Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2f541c-ea12-446f-bea4-a82a153ab13e/1/O55FnDiUhMsPTi6hjIewBuX7Ta8.roa
File:                     O55FnDiUhMsPTi6hjIewBuX7Ta8.roa (raw, json)
Hash identifier:          3JNSAI/aVMRICcZVLh9uXFKqAHc+rCKXfwm9TEvUz2k=
Subject key identifier:   3B:9E:45:9C:38:94:84:CB:0F:4E:2E:A1:8C:87:B0:06:E5:FB:4D:AF
Certificate issuer:       /CN=e5d7f13d91676eec1dc9acc872316d62ac779d7b
Certificate serial:       01980DA44F2B8084BCA071283E3A28B6D93C
Authority key identifier: E5:D7:F1:3D:91:67:6E:EC:1D:C9:AC:C8:72:31:6D:62:AC:77:9D:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dfxPZFnbuwdyazIcjFtYqx3nXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2f541c-ea12-446f-bea4-a82a153ab13e/1/O55FnDiUhMsPTi6hjIewBuX7Ta8.roa
Signing time:             Tue 15 Jul 2025 10:32:08 +0000
ROA not before:           Tue 15 Jul 2025 10:32:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206513
IP address blocks:        2a0a:4840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2f541c-ea12-446f-bea4-a82a153ab13e/1/5dfxPZFnbuwdyazIcjFtYqx3nXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2f541c-ea12-446f-bea4-a82a153ab13e/1/5dfxPZFnbuwdyazIcjFtYqx3nXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dfxPZFnbuwdyazIcjFtYqx3nXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:a4:4f:2b:80:84:bc:a0:71:28:3e:3a:28:b6:d9:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d7f13d91676eec1dc9acc872316d62ac779d7b
        Validity
            Not Before: Jul 15 10:32:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b9e459c389484cb0f4e2ea18c87b006e5fb4daf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:cb:56:8b:36:bd:86:8b:34:87:a4:fe:08:78:
                    7d:4d:2a:11:4a:55:c5:24:a2:9b:f1:97:c0:f5:81:
                    19:c7:cb:a9:f8:94:e4:70:b7:4f:8a:1f:26:0f:39:
                    cc:00:64:3e:d0:84:b8:8f:88:7e:a3:0a:12:2e:45:
                    d9:36:9c:1a:3c:b7:4c:bd:94:45:75:07:12:db:7f:
                    b9:23:e9:12:45:34:da:1b:1a:b8:95:81:2b:dd:e1:
                    92:cf:04:ba:a7:07:4b:dc:ce:73:88:ba:9f:73:51:
                    64:62:8c:5f:ea:6e:e0:c7:f2:35:fa:91:be:a5:a9:
                    bf:32:fc:49:ee:11:16:c4:89:ff:6e:7d:83:9b:b7:
                    d0:2f:83:83:64:84:38:48:40:00:0a:f4:d3:fa:75:
                    97:de:e8:9e:39:cb:ce:78:9c:e2:19:95:5e:1b:5d:
                    7c:1a:fd:c6:d7:d3:43:30:59:8c:d3:60:5a:ba:fc:
                    7f:d1:15:71:b3:af:83:68:65:4d:19:e2:3e:85:69:
                    31:ad:c6:54:8f:3a:63:08:3d:79:fe:04:bb:c5:da:
                    fe:39:60:c8:e0:94:f0:33:c5:dc:2e:2b:c4:77:48:
                    ac:8e:bf:5c:7e:72:ef:df:cf:b5:fc:61:cb:29:81:
                    c2:dd:69:6a:aa:e4:23:bc:29:1c:db:9f:de:ad:61:
                    4a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:9E:45:9C:38:94:84:CB:0F:4E:2E:A1:8C:87:B0:06:E5:FB:4D:AF
            X509v3 Authority Key Identifier:
