWJNmCGLie
ET2C3cbkrd2JxesdE+kNPtkjNKkyGOpGRdJ3xUQj1uGR2dqiVKFaBdy60uDCVK5F
CdPKwKJt8noalPbBw/QivN7T9hClVtwJlc97NyViaaC7v18uNzgPwiIczQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGPe+1Mh6BrqvS5w9e3P31lL/VlZMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWTk3N1V5SG9HdXE5TG5EMTdjX2ZXVXY5V1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+EADAN
BgkqhkiG9w0BAQsFAAOCAQEAb67d86vc0aVKG7gZLYOmkIjoMMYLtCia07iq69Gs
0b1mUxk/dn8Og2Cz2g/AZjObbKojVgn6UGBjSFRZ1d+WBMq2S8jHqv83xfruFNOl
mnPJefby4t+TUPEm/SSP+HFJwvS2V+7HgteRCc1HfSihtAIk7uLAOONQVYNgUcT5
26c3o/kiuNoFNc1QtbPduvVbBl2I0sbiLXJEkJkIIVG956TF+tozuv1qDoPX0p1Y
hdNkd0/0JEIlqKccwi3PrfqMqVm1CmfyuiMK2OTJZZeDKgIjcHjKjMa/D0x0m3S/
Dnw+ycCxPTJ+vGmS89eMlyDO+pfg2zWaNNlR0khHNxFBCQ==
-----END CERTIFICATE-----