Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9wWG0BIFaYwreO7QlbIUTcJVNzA.roa
File:                     9wWG0BIFaYwreO7QlbIUTcJVNzA.roa (raw, json)
Hash identifier:          vsqXfMtkSlAuJA9eNVkvktrCbkmDKqjMtHuNezJuhJQ=
Subject key identifier:   F7:05:86:D0:12:05:69:8C:2B:78:EE:D0:95:B2:14:4D:C2:55:37:30
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EDDC5D62D00F2229EB7A8840D90CE
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9wWG0BIFaYwreO7QlbIUTcJVNzA.roa
Signing time:             Thu 02 Jan 2025 05:48:27 +0000
ROA not before:           Thu 02 Jan 2025 05:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209306
IP address blocks:        2a0e:aa06:400::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:dd:c5:d6:2d:00:f2:22:9e:b7:a8:84:0d:90:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f70586d01205698c2b78eed095b2144dc2553730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:26:3b:03:a1:1f:ab:bd:a7:64:c8:44:56:a6:
                    40:24:e2:de:84:3b:c4:86:f6:00:3e:8e:47:b1:e6:
                    55:82:c0:de:7e:1e:b5:4b:25:de:43:e8:90:7f:fb:
                    98:c3:8d:1e:0b:12:0a:04:29:8a:bc:74:1e:1e:d3:
                    02:de:50:65:17:5e:90:d1:e7:11:e7:98:19:2e:05:
                    85:26:36:d2:f2:51:d8:5e:6c:63:22:b6:e1:55:09:
                    e2:02:63:8f:94:82:04:c4:81:f8:55:5a:a9:0c:a6:
                    4a:20:10:07:18:31:1b:fc:de:f7:e0:53:16:32:f9:
                    f8:00:c0:96:ae:e8:c7:6f:a2:79:90:8e:49:26:f4:
                    ad:5c:0b:1d:d8:11:1f:4d:a8:63:cf:e8:c5:8f:3d:
                    9b:61:38:6c:f9:77:34:2a:36:97:28:08:8e:c9:fc:
                    85:42:9b:f0:a8:ef:c1:a5:6e:a3:14:fd:f0:7f:39:
                    12:69:37:42:23:98:c8:a0:37:7b:ae:17:3f:7d:25:
                    c3:c6:59:e5:07:c9:c1:9b:c6:e6:4c:da:0a:48:57:
                    33:f1:57:d6:11:75:9b:0f:59:c6:0b:f2:f0:7a:c2:
                    8c:37:48:b1:d8:2f:9b:37:82:11:e9:61:5f:81:65:
                    8d:96:af:a0:3c:93:79:eb:08:ea:60:f1:b7:29:d4:
                    28:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:05:86:D0:12:05:69:8C:2B:78:EE:D0:95:B2:14:4D:C2:55:37:30
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/9wWG0BIFaYwreO7QlbIUTcJVNzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:f9:fb:e1:5a:20:aa:63:9d:0c:00:03:94:2a:35:54:e6:91:
         52:fe:f2:f6:15:fe:a9:c8:8f:07:90:77:5c:26:c1:6b:53:c4:
         ea:79:72:ee:73:5b:b8:a2:31:0d:38:79:92:8b:6b:3b:a7:09:
         d4:31:a0:61:38:2a:c8:4c:39:3c:37:0e:4c:5f:e5:f6:8c:12:
         25:a5:b0:82:8d:02:c9:66:2f:85:b6:8f:60:79:e9:63:bc:97:
         76:4e:55:57:b3:50:8e:7e:f6:54:ba:bc:c3:9d:11:60:7a:83:
         a4:3b:b2:03:93:aa:a6:7b:30:e4:d4:89:9f:80:b7:fe:85:67:
         b4:c3:63:36:a6:f2:00:5b:cc:1d:2f:18:9a:fc:4c:11:23:70:
         d9:92:61:1e:ef:8d:81:0f:40:51:08:5b:19:42:a0:ea:5b:73:
         b3:96:39:25:1b:9c:34:68:20:ca:73:b3:04:89:40:f7:84:8f:
         49:33:8f:2d:f5:18:1c:31:a3:83:9b:30:25:43:40:65:7a:bd:
         a9:75:c2:fd:76:57:3b:9d:a7:38:b9:d1:ef:b4:8c:13:e7:65:
         58:8e:10:c9:d5:f9:71:41:8f:76:9c:ac:f3:dc:f4:db:ee:fc:
         33:19:ae:0a:68:0b:ee:e9:e9:8e:a0:15:19:d1:16:39:8e:7d:
         16:b6:f7:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljt3F1i0A8iKet6iEDZDOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzA1ODZkMDEyMDU2OThjMmI3OGVlZDA5NWIyMTQ0ZGMyNTUzNzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSY7A6Efq72nZMhEVqZAJOLehDvE
hvYAPo5HseZVgsDefh61SyXeQ+iQf/uYw40eCxIKBCmKvHQeHtMC3lBlF16Q0ecR
55gZLgWFJjbS8lHYXmxjIrbhVQniAmOPlIIExIH4VVqpDKZKIBAHGDEb/N734FMW
Mvn4AMCWrujHb6J5kI5JJvStXAsd2BEfTahjz+jFjz2bYThs+Xc0KjaXKAiOyfyF
QpvwqO/BpW6jFP3wfzkSaTdCI5jIoDd7rhc/fSXDxlnlB8nBm8bmTNoKSFcz8VfW
EXWbD1nGC/LwesKMN0ix2C+bN4IR6WFfgWWNlq+gPJN56wjqYPG3KdQouQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPcFhtASBWmMK3ju0JWyFE3CVTcwMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvOXdXRzBCSUZhWXdyZU83UWxiSVVUY0pWTnpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qBgQA
MA0GCSqGSIb3DQEBCwUAA4IBAQA8+fvhWiCqY50MAAOUKjVU5pFS/vL2Ff6pyI8H
kHdcJsFrU8TqeXLuc1u4ojENOHmSi2s7pwnUMaBhOCrITDk8Nw5MX+X2jBIlpbCC
jQLJZi+Fto9geeljvJd2TlVXs1COfvZUurzDnRFgeoOkO7IDk6qmezDk1ImfgLf+
hWe0w2M2pvIAW8wdLxia/EwRI3DZkmEe742BD0BRCFsZQqDqW3OzljklG5w0aCDK
c7MEiUD3hI9JM48t9RgcMaODmzAlQ0Bler2pdcL9dlc7nac4udHvtIwT52VYjhDJ
1flxQY92nKzz3PTb7vwzGa4KaAvu6emOoBUZ0RY5jn0WtvcL
-----END CERTIFICATE-----