Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/ZGAAIEbHqaO9ocKXBuyPCJHOK4Q.roa
File:                     ZGAAIEbHqaO9ocKXBuyPCJHOK4Q.roa (raw, json)
Hash identifier:          zo/Lf5y0o4dx5HHn9iwdS1BxAwJJz2SLb/lxly7foaQ=
Subject key identifier:   64:60:00:20:46:C7:A9:A3:BD:A1:C2:97:06:EC:8F:08:91:CE:2B:84
Certificate issuer:       /CN=2e3487da65e85e87bdac4f5f6758dc6c20ef9763
Certificate serial:       0197D6C23A6D214806C0EA8618AD2143C8B9
Authority key identifier: 2E:34:87:DA:65:E8:5E:87:BD:AC:4F:5F:67:58:DC:6C:20:EF:97:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/ZGAAIEbHqaO9ocKXBuyPCJHOK4Q.roa
Signing time:             Fri 04 Jul 2025 18:45:42 +0000
ROA not before:           Fri 04 Jul 2025 18:45:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f2c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d6:c2:3a:6d:21:48:06:c0:ea:86:18:ad:21:43:c8:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e3487da65e85e87bdac4f5f6758dc6c20ef9763
        Validity
            Not Before: Jul  4 18:45:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6460002046c7a9a3bda1c29706ec8f0891ce2b84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c7:8e:40:45:98:61:da:58:e1:45:c6:64:1c:
                    06:da:07:a1:3b:d1:bf:f3:05:e3:a1:4c:07:8e:c2:
                    58:4f:e2:16:66:7b:cd:63:91:26:0d:e7:e8:f7:6e:
                    e6:d9:38:7b:b3:ed:91:6a:75:50:86:7c:6e:db:a6:
                    dd:28:9a:d9:72:a9:be:8d:22:8a:c6:39:87:0c:5f:
                    fa:f6:ae:b5:40:a6:ff:93:d7:ec:9f:1d:d7:67:81:
                    b4:7d:23:58:96:2a:6a:9a:98:cc:f1:5b:9a:8b:f9:
                    23:46:6e:7c:9b:89:dc:d7:ba:6f:3f:8f:21:a5:a0:
                    a1:f0:1f:f0:26:05:9b:e0:08:e8:57:2c:45:95:b6:
                    93:23:91:7f:d7:bc:58:e8:c6:34:f1:b8:64:8b:77:
                    0b:20:26:f0:da:38:56:62:1e:f7:15:d0:d1:2a:cc:
                    24:00:f1:19:e3:a4:fe:7b:d4:2c:41:05:e4:66:49:
                    73:32:60:68:4f:4b:f3:28:ac:b4:c2:45:6f:18:e2:
                    c0:da:d3:c8:55:d7:44:38:69:f3:87:39:22:eb:75:
                    84:88:a5:23:93:bc:0b:45:1e:5f:27:d5:83:2d:73:
                    55:9b:1b:06:db:3f:e6:e2:c2:d7:d7:27:f3:d5:75:
                    74:f0:a8:34:68:e7:c4:6f:5c:92:b0:fb:d4:1c:41:
                    85:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:60:00:20:46:C7:A9:A3:BD:A1:C2:97:06:EC:8F:08:91:CE:2B:84
            X509v3 Authority Key Identifier:
                keyid:2E:34:87:DA:65:E8:5E:87:BD:AC:4F:5F:67:58:DC:6C:20:EF:97:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/ZGAAIEbHqaO9ocKXBuyPCJHOK4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/2fe094-373c-44f6-93e0-d0aecd5d7042/1/LjSH2mXoXoe9rE9fZ1jcbCDvl2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:96:eb:02:f7:aa:d1:5c:20:d2:79:19:2b:74:48:45:0c:59:
