Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eTTB7rAhhrNWf9wH2BNo66AbCz8.roa
File:                     eTTB7rAhhrNWf9wH2BNo66AbCz8.roa (raw, json)
Hash identifier:          2HLQFknlnIjiN6fyQ/ifza/rn0Mo9rpTLZP15D4q1oI=
Subject key identifier:   79:34:C1:EE:B0:21:86:B3:56:7F:DC:07:D8:13:68:EB:A0:1B:0B:3F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0197A68765BC5D07F5BF94F632946423E222
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eTTB7rAhhrNWf9wH2BNo66AbCz8.roa
Signing time:             Wed 25 Jun 2025 09:59:40 +0000
ROA not before:           Wed 25 Jun 2025 09:59:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206831
IP address blocks:        2a0c:b641:620::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:87:65:bc:5d:07:f5:bf:94:f6:32:94:64:23:e2:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun 25 09:59:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7934c1eeb02186b3567fdc07d81368eba01b0b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6f:bf:43:96:ca:b3:bb:77:03:d9:a7:7b:87:
                    fd:33:99:14:aa:65:37:a7:61:59:34:f7:f4:10:fb:
                    12:8e:1a:37:6d:83:73:21:50:ef:72:71:52:94:f4:
                    da:b3:ff:3b:0f:ce:88:20:bb:3f:f9:c8:b3:4c:50:
                    32:ee:97:ae:13:28:18:d3:2b:a5:5f:49:df:1f:dd:
                    04:d4:a3:2a:04:56:d9:68:36:3c:f2:c5:bf:ad:6a:
                    8f:8f:1a:6f:7c:47:6d:53:27:a8:3a:72:15:cb:f6:
                    cf:a5:92:68:fa:e4:83:2f:c5:96:30:80:42:2b:47:
                    fa:8a:7d:de:eb:79:77:fc:2d:d0:69:ad:59:d0:83:
                    be:22:aa:75:fe:bb:5d:a4:88:7c:cf:df:f9:91:82:
                    2b:e6:66:e0:58:8f:3d:63:ef:97:63:53:46:e3:d1:
                    c2:cc:18:3b:83:c9:c9:01:ae:40:e7:41:a0:51:51:
                    2b:c3:79:74:f0:2b:30:a4:fb:1b:5b:07:d4:ac:0d:
                    3d:30:a3:08:01:49:42:be:1e:01:7f:64:94:32:14:
                    bd:47:4c:89:ba:28:84:5d:49:61:09:67:4a:9a:27:
                    ad:d1:76:34:62:58:e2:91:08:32:e2:19:ee:6b:26:
                    14:e1:28:3a:72:80:ef:91:4c:26:e6:02:b9:94:5c:
                    d2:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:34:C1:EE:B0:21:86:B3:56:7F:DC:07:D8:13:68:EB:A0:1B:0B:3F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eTTB7rAhhrNWf9wH2BNo66AbCz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:620::/44

    Signature Algorithm: sha256WithRSAEncryption
         57:f0:2d:10:40:1c:b1:f6:1e:a7:a6:00:78:49:83:e2:aa:5d:
         ab:25:04:11:7e:02:d4:76:2a:83:b7:e3:c4:f1:5e:1b:ba:8f:
         6e:5e:ea:4d:2c:3c:bc:d9:42:17:1a:1d:01:bc:87:dc:57:dd:
         4d:37:18:c3:f1:95:3c:14:5e:bc:9b:0e:04:64:87:ad:7b:34:
         32:ed:13:f6:50:6c:28:8c:79:d7:57:8e:72:53:57:fc:2f:fa:
         a0:19:26:69:5a:a5:75:a5:68:b9:6a:34:17:05:d2:2d:3e:07:
         0f:98:28:e8:4c:3f:94:8b:13:d8:29:b4:bf:77:0e:97:52:a0:
         5a:0b:5f:82:11:b5:25:43:ec:bc:2f:ac:44:67:b1:d5:56:30:
         19:c5:de:c2:98:6a:be:a7:8e:36:de:8d:3f:2b:54:c6:b2:c3:
         25:fb:a5:36:9b:19:5e:b0:0c:4f:8d:f4:3e:1e:38:bd:75:78:
         c1:61:a6:c0:f2:13:f3:fe:40:eb:69:b9:65:3e:9a:1a:1c:61:
         27:a5:4b:01:d1:af:98:2a:a1:7e:7f:00:c1:02:25:f8:75:14:
         9e:d7:bb:0b:e4:63:a8:c8:45:4c:bc:fa:10:5e:5a:cb:67:04:
         58:32:20:27:60:31:d1:0f:24:7a:5d:49:87:31:00:1f:69:e3:
         34:30:da:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZemh2W8XQf1v5T2MpRkI+IiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNjI1MDk1OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTM0YzFlZWIwMjE4NmIzNTY3ZmRjMDdkODEzNjhlYmEwMWIwYjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqW+/Q5bKs7t3A9mne4f9M5kUqmU3
p2FZNPf0EPsSjho3bYNzIVDvcnFSlPTas/87D86IILs/+cizTFAy7peuEygY0yul
X0nfH90E1KMqBFbZaDY88sW/rWqPjxpvfEdtUyeoOnIVy/bPpZJo+uSDL8WWMIBC
K0f6in3e63l3/C3Qaa1Z0IO+Iqp1/rtdpIh8z9/5kYIr5mbgWI89Y++XY1NG49HC
zBg7g8nJAa5A50GgUVErw3l08CswpPsbWwfUrA09MKMIAUlCvh4Bf2SUMhS9R0yJ
uiiEXUlhCWdKmiet0XY0YljikQgy4hnuayYU4Sg6coDvkUwm5gK5lFzSDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHk0we6wIYazVn/cB9gTaOugGws/MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZVRUQjdyQWhock5XZjl3SDJCTm82NkFiQ3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQYg
MA0GCSqGSIb3DQEBCwUAA4IBAQBX8C0QQByx9h6npgB4SYPiql2rJQQRfgLUdiqD
t+PE8V4buo9uXupNLDy82UIXGh0BvIfcV91NNxjD8ZU8FF68mw4EZIetezQy7RP2
UGwojHnXV45yU1f8L/qgGSZpWqV1pWi5ajQXBdItPgcPmCjoTD+UixPYKbS/dw6X
UqBaC1+CEbUlQ+y8L6xEZ7HVVjAZxd7CmGq+p4423o0/K1TGssMl+6U2mxlesAxP
jfQ+Hji9dXjBYabA8hPz/kDrabllPpoaHGEnpUsB0a+YKqF+fwDBAiX4dRSe17sL
5GOoyEVMvPoQXlrLZwRYMiAnYDHRDyR6XUmHMQAfaeM0MNpK
-----END CERTIFICATE-----