Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/u2Nkd-CTDaj_Mwavm_6trRRsm9o.roa
File:                     u2Nkd-CTDaj_Mwavm_6trRRsm9o.roa (raw, json)
Hash identifier:          1Sh5S1PBZ0UDfNAliBicVX6rdYVqGSXftCZdH5kXc+0=
Subject key identifier:   BB:63:64:77:E0:93:0D:A8:FF:33:06:AF:9B:FE:AD:AD:14:6C:9B:DA
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EEB75C6415DCFC8995E6A44FDC591
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/u2Nkd-CTDaj_Mwavm_6trRRsm9o.roa
Signing time:             Thu 02 Jan 2025 05:48:30 +0000
ROA not before:           Thu 02 Jan 2025 05:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212802
IP address blocks:        2a0e:aa07:e016::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:eb:75:c6:41:5d:cf:c8:99:5e:6a:44:fd:c5:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb636477e0930da8ff3306af9bfeadad146c9bda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ef:7a:f5:c6:79:a4:8d:43:eb:3a:47:9c:a9:
                    f0:b9:1e:21:0a:6e:a2:cd:b4:34:7e:ce:89:19:b9:
                    23:f0:eb:30:a2:64:f6:1a:63:95:10:c1:5f:15:4f:
                    f0:0f:81:9b:b8:9c:ca:71:ff:8c:aa:ff:3c:74:09:
                    98:e7:4c:5e:f4:ba:4a:02:db:85:f6:34:91:09:94:
                    27:b5:0c:ab:b8:06:da:37:36:a4:8e:c2:6d:b2:02:
                    a0:50:4b:f1:95:a7:0f:0d:ae:01:ff:7e:9f:92:08:
                    60:91:cd:67:d8:7d:b6:70:81:8e:af:50:54:d0:ea:
                    ac:55:d9:4f:c9:ec:24:a9:8a:19:c5:d9:15:4d:94:
                    9a:d3:3a:2b:2a:26:67:7b:04:84:0a:e1:9b:a9:e5:
                    68:2c:4b:3f:f7:1a:94:db:e3:35:69:4a:28:09:58:
                    94:fe:50:bc:3d:1a:8f:a0:72:22:d8:99:9e:1d:d0:
                    03:49:46:8e:ff:69:86:46:53:6c:3f:8f:1e:18:85:
                    e1:ad:e0:3c:23:9c:1c:d8:20:aa:76:34:10:ff:9c:
                    76:ca:d2:04:42:b2:b5:03:f8:90:8e:96:56:50:b5:
                    85:71:c8:06:82:ea:89:db:7b:8f:9d:4e:74:4a:9f:
                    0e:85:60:3a:83:90:5b:06:4f:ff:1a:9a:c4:36:f5:
                    5f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:63:64:77:E0:93:0D:A8:FF:33:06:AF:9B:FE:AD:AD:14:6C:9B:DA
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/u2Nkd-CTDaj_Mwavm_6trRRsm9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e016::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:cd:44:af:a4:b0:00:72:0b:23:bf:02:15:8f:68:16:65:3a:
         2e:7a:64:fe:98:ea:a3:ae:74:ac:ec:73:2d:a4:b6:9f:e3:eb:
         a8:5b:aa:34:38:f1:f2:77:7e:11:b8:8d:92:bb:75:c2:bb:26:
         9f:ac:0b:e9:02:86:53:82:54:d0:42:f4:c5:fc:01:73:d1:ea:
         ca:50:fe:2b:04:38:71:df:70:84:b8:88:84:97:98:ce:08:6a:
         78:9b:61:73:0d:98:d7:80:8a:05:90:bd:40:51:a7:3f:07:9b:
         e5:ab:77:7b:05:13:b1:a2:1d:48:bf:de:1a:34:29:26:db:c9:
         37:d0:89:fa:aa:d2:2e:cc:ab:71:53:48:4b:4b:cd:7b:95:d2:
         dd:8d:43:ab:fd:50:d7:00:fc:81:c7:8a:96:b4:8a:ad:99:ec:
         de:7a:0e:9a:7a:a4:e9:8f:16:a9:4d:c2:63:bb:3d:22:6d:e7:
         6b:04:13:26:76:3d:56:99:6b:e9:d1:ad:ce:ba:71:9a:30:71:
         98:29:fb:29:4f:50:2f:74:31:ef:3f:a2:ac:d4:8d:31:58:0f:
         4b:be:ca:b6:c8:ee:c6:df:0d:4c:66:0b:78:6d:26:e7:95:aa:
         01:77:ad:72:54:0d:33:c2:90:5e:75:f5:85:3f:91:50:57:59:
         09:f8:0b:9d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljut1xkFdz8iZXmpE/cWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjYzNjQ3N2UwOTMwZGE4ZmYzMzA2YWY5YmZlYWRhZDE0NmM5YmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu969cZ5pI1D6zpHnKnwuR4hCm6i
zbQ0fs6JGbkj8OswomT2GmOVEMFfFU/wD4GbuJzKcf+Mqv88dAmY50xe9LpKAtuF
9jSRCZQntQyruAbaNzakjsJtsgKgUEvxlacPDa4B/36fkghgkc1n2H22cIGOr1BU
0OqsVdlPyewkqYoZxdkVTZSa0zorKiZnewSECuGbqeVoLEs/9xqU2+M1aUooCViU
/lC8PRqPoHIi2JmeHdADSUaO/2mGRlNsP48eGIXhreA8I5wc2CCqdjQQ/5x2ytIE
QrK1A/iQjpZWULWFccgGguqJ23uPnU50Sp8OhWA6g5BbBk//GprENvVfbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLtjZHfgkw2o/zMGr5v+ra0UbJvaMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvdTJOa2QtQ1REYWpfTXdhdm1fNnRyUlJzbTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+AW
MA0GCSqGSIb3DQEBCwUAA4IBAQBZzUSvpLAAcgsjvwIVj2gWZTouemT+mOqjrnSs
7HMtpLaf4+uoW6o0OPHyd34RuI2Su3XCuyafrAvpAoZTglTQQvTF/AFz0erKUP4r
BDhx33CEuIiEl5jOCGp4m2FzDZjXgIoFkL1AUac/B5vlq3d7BROxoh1Iv94aNCkm
28k30In6qtIuzKtxU0hLS817ldLdjUOr/VDXAPyBx4qWtIqtmezeeg6aeqTpjxap
TcJjuz0ibedrBBMmdj1WmWvp0a3OunGaMHGYKfspT1AvdDHvP6Ks1I0xWA9Lvsq2
yO7G3w1MZgt4bSbnlaoBd61yVA0zwpBedfWFP5FQV1kJ+Aud
-----END CERTIFICATE-----