Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MD3bCLvZMN7ILF3LxWTXBIq9RF4.roa
File:                     MD3bCLvZMN7ILF3LxWTXBIq9RF4.roa (raw, json)
Hash identifier:          ZK52lufJoIMFu/YnuoFU4yBbWU4FHR6WbpoyPLZc1KA=
Subject key identifier:   30:3D:DB:08:BB:D9:30:DE:C8:2C:5D:CB:C5:64:D7:04:8A:BD:44:5E
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBE2A5A8876752D63CEC408E8EC024
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MD3bCLvZMN7ILF3LxWTXBIq9RF4.roa
Signing time:             Wed 01 Jan 2025 17:48:40 +0000
ROA not before:           Wed 01 Jan 2025 17:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207965
IP address blocks:        2a0c:9a40:8010::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e2:a5:a8:87:67:52:d6:3c:ec:40:8e:8e:c0:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=303ddb08bbd930dec82c5dcbc564d7048abd445e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:dd:c4:b3:d7:5c:86:22:9e:36:81:6a:3f:ab:
                    04:21:b5:9a:79:00:c7:5a:ef:98:5b:77:98:01:ba:
                    18:97:a3:08:8d:65:a3:41:6b:e3:89:22:b7:a9:e1:
                    26:29:e6:d6:60:dc:82:a2:f7:23:9d:a0:67:e5:61:
                    8b:18:46:19:f6:40:93:a6:e9:c1:a0:6e:06:6a:54:
                    75:db:cf:2e:74:49:28:91:8f:35:0c:8f:24:81:22:
                    77:1e:93:e3:87:f8:32:f7:05:fe:8f:1c:c3:10:5a:
                    a4:7d:2e:03:d1:5b:c5:38:7f:a7:ee:7f:bf:96:5e:
                    90:ec:e7:78:65:4b:6c:e3:a8:89:26:cc:b7:4b:f4:
                    7c:7a:54:cc:d9:f2:40:c0:a4:5e:3e:c7:fa:17:e4:
                    cd:72:48:f9:10:e5:49:33:04:ee:5d:4c:ae:15:78:
                    fd:9a:ad:1e:65:56:48:99:da:1e:ed:fe:a9:94:d7:
                    25:e7:8a:28:56:d3:f5:d8:70:a4:c5:9a:70:7d:ce:
                    2f:c7:e7:5e:18:79:e4:43:8f:92:6d:aa:1c:9b:75:
                    02:f4:8a:41:43:fc:b5:07:c8:f7:9d:7b:7b:63:c7:
                    55:6f:d1:64:03:0b:6f:f5:af:2e:d9:5e:78:f7:15:
                    7c:af:61:96:c8:f9:b1:00:b5:7c:f1:98:26:57:47:
                    37:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3D:DB:08:BB:D9:30:DE:C8:2C:5D:CB:C5:64:D7:04:8A:BD:44:5E
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MD3bCLvZMN7ILF3LxWTXBIq9RF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8010::/44

    Signature Algorithm: sha256WithRSAEncryption
         61:c4:86:67:08:36:e7:c5:af:f3:2c:d4:ae:4f:70:e2:ae:b9:
         92:56:65:02:77:91:97:9a:4d:3d:17:05:ba:a4:20:bd:29:e8:
         3a:66:15:57:a8:ef:d5:bc:ef:0c:83:22:ce:7a:1d:ad:3f:40:
         7f:ec:f1:c8:2b:bc:98:b1:58:3b:b0:ed:b1:9e:84:28:70:e9:
         df:22:5d:a1:d4:c0:83:d1:bb:5a:4f:84:50:e9:a7:f3:2c:25:
         0b:3c:96:17:e8:7d:f3:58:72:b1:22:0f:21:91:07:64:cb:f3:
         f3:88:1c:a5:2b:03:f6:b1:cb:5e:40:79:65:b7:ca:ed:26:a3:
         69:67:b4:a3:96:cf:07:d2:09:4b:4f:cb:f1:a2:90:02:47:39:
         9d:e9:13:60:8d:0f:4b:31:ff:dd:64:4a:72:cb:cd:ee:a9:0b:
         31:47:9e:e2:77:ef:e3:de:f9:99:1f:21:4e:8c:c3:9d:6e:e4:
         f2:59:86:9e:bd:fe:6d:91:d0:32:42:d7:72:79:0a:84:f4:ae:
         c9:fd:33:34:d3:cf:17:35:e8:21:35:8f:1e:59:e0:f6:7d:0b:
         78:2c:3f:8f:fd:22:dd:00:08:24:8f:06:e0:1b:93:e1:e8:47:
         09:68:01:82:67:18:0e:c4:e5:ee:11:d5:cf:e5:09:65:73:75:
         a5:0a:7b:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi++KlqIdnUtY87ECOjsAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDNkZGIwOGJiZDkzMGRlYzgyYzVkY2JjNTY0ZDcwNDhhYmQ0NDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq93Es9dchiKeNoFqP6sEIbWaeQDH
Wu+YW3eYAboYl6MIjWWjQWvjiSK3qeEmKebWYNyCovcjnaBn5WGLGEYZ9kCTpunB
oG4GalR1288udEkokY81DI8kgSJ3HpPjh/gy9wX+jxzDEFqkfS4D0VvFOH+n7n+/
ll6Q7Od4ZUts46iJJsy3S/R8elTM2fJAwKRePsf6F+TNckj5EOVJMwTuXUyuFXj9
mq0eZVZImdoe7f6plNcl54ooVtP12HCkxZpwfc4vx+deGHnkQ4+Sbaocm3UC9IpB
Q/y1B8j3nXt7Y8dVb9FkAwtv9a8u2V549xV8r2GWyPmxALV88ZgmV0c3mQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDA92wi72TDeyCxdy8Vk1wSKvUReMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvTUQzYkNMdlpNTjdJTEYzTHhXVFhCSXE5UkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBhxIZnCDbnxa/zLNSuT3DirrmSVmUCd5GXmk09
FwW6pCC9Keg6ZhVXqO/VvO8MgyLOeh2tP0B/7PHIK7yYsVg7sO2xnoQocOnfIl2h
1MCD0btaT4RQ6afzLCULPJYX6H3zWHKxIg8hkQdky/PziBylKwP2scteQHllt8rt
JqNpZ7Sjls8H0glLT8vxopACRzmd6RNgjQ9LMf/dZEpyy83uqQsxR57id+/j3vmZ
HyFOjMOdbuTyWYaevf5tkdAyQtdyeQqE9K7J/TM0088XNeghNY8eWeD2fQt4LD+P
/SLdAAgkjwbgG5Ph6EcJaAGCZxgOxOXuEdXP5Qllc3WlCnve
-----END CERTIFICATE-----