Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/wh6T6Tx4fBSZ0pT33tVwSIFaQ64.roa
File:                     wh6T6Tx4fBSZ0pT33tVwSIFaQ64.roa (raw, json)
Hash identifier:          0rvl6gLd3P3vh9tQrzhrLRwcbHdX0+LAd9dlWwlaxMs=
Subject key identifier:   C2:1E:93:E9:3C:78:7C:14:99:D2:94:F7:DE:D5:70:48:81:5A:43:AE
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0197162333ACD0C295C09D374858B17F23A3
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/wh6T6Tx4fBSZ0pT33tVwSIFaQ64.roa
Signing time:             Wed 28 May 2025 09:04:55 +0000
ROA not before:           Wed 28 May 2025 09:04:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207792
IP address blocks:        2a0c:9a40:8850::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:23:33:ac:d0:c2:95:c0:9d:37:48:58:b1:7f:23:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: May 28 09:04:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c21e93e93c787c1499d294f7ded57048815a43ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:39:30:f1:5b:f9:53:30:e0:f7:86:a8:51:94:
                    0f:70:4b:09:03:62:f2:9b:73:02:66:8d:9f:cb:03:
                    53:e8:3a:82:53:0c:7b:10:a6:ff:39:ad:22:b8:9f:
                    d0:45:42:18:90:72:c5:8e:95:25:04:97:42:c2:42:
                    c0:84:6b:21:4c:6b:bf:d5:ff:a7:45:e2:39:d2:8f:
                    32:e7:1d:bf:a9:f4:02:ae:71:ae:0e:e0:31:70:7d:
                    69:c6:e1:cd:55:fd:66:e0:ce:08:21:ee:82:09:62:
                    ac:5d:34:d1:c0:fc:b8:91:c3:18:79:ae:47:b5:d9:
                    e4:74:16:28:cc:63:40:af:6a:2a:3a:19:88:ed:52:
                    53:d4:a8:33:df:3a:e3:ba:47:f8:88:fa:c4:2e:3c:
                    d7:72:ed:51:b9:bf:68:59:84:6d:29:98:5f:c0:58:
                    e1:f6:7b:df:33:86:44:41:30:1b:19:0f:44:8f:ec:
                    53:fc:e8:e3:ad:55:93:36:08:9a:82:c2:06:20:93:
                    64:a5:dc:68:64:d3:db:18:df:86:1b:df:bf:9f:a4:
                    a3:53:6c:23:a7:7f:54:50:83:4b:a3:74:32:eb:2f:
                    db:70:4c:ba:d6:a0:8d:d0:af:0a:1f:4e:47:81:ba:
                    e1:38:81:d8:26:89:b6:22:c4:55:d5:53:35:03:88:
                    c6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:1E:93:E9:3C:78:7C:14:99:D2:94:F7:DE:D5:70:48:81:5A:43:AE
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/wh6T6Tx4fBSZ0pT33tVwSIFaQ64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8850::/46

    Signature Algorithm: sha256WithRSAEncryption
         a8:7a:5f:f0:62:67:16:79:22:9c:b5:f2:e1:fe:35:a2:d2:47:
         4b:ef:88:cc:d9:1b:f8:ad:bd:ce:11:96:34:61:4d:02:b6:05:
         7b:60:e3:cf:df:fe:e3:e4:80:3d:76:10:46:90:0d:70:cc:42:
         84:6a:88:8c:05:45:00:a2:8e:35:63:3b:6f:b2:bb:f9:d4:3a:
         d8:86:72:0f:e8:60:00:e5:a8:16:01:cd:4e:c5:32:b4:84:e7:
         ee:28:5e:37:f7:f7:8a:ac:0c:42:89:bc:cc:81:7a:02:4e:c0:
         5a:61:0d:7b:ac:d7:c9:3d:5c:36:51:0a:c3:bd:a3:c1:70:50:
         81:f8:c3:17:63:ba:5a:71:06:af:08:44:2a:ea:f1:69:01:7f:
         51:20:1f:e6:5f:0f:0e:5e:5d:f8:28:7e:be:4c:3b:8b:c1:9e:
         90:62:c9:24:94:71:f1:58:b7:00:27:8d:32:be:81:65:52:03:
         ec:f2:16:e7:1e:52:1b:26:52:7e:7f:27:ed:9e:8f:ac:f8:67:
         c5:37:50:a1:a1:fa:bb:54:46:6f:a3:41:0a:c4:6d:1f:68:5c:
         a7:1c:23:9c:46:3d:25:d6:7c:f1:8a:b4:24:1a:66:b9:d4:3a:
         81:0f:55:44:21:05:58:d0:72:fd:14:fd:f9:86:cc:8f:0c:18:
         65:d6:f8:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZcWIzOs0MKVwJ03SFixfyOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwNTI4MDkwNDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjFlOTNlOTNjNzg3YzE0OTlkMjk0ZjdkZWQ1NzA0ODgxNWE0M2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjkw8Vv5UzDg94aoUZQPcEsJA2Ly
m3MCZo2fywNT6DqCUwx7EKb/Oa0iuJ/QRUIYkHLFjpUlBJdCwkLAhGshTGu/1f+n
ReI50o8y5x2/qfQCrnGuDuAxcH1pxuHNVf1m4M4IIe6CCWKsXTTRwPy4kcMYea5H
tdnkdBYozGNAr2oqOhmI7VJT1Kgz3zrjukf4iPrELjzXcu1Rub9oWYRtKZhfwFjh
9nvfM4ZEQTAbGQ9Ej+xT/OjjrVWTNgiagsIGIJNkpdxoZNPbGN+GG9+/n6SjU2wj
p39UUINLo3Qy6y/bcEy61qCN0K8KH05HgbrhOIHYJom2IsRV1VM1A4jG3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMIek+k8eHwUmdKU997VcEiBWkOuMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvd2g2VDZUeDRmQlNaMHBUMzN0VndTSUZhUTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgyaQIhQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCoel/wYmcWeSKctfLh/jWi0kdL74jM2Rv4rb3O
EZY0YU0CtgV7YOPP3/7j5IA9dhBGkA1wzEKEaoiMBUUAoo41Yztvsrv51DrYhnIP
6GAA5agWAc1OxTK0hOfuKF439/eKrAxCibzMgXoCTsBaYQ17rNfJPVw2UQrDvaPB
cFCB+MMXY7pacQavCEQq6vFpAX9RIB/mXw8OXl34KH6+TDuLwZ6QYskklHHxWLcA
J40yvoFlUgPs8hbnHlIbJlJ+fyftno+s+GfFN1Chofq7VEZvo0EKxG0faFynHCOc
Rj0l1nzxirQkGma51DqBD1VEIQVY0HL9FP35hsyPDBhl1vhr
-----END CERTIFICATE-----