Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/7AZZqIZjCgWZpR7MXYZHl8vGpKM.roa
File:                     7AZZqIZjCgWZpR7MXYZHl8vGpKM.roa (raw, json)
Hash identifier:          ak2i+WFROcVM/lzk3XQ8VYsR9xBbWOxeLhw2UvxOI4Y=
Subject key identifier:   EC:06:59:A8:86:63:0A:05:99:A5:1E:CC:5D:86:47:97:CB:C6:A4:A3
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       019523CB54B2AEC81919EC3C822393DD500B
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/7AZZqIZjCgWZpR7MXYZHl8vGpKM.roa
Signing time:             Thu 20 Feb 2025 14:38:02 +0000
ROA not before:           Thu 20 Feb 2025 14:38:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212982
IP address blocks:        2a0e:aa07:e210::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:23:cb:54:b2:ae:c8:19:19:ec:3c:82:23:93:dd:50:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Feb 20 14:38:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec0659a886630a0599a51ecc5d864797cbc6a4a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:c7:2a:b8:69:3e:f2:7e:dd:69:73:a7:8c:7e:
                    6a:44:14:eb:99:8c:9c:b9:7a:73:07:e1:37:34:e3:
                    05:f3:14:af:cf:35:79:cb:cf:31:bc:0b:c5:b5:8e:
                    48:d8:cc:fc:fd:cb:dc:58:8a:49:39:28:bd:08:b7:
                    f8:fc:54:e5:ff:45:65:f1:83:f8:df:34:b3:f8:13:
                    43:e3:d6:ad:a5:ac:a1:ee:05:e6:33:8c:42:02:1b:
                    7e:45:cc:6e:73:94:54:3c:6c:bd:27:09:32:71:c3:
                    d5:9f:3f:97:42:4a:97:aa:4b:42:ea:9a:5a:22:55:
                    6e:9b:1e:df:cb:73:36:50:ed:85:fc:be:13:a6:d3:
                    09:66:ee:cc:00:7d:f1:86:bf:61:2d:f9:a8:22:37:
                    4a:ee:9a:02:43:2d:6f:8b:ac:ea:a8:56:ea:50:31:
                    14:9e:90:dd:c9:62:e1:d5:da:4f:95:16:18:7a:db:
                    69:b3:a2:00:c2:09:2d:32:05:f6:f9:85:a7:aa:88:
                    98:28:83:07:bc:6b:02:27:61:80:6d:62:af:44:5c:
                    09:d1:ad:e5:76:cf:0d:04:0d:45:06:54:a5:c8:3b:
                    ff:7c:13:7a:fd:4a:2f:a9:08:75:b9:dd:dc:7a:e0:
                    24:4a:17:81:f0:7f:ae:bc:08:03:ac:bd:87:a0:4b:
                    0e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:06:59:A8:86:63:0A:05:99:A5:1E:CC:5D:86:47:97:CB:C6:A4:A3
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/7AZZqIZjCgWZpR7MXYZHl8vGpKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e210::/44

    Signature Algorithm: sha256WithRSAEncryption
         74:f9:91:60:02:d0:d3:8b:f6:c1:5a:61:55:49:4e:7f:54:12:
         f8:52:67:6d:1c:26:bc:11:f8:16:37:18:60:49:1f:77:07:56:
         31:d4:c9:4d:6a:92:64:58:6f:f8:aa:86:0c:12:b8:76:8a:ff:
         42:87:0b:16:b4:38:9d:d9:de:c4:21:9c:f7:bd:9b:da:3b:a8:
         95:9e:60:5e:59:ff:21:e0:d1:85:89:aa:87:c7:0e:71:75:a3:
         51:05:a9:13:03:0d:6b:36:e8:3a:0a:54:b2:a3:b6:06:6c:dc:
         0e:fb:ac:8a:8f:c7:6c:85:d2:68:8e:c1:79:36:9e:43:cc:aa:
         63:67:84:15:89:03:36:78:b3:81:e6:f2:19:04:1a:8e:cc:d9:
         2a:c4:8d:80:cf:fd:14:5e:62:cd:4a:9a:7c:49:5a:c4:af:00:
         13:58:69:f7:0e:19:3a:dd:ad:d3:6c:07:d7:e0:04:6d:59:0d:
         bf:b5:98:36:61:3b:7a:c0:a6:df:00:14:95:8d:d7:49:df:88:
         b5:72:73:7d:de:06:34:1c:0b:db:4c:13:ad:7b:9d:22:92:64:
         8e:29:f0:9e:af:c1:04:03:9e:54:62:d5:8f:da:00:81:61:66:
         b2:a3:48:4d:99:a5:5e:b7:05:a7:19:04:bd:f9:67:46:94:b8:
         9a:63:8a:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZUjy1SyrsgZGew8giOT3VALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMjIwMTQzODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA2NTlhODg2NjMwYTA1OTlhNTFlY2M1ZDg2NDc5N2NiYzZhNGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ccquGk+8n7daXOnjH5qRBTrmYyc
uXpzB+E3NOMF8xSvzzV5y88xvAvFtY5I2Mz8/cvcWIpJOSi9CLf4/FTl/0Vl8YP4
3zSz+BND49atpayh7gXmM4xCAht+Rcxuc5RUPGy9JwkyccPVnz+XQkqXqktC6ppa
IlVumx7fy3M2UO2F/L4TptMJZu7MAH3xhr9hLfmoIjdK7poCQy1vi6zqqFbqUDEU
npDdyWLh1dpPlRYYettps6IAwgktMgX2+YWnqoiYKIMHvGsCJ2GAbWKvRFwJ0a3l
ds8NBA1FBlSlyDv/fBN6/UovqQh1ud3ceuAkSheB8H+uvAgDrL2HoEsOOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOwGWaiGYwoFmaUezF2GR5fLxqSjMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvN0FaWnFJWmpDZ1dacFI3TVhZWkhsOHZHcEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+IQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB0+ZFgAtDTi/bBWmFVSU5/VBL4UmdtHCa8EfgW
NxhgSR93B1Yx1MlNapJkWG/4qoYMErh2iv9ChwsWtDid2d7EIZz3vZvaO6iVnmBe
Wf8h4NGFiaqHxw5xdaNRBakTAw1rNug6ClSyo7YGbNwO+6yKj8dshdJojsF5Np5D
zKpjZ4QViQM2eLOB5vIZBBqOzNkqxI2Az/0UXmLNSpp8SVrErwATWGn3Dhk63a3T
bAfX4ARtWQ2/tZg2YTt6wKbfABSVjddJ34i1cnN93gY0HAvbTBOte50ikmSOKfCe
r8EEA55UYtWP2gCBYWayo0hNmaVetwWnGQS9+WdGlLiaY4rl
-----END CERTIFICATE-----