Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/P3Ofhmz_sNehdh6r-5A9aHRvTwk.roa
File:                     P3Ofhmz_sNehdh6r-5A9aHRvTwk.roa (raw, json)
Hash identifier:          uFbK3pUhyEcyxB8HRUYhk8hEyAiHRXkZFNHVkwu5yUA=
Subject key identifier:   3F:73:9F:86:6C:FF:B0:D7:A1:76:1E:AB:FB:90:3D:68:74:6F:4F:09
Certificate issuer:       /CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
Certificate serial:       0194614E56365F59346086BEE929C89C19E2
Authority key identifier: BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/P3Ofhmz_sNehdh6r-5A9aHRvTwk.roa
Signing time:             Mon 13 Jan 2025 20:15:11 +0000
ROA not before:           Mon 13 Jan 2025 20:15:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215593
IP address blocks:        2a0e:8340:2::/48 maxlen: 48
                          2a0e:8340:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:61:4e:56:36:5f:59:34:60:86:be:e9:29:c8:9c:19:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
        Validity
            Not Before: Jan 13 20:15:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f739f866cffb0d7a1761eabfb903d68746f4f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1e:dc:ad:87:3d:2f:83:96:1f:08:f1:aa:2c:
                    3b:36:e2:f6:aa:6c:91:ad:db:4c:26:c0:72:14:1d:
                    e0:ec:f0:da:53:27:3f:e7:20:00:a2:64:14:d5:cf:
                    6e:2d:e5:69:c9:f6:55:35:3d:7e:6f:17:74:69:a1:
                    d7:76:25:74:cd:3b:02:09:fa:56:82:13:00:c9:6d:
                    c4:89:fb:ab:3d:80:19:97:f2:2a:9b:17:9f:95:de:
                    a4:d0:57:6a:29:6b:e0:39:1e:a7:b5:eb:ea:eb:b1:
                    96:65:fb:dd:b9:c7:b7:83:45:83:1e:83:f4:df:ca:
                    be:cd:82:b0:c6:f3:71:d8:29:f7:a7:4f:11:54:78:
                    dd:6d:7f:9c:ec:b7:47:1c:ed:f3:73:a2:86:00:02:
                    f3:08:e6:d3:3d:7b:e2:e5:ec:18:cd:9d:c1:d3:d3:
                    65:6a:40:55:c6:63:f2:09:a9:05:ee:b2:bc:94:81:
                    76:fe:34:97:2b:b3:87:8c:da:48:b8:19:94:59:3d:
                    dd:3c:92:ba:62:0b:eb:97:d5:fd:17:6c:60:e6:08:
                    c2:56:3c:fb:1c:19:