                keyid:E5:D7:F1:3D:91:67:6E:EC:1D:C9:AC:C8:72:31:6D:62:AC:77:9D:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dfxPZFnbuwdyazIcjFtYqx3nXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2f541c-ea12-446f-bea4-a82a153ab13e/1/O55FnDiUhMsPTi6hjIewBuX7Ta8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2f541c-ea12-446f-bea4-a82a153ab13e/1/5dfxPZFnbuwdyazIcjFtYqx3nXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4840::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:ab:66:dd:40:bb:b4:8e:21:15:1b:41:29:84:f1:53:d7:d9:
         55:12:11:b7:dd:b3:ae:a8:9e:31:83:6c:91:16:56:5e:52:a0:
         50:45:9e:dd:64:62:19:29:1c:8e:39:86:0e:83:8d:e0:45:4f:
         0f:01:10:ee:85:de:37:86:87:4e:c5:62:d1:47:41:fa:20:ff:
         13:8f:80:d4:51:3a:89:34:96:19:22:8f:b5:a9:22:d4:ec:7b:
         5c:14:8b:8f:fb:cf:8b:c5:6d:27:30:cb:89:fb:1b:9c:5a:0c:
         08:24:84:da:3e:3b:99:1c:f0:eb:7c:d2:89:51:b0:aa:e6:a7:
         ff:4c:16:8a:6c:45:a4:98:08:31:21:b0:79:87:0f:b1:2d:36:
         36:54:8d:d0:8f:5a:78:3e:38:a7:8a:c0:af:1b:18:36:4f:10:
         79:06:fa:2f:7e:cf:ff:69:b7:45:50:a5:65:12:c9:9b:0c:30:
         c0:0e:f6:8d:e9:29:a7:3b:88:fe:d4:f7:f8:8b:7f:94:85:f9:
         94:8f:07:6c:80:d4:53:35:92:34:bf:a6:34:1c:61:71:93:84:
         df:22:3c:6d:d3:1a:1b:1b:36:57:c8:c7:5c:d8:94:5b:c6:04:
         1b:87:6d:da:4f:bc:c8:b0:71:fe:a5:af:8a:8e:71:57:e7:48:
         57:0d:fe:74
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgNpE8rgIS8oHEoPjoottk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDdmMTNkOTE2NzZlZWMxZGM5YWNjODcyMzE2ZDYyYWM3
NzlkN2IwHhcNMjUwNzE1MTAzMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjllNDU5YzM4OTQ4NGNiMGY0ZTJlYTE4Yzg3YjAwNmU1ZmI0ZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzstWiza9hos0h6T+CHh9TSoRSlXF
JKKb8ZfA9YEZx8up+JTkcLdPih8mDznMAGQ+0IS4j4h+owoSLkXZNpwaPLdMvZRF
dQcS23+5I+kSRTTaGxq4lYEr3eGSzwS6pwdL3M5ziLqfc1FkYoxf6m7gx/I1+pG+
pam/MvxJ7hEWxIn/bn2Dm7fQL4ODZIQ4SEAACvTT+nWX3uieOcvOeJziGZVeG118
Gv3G19NDMFmM02Bauvx/0RVxs6+DaGVNGeI+hWkxrcZUjzpjCD15/gS7xdr+OWDI
4JTwM8XcLivEd0isjr9cfnLv38+1/GHLKYHC3WlqquQjvCkc25/erWFKXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDueRZw4lITLD04uoYyHsAbl+02vMB8GA1UdIwQY
MBaAFOXX8T2RZ27sHcmsyHIxbWKsd517MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRmeFBaRm5idXdkeWF6SWNqRnRZcXgzblhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yZjU0MWMtZWExMi00NDZmLWJlYTQt
YTgyYTE1M2FiMTNlLzEvTzU1Rm5EaVVoTXNQVGk2aGpJZXdCdVg3VGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yZjU0MWMtZWExMi00NDZmLWJlYTQtYTgyYTE1M2FiMTNl
LzEvNWRmeFBaRm5idXdkeWF6SWNqRnRZcXgzblhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgpIQDAN
BgkqhkiG9w0BAQsFAAOCAQEAAqtm3UC7tI4hFRtBKYTxU9fZVRIRt92zrqieMYNs
kRZWXlKgUEWe3WRiGSkcjjmGDoON4EVPDwEQ7oXeN4aHTsVi0UdB+iD/E4+A1FE6
iTSWGSKPtaki1Ox7XBSLj/vPi8VtJzDLifsbnFoMCCSE2j47mRzw63zSiVGwquan
/0wWimxFpJgIMSGweYcPsS02NlSN0I9aeD44p4rArxsYNk8QeQb6L37P/2m3RVCl
ZRLJmwwwwA72jekppzuI/tT3+It/lIX5lI8HbIDUUzWSNL+mNBxhcZOE3yI8bdMa
Gxs2V8jHXNiUW8YEG4dt2k+8yLBx/qWvio5xV+dIVw3+dA==
-----END CERTIFICATE-----