Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/XqaBX9RHSiZq5Vn5Oz5PIfH0yAo.roa
File:                     XqaBX9RHSiZq5Vn5Oz5PIfH0yAo.roa (raw, json)
Hash identifier:          MjTnQNINWg/Hfs+PNue5Wc2ZNlm4ks+IpoV8MUQSFP8=
Subject key identifier:   5E:A6:81:5F:D4:47:4A:26:6A:E5:59:F9:3B:3E:4F:21:F1:F4:C8:0A
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019474714037382D0D5B0E559F79070B96EB
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/XqaBX9RHSiZq5Vn5Oz5PIfH0yAo.roa
Signing time:             Fri 17 Jan 2025 13:26:06 +0000
ROA not before:           Fri 17 Jan 2025 13:26:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213561
IP address blocks:        2a0c:9a40:86b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:74:71:40:37:38:2d:0d:5b:0e:55:9f:79:07:0b:96:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan 17 13:26:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ea6815fd4474a266ae559f93b3e4f21f1f4c80a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:27:09:43:2b:28:03:e0:f6:ce:f0:81:4f:e6:
                    90:44:f7:cf:3b:fa:51:fb:c7:df:1d:fd:4d:fc:cb:
                    d5:41:cb:3f:7c:df:48:59:5c:20:15:65:39:e9:df:
                    f1:75:32:e4:1b:17:fd:b5:e9:a0:d1:90:86:77:a2:
                    a4:85:b6:e7:88:75:19:38:ce:b0:37:58:d7:09:39:
                    88:fd:b3:a0:13:0c:1c:5b:2f:54:7d:e4:91:35:3e:
                    59:be:c3:88:06:9f:a5:a4:f2:40:4e:e3:57:f7:e3:
                    bc:9c:84:fe:b2:19:a5:21:6e:9d:a6:73:38:5a:c6:
                    43:cb:c8:6d:6d:50:98:4f:d3:51:87:09:3f:89:a7:
                    67:dd:44:3d:76:13:a5:73:3f:7c:2a:60:8d:e0:1a:
                    77:bd:af:9a:09:63:4c:d4:83:47:eb:ad:5e:ad:fd:
                    7b:48:d4:d3:5a:9e:8c:ce:d5:c8:f0:99:b9:65:ea:
                    b8:5f:ef:22:43:9c:c4:88:17:cb:ea:15:8a:94:bd:
                    e0:ea:58:1a:fe:ff:40:61:31:f7:50:59:a6:78:be:
                    fe:47:33:f8:cf:88:64:5c:68:d4:43:43:f1:6f:13:
                    2f:4c:15:e4:52:07:36:2b:ec:27:7c:4a:e3:3d:4f:
                    45:04:11:bf:19:78:12:1e:5b:a6:f6:7d:df:78:31:
                    4c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:A6:81:5F:D4:47:4A:26:6A:E5:59:F9:3B:3E:4F:21:F1:F4:C8:0A
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/XqaBX9RHSiZq5Vn5Oz5PIfH0yAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:86b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:7a:7a:4c:f5:37:8a:46:3e:3f:11:73:65:62:d3:5e:c4:75:
         b6:5d:e2:a1:3c:7b:69:76:ae:d5:cd:1a:4b:4f:56:b7:ff:e0:
         55:81:39:00:a8:76:33:d4:22:81:33:bc:c7:6b:5d:d9:d4:ff:
         ca:b8:ae:89:ff:03:94:13:a9:c5:59:68:5c:40:f9:bb:ab:fd:
         6b:34:90:c5:4d:ca:56:56:85:83:8e:45:f3:d7:55:d5:1a:f5:
         2a:d1:be:af:ba:0b:cd:b8:9b:9e:76:61:c5:fb:ab:5b:49:5b:
         f7:40:f7:81:e3:a6:c4:96:5f:f1:eb:03:41:e7:f5:7f:11:41:
         da:44:02:89:80:09:92:50:dc:d1:ca:64:eb:ab:b3:42:57:25:
         25:b7:19:c1:2c:0f:10:18:f7:a3:c5:e2:79:d7:da:4d:28:26:
         f6:62:39:11:34:53:48:bc:47:32:b5:77:0a:03:29:8d:d8:20:
         20:ce:fb:ce:85:76:48:e1:64:29:7c:89:0a:dc:25:27:00:8e:
         95:e9:97:03:e4:5e:a3:93:41:5e:b0:b9:ce:b6:9d:fe:d1:1e:
         11:60:26:9e:72:70:aa:f1:00:8b:b8:7c:bb:8b:87:ad:4f:9f:
         bc:45:d2:a2:e9:70:50:95:65:ca:85:ad:5b:5c:ad:dc:b0:9e:
         be:e3:65:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZR0cUA3OC0NWw5Vn3kHC5brMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTE3MTMyNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWE2ODE1ZmQ0NDc0YTI2NmFlNTU5ZjkzYjNlNGYyMWYxZjRjODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvicJQysoA+D2zvCBT+aQRPfPO/pR
+8ffHf1N/MvVQcs/fN9IWVwgFWU56d/xdTLkGxf9temg0ZCGd6KkhbbniHUZOM6w
N1jXCTmI/bOgEwwcWy9UfeSRNT5ZvsOIBp+lpPJATuNX9+O8nIT+shmlIW6dpnM4
WsZDy8htbVCYT9NRhwk/iadn3UQ9dhOlcz98KmCN4Bp3va+aCWNM1INH661erf17
SNTTWp6MztXI8Jm5Zeq4X+8iQ5zEiBfL6hWKlL3g6lga/v9AYTH3UFmmeL7+RzP4
z4hkXGjUQ0PxbxMvTBXkUgc2K+wnfErjPU9FBBG/GXgSHlum9n3feDFM1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF6mgV/UR0omauVZ+Ts+TyHx9MgKMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvWHFhQlg5UkhTaVpxNVZuNU96NVBJZkgweUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIaw
MA0GCSqGSIb3DQEBCwUAA4IBAQBdenpM9TeKRj4/EXNlYtNexHW2XeKhPHtpdq7V
zRpLT1a3/+BVgTkAqHYz1CKBM7zHa13Z1P/KuK6J/wOUE6nFWWhcQPm7q/1rNJDF
TcpWVoWDjkXz11XVGvUq0b6vugvNuJuedmHF+6tbSVv3QPeB46bEll/x6wNB5/V/
EUHaRAKJgAmSUNzRymTrq7NCVyUltxnBLA8QGPejxeJ519pNKCb2YjkRNFNIvEcy
tXcKAymN2CAgzvvOhXZI4WQpfIkK3CUnAI6V6ZcD5F6jk0FesLnOtp3+0R4RYCae
cnCq8QCLuHy7i4etT5+8RdKi6XBQlWXKha1bXK3csJ6+42WU
-----END CERTIFICATE-----