Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Vaju6EPZKxeSja7ocFARdDr7iCI.roa
File:                     Vaju6EPZKxeSja7ocFARdDr7iCI.roa (raw, json)
Hash identifier:          4ClGiQ8uM9Bw8aoKlfi7jQWVNPpQjVdIySo3v/qYpvM=
Subject key identifier:   55:A8:EE:E8:43:D9:2B:17:92:8D:AE:E8:70:50:11:74:3A:FB:88:22
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBEA288A50D90E194CD8340C25DC12
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Vaju6EPZKxeSja7ocFARdDr7iCI.roa
Signing time:             Wed 01 Jan 2025 17:48:42 +0000
ROA not before:           Wed 01 Jan 2025 17:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212983
IP address blocks:        2a0c:9a40:8180::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ea:28:8a:50:d9:0e:19:4c:d8:34:0c:25:dc:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55a8eee843d92b17928daee8705011743afb8822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c7:32:3d:62:15:8a:74:6a:22:08:02:e7:6b:
                    15:fc:0d:9b:a2:ec:3d:2d:fa:e0:f1:39:f3:b1:b9:
                    cb:00:55:08:7d:7f:0f:20:1f:fd:5f:79:19:fd:6b:
                    90:68:7b:9b:2c:90:2a:18:6c:9d:d7:e4:a6:59:be:
                    fd:d0:94:fe:b2:21:23:a1:65:12:9a:45:e4:cb:a7:
                    8d:f1:87:d6:b7:f3:2f:cf:3e:b9:2d:e7:d8:60:84:
                    45:fb:4a:c3:33:7c:b4:88:c4:e8:95:11:6b:49:de:
                    f0:90:5f:37:05:f0:38:85:18:5d:b5:b0:be:9e:7c:
                    a3:5f:c7:42:ae:5f:ef:55:65:28:52:56:c9:e0:5e:
                    15:b7:e5:59:e1:54:35:2b:4f:b2:bc:48:32:45:24:
                    68:1b:10:54:38:d1:4d:c1:ed:7f:43:a0:3e:81:e3:
                    7c:76:5e:68:12:70:d0:a8:a2:93:ea:aa:20:1b:10:
                    2f:de:b0:56:9a:c8:57:53:46:b6:66:e3:51:c0:a5:
                    bd:cd:68:cf:d3:25:b0:36:45:d1:61:34:bf:e1:8c:
                    19:1c:a0:aa:fb:b3:27:58:fd:1c:3f:4e:42:60:20:
                    79:03:03:b9:1e:16:4a:5d:e9:40:e8:ff:5e:09:82:
                    17:06:c2:21:28:ca:4a:67:72:ab:53:6a:17:55:a9:
                    1c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A8:EE:E8:43:D9:2B:17:92:8D:AE:E8:70:50:11:74:3A:FB:88:22
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/Vaju6EPZKxeSja7ocFARdDr7iCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8180::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:cf:c9:02:0b:c2:ea:c1:6f:00:1d:e9:6a:c9:bf:0b:ad:29:
         a5:0b:f7:9d:1b:80:5d:09:15:51:c7:ef:c9:68:8a:b1:d3:ed:
         68:b8:cb:3e:4a:6b:9b:39:5a:46:4a:ac:b3:70:a2:d9:40:34:
         02:53:76:b3:20:6c:00:58:82:6e:b4:4a:d0:74:4b:e1:af:c2:
         d9:2d:0c:85:fa:df:23:b7:b8:ce:f3:b3:d4:e0:5d:b0:26:6c:
         69:3a:75:fc:36:4b:67:d8:7f:dd:d5:59:a9:e8:59:52:b9:bd:
         9a:80:ac:6d:64:5a:93:06:1c:78:dd:ed:5b:a4:50:63:96:25:
         b5:b9:0f:84:e8:7d:d6:2a:49:0b:25:82:0d:6f:15:d3:b3:c3:
         73:b5:70:d7:cd:35:ac:82:7e:2d:10:fa:56:eb:73:67:ca:b7:
         2c:70:61:f5:61:3b:f8:f1:67:5b:f9:8c:2d:8e:b8:ff:85:ab:
         cb:e8:07:a0:ac:c5:66:ac:61:8a:60:c8:06:4d:1c:cb:2f:7e:
         83:3a:2d:8f:4f:75:e5:a4:72:67:13:90:b0:ba:14:b4:25:ca:
         29:16:e2:1d:0b:7b:bc:a6:11:79:eb:0b:b2:e4:ee:35:17:69:
         02:5b:0b:f6:74:38:4b:f7:3e:bc:be:11:53:d6:17:23:d6:cc:
         31:d8:eb:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi++ooilDZDhlM2DQMJdwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWE4ZWVlODQzZDkyYjE3OTI4ZGFlZTg3MDUwMTE3NDNhZmI4ODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8cyPWIVinRqIggC52sV/A2bouw9
Lfrg8TnzsbnLAFUIfX8PIB/9X3kZ/WuQaHubLJAqGGyd1+SmWb790JT+siEjoWUS
mkXky6eN8YfWt/Mvzz65LefYYIRF+0rDM3y0iMTolRFrSd7wkF83BfA4hRhdtbC+
nnyjX8dCrl/vVWUoUlbJ4F4Vt+VZ4VQ1K0+yvEgyRSRoGxBUONFNwe1/Q6A+geN8
dl5oEnDQqKKT6qogGxAv3rBWmshXU0a2ZuNRwKW9zWjP0yWwNkXRYTS/4YwZHKCq
+7MnWP0cP05CYCB5AwO5HhZKXelA6P9eCYIXBsIhKMpKZ3KrU2oXVakcMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFWo7uhD2SsXko2u6HBQEXQ6+4giMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvVmFqdTZFUFpLeGVTamE3b2NGQVJkRHI3aUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIGA
MA0GCSqGSIb3DQEBCwUAA4IBAQAgz8kCC8LqwW8AHelqyb8LrSmlC/edG4BdCRVR
x+/JaIqx0+1ouMs+SmubOVpGSqyzcKLZQDQCU3azIGwAWIJutErQdEvhr8LZLQyF
+t8jt7jO87PU4F2wJmxpOnX8Nktn2H/d1Vmp6FlSub2agKxtZFqTBhx43e1bpFBj
liW1uQ+E6H3WKkkLJYINbxXTs8NztXDXzTWsgn4tEPpW63NnyrcscGH1YTv48Wdb
+Ywtjrj/havL6AegrMVmrGGKYMgGTRzLL36DOi2PT3XlpHJnE5CwuhS0JcopFuId
C3u8phF56wuy5O41F2kCWwv2dDhL9z68vhFT1hcj1swx2OsF
-----END CERTIFICATE-----