Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/j9ANTGXNLKZqCMR8j1mDl-5bWAQ.roa
File:                     j9ANTGXNLKZqCMR8j1mDl-5bWAQ.roa (raw, json)
Hash identifier:          T5TPEYzacGZCdsAwp31jsMUUNvvng/UGIsuadAMlPjE=
Subject key identifier:   8F:D0:0D:4C:65:CD:2C:A6:6A:08:C4:7C:8F:59:83:97:EE:5B:58:04
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EE6B1D10448C4251F88B70DFBE36F
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/j9ANTGXNLKZqCMR8j1mDl-5bWAQ.roa
Signing time:             Thu 02 Jan 2025 05:48:29 +0000
ROA not before:           Thu 02 Jan 2025 05:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211323
IP address blocks:        2a0e:aa07:e01e::/48 maxlen: 48
                          2a0e:aa07:f080::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e6:b1:d1:04:48:c4:25:1f:88:b7:0d:fb:e3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fd00d4c65cd2ca66a08c47c8f598397ee5b5804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1f:6f:5e:27:34:56:13:43:67:b0:ea:0a:32:
                    96:6c:aa:12:a9:93:22:41:9b:17:ad:8e:8e:13:30:
                    f3:10:85:e9:de:d5:6c:c1:89:93:28:3a:f9:d5:3f:
                    ac:3c:d1:bc:32:2f:3e:74:77:cd:2b:c6:b3:dd:e7:
                    d1:1d:5d:55:25:4b:16:90:ff:be:21:ad:03:dc:2c:
                    fb:71:2e:60:5a:ff:b9:35:b2:2a:b0:7f:70:a3:7a:
                    33:d4:c7:18:36:ed:e2:42:69:ac:88:2d:20:42:c3:
                    43:aa:2d:53:fe:c6:06:6a:a4:1e:40:0c:d9:4a:4f:
                    6d:32:e9:19:74:3b:6b:42:8b:e2:d4:0f:32:9b:94:
                    23:ca:5d:e7:27:7a:1a:4b:49:4e:d1:04:ef:4f:c6:
                    ee:45:cc:f0:65:a2:88:bb:bb:66:07:35:29:7a:f5:
                    9e:1b:25:09:8c:c2:20:35:0c:52:68:70:19:f5:e0:
                    b3:81:45:2b:5c:50:7b:a9:00:a2:73:0e:ad:33:16:
                    6d:ce:de:fe:3b:55:2a:d2:8c:b2:0e:8b:c9:b8:0e:
                    4d:ed:e6:d4:12:87:c7:ed:20:08:53:51:9c:1a:91:
                    c7:6f:78:a2:d3:3f:1e:40:c6:fb:7d:77:9a:50:7b:
                    75:d0:ad:f5:88:e6:fa:2f:f1:59:b2:96:17:70:e9:
                    69:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D0:0D:4C:65:CD:2C:A6:6A:08:C4:7C:8F:59:83:97:EE:5B:58:04
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/j9ANTGXNLKZqCMR8j1mDl-5bWAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e01e::/48
                  2a0e:aa07:f080::/44

    Signature Algorithm: sha256WithRSAEncryption
         6a:6c:ac:52:e0:67:97:52:37:74:25:64:30:8e:34:cf:db:bd:
         2c:93:df:dd:3d:0b:9d:fe:80:ab:92:88:97:7a:eb:7d:a2:e6:
         e1:a3:0d:1c:b7:83:f5:5b:2d:8b:f4:58:52:cb:e4:7d:cc:a1:
         fb:38:0a:3f:19:15:de:f4:5e:77:d4:e0:9f:26:d8:07:3e:45:
         e3:a4:11:eb:67:4c:cc:0b:15:f3:5d:17:45:c8:f4:29:eb:54:
         79:d0:d1:06:fc:a6:e8:f2:a3:13:96:2a:a2:12:6d:a4:0b:8f:
         a6:a2:92:d9:fc:61:38:f7:d3:d7:a8:b7:92:78:ec:b6:df:02:
         d3:ba:87:a9:41:d6:c2:50:d5:e5:42:68:ef:ee:a6:03:7e:f3:
         50:6d:87:30:96:50:1b:86:14:4b:c3:a0:2c:d5:31:8c:d1:c5:
         88:a0:1b:a2:38:d5:fb:3b:88:76:c1:c1:b9:ac:d4:0b:90:52:
         bb:48:02:d8:a4:6c:01:b5:39:55:b4:41:1c:9d:4a:76:2c:fe:
         3f:3f:ff:32:c7:3a:1d:fb:73:38:fb:75:3d:87:e5:52:2c:f9:
         7f:84:a4:d4:c9:a4:ab:c0:42:5d:aa:b8:3a:81:4a:a1:18:28:
         7e:f0:09:85:46:a2:3d:c7:1b:b8:32:9d:7b:cc:c5:2a:f9:b9:
         a5:6e:16:b8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQljuax0QRIxCUfiLcN++NvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQwMGQ0YzY1Y2QyY2E2NmEwOGM0N2M4ZjU5ODM5N2VlNWI1ODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwh9vXic0VhNDZ7DqCjKWbKoSqZMi
QZsXrY6OEzDzEIXp3tVswYmTKDr51T+sPNG8Mi8+dHfNK8az3efRHV1VJUsWkP++
Ia0D3Cz7cS5gWv+5NbIqsH9wo3oz1McYNu3iQmmsiC0gQsNDqi1T/sYGaqQeQAzZ
Sk9tMukZdDtrQovi1A8ym5Qjyl3nJ3oaS0lO0QTvT8buRczwZaKIu7tmBzUpevWe
GyUJjMIgNQxSaHAZ9eCzgUUrXFB7qQCicw6tMxZtzt7+O1Uq0oyyDovJuA5N7ebU
EofH7SAIU1GcGpHHb3ii0z8eQMb7fXeaUHt10K31iOb6L/FZspYXcOlpzQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI/QDUxlzSymagjEfI9Zg5fuW1gEMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvajlBTlRHWE5MS1pxQ01SOGoxbURsLTViV0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6qB+Ae
AwcEKg6qB/CAMA0GCSqGSIb3DQEBCwUAA4IBAQBqbKxS4GeXUjd0JWQwjjTP270s
k9/dPQud/oCrkoiXeut9oubhow0ct4P1Wy2L9FhSy+R9zKH7OAo/GRXe9F531OCf
JtgHPkXjpBHrZ0zMCxXzXRdFyPQp61R50NEG/Kbo8qMTliqiEm2kC4+mopLZ/GE4
99PXqLeSeOy23wLTuoepQdbCUNXlQmjv7qYDfvNQbYcwllAbhhRLw6As1TGM0cWI
oBuiONX7O4h2wcG5rNQLkFK7SALYpGwBtTlVtEEcnUp2LP4/P/8yxzod+3M4+3U9
h+VSLPl/hKTUyaSrwEJdqrg6gUqhGCh+8AmFRqI9xxu4Mp17zMUq+bmlbha4
-----END CERTIFICATE-----