         8a:5b:e2:51:13:ad:13:81:9b:a9:5f:f7:ce:4d:eb:c9:d4:04:
         72:91:e9:82:a2:a8:ee:dc:a3:ef:68:16:7b:87:32:43:42:fa:
         d1:02:53:74:6b:93:6c:f7:47:36:89:45:47:57:ec:b6:f6:d7:
         45:f8:c6:6a:ed:e7:c1:bf:04:8f:59:e2:30:2d:13:88:32:db:
         d4:98:aa:1d:76:bc:ec:fe:f1:2f:f4:8c:04:4a:94:43:a3:fc:
         50:19:1d:f0:0e:36:7c:f3:1c:7a:cd:6b:71:03:45:65:a5:28:
         c1:e4:41:93:c7:60:73:82:b9:98:90:cb:bc:7c:a1:64:b3:fb:
         d0:78:a3:06:63:ff:a8:3a:be:ad:9e:de:0c:16:76:c7:98:37:
         e3:2b:50:9e:3e:64:b9:da:05:60:ed:a5:e4:af:fb:2c:fd:88:
         2c:ab:31:07:90:a5:fc:e0:b1:e8:f4:8c:f5:e2:87:31:ed:37:
         ef:7f:eb:5c:56:78:98:80:c9:d9:94:dc:db:14:90:1d:2a:ba:
         29:8a:45:75:d2:1b:9c:78:5b:c4:72:fa:74:4b:99:78:ba:da:
         30:bc:f0:19:a7:01:c0:21:33:a9:b4:b7:3f:44:fc:45:3d:dc:
         96:1a:ab:80
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfWwjptIUgGwOqGGK0hQ8i5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzQ4N2RhNjVlODVlODdiZGFjNGY1ZjY3NThkYzZjMjBl
Zjk3NjMwHhcNMjUwNzA0MTg0NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDYwMDAyMDQ2YzdhOWEzYmRhMWMyOTcwNmVjOGYwODkxY2UyYjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MeOQEWYYdpY4UXGZBwG2gehO9G/
8wXjoUwHjsJYT+IWZnvNY5EmDefo927m2Th7s+2RanVQhnxu26bdKJrZcqm+jSKK
xjmHDF/69q61QKb/k9fsnx3XZ4G0fSNYlipqmpjM8Vuai/kjRm58m4nc17pvP48h
paCh8B/wJgWb4AjoVyxFlbaTI5F/17xY6MY08bhki3cLICbw2jhWYh73FdDRKswk
APEZ46T+e9QsQQXkZklzMmBoT0vzKKy0wkVvGOLA2tPIVddEOGnzhzki63WEiKUj
k7wLRR5fJ9WDLXNVmxsG2z/m4sLX1yfz1XV08Kg0aOfEb1ySsPvUHEGFxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGRgACBGx6mjvaHClwbsjwiRziuEMB8GA1UdIwQY
MBaAFC40h9pl6F6HvaxPX2dY3Gwg75djMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGpTSDJtWG9Yb2U5ckU5ZloxamNiQ0R2bDJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8yZmUwOTQtMzczYy00NGY2LTkzZTAt
ZDBhZWNkNWQ3MDQyLzEvWkdBQUlFYkhxYU85b2NLWEJ1eVBDSkhPSzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8yZmUwOTQtMzczYy00NGY2LTkzZTAtZDBhZWNkNWQ3MDQy
LzEvTGpTSDJtWG9Yb2U5ckU5ZloxamNiQ0R2bDJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHywDAN
BgkqhkiG9w0BAQsFAAOCAQEAaJbrAveq0Vwg0nkZK3RIRQxZilviUROtE4GbqV/3
zk3rydQEcpHpgqKo7tyj72gWe4cyQ0L60QJTdGuTbPdHNolFR1fstvbXRfjGau3n
wb8Ej1niMC0TiDLb1JiqHXa87P7xL/SMBEqUQ6P8UBkd8A42fPMces1rcQNFZaUo
weRBk8dgc4K5mJDLvHyhZLP70HijBmP/qDq+rZ7eDBZ2x5g34ytQnj5kudoFYO2l
5K/7LP2ILKsxB5Cl/OCx6PSM9eKHMe0373/rXFZ4mIDJ2ZTc2xSQHSq6KYpFddIb
nHhbxHL6dEuZeLraMLzwGacBwCEzqbS3P0T8RT3clhqrgA==
-----END CERTIFICATE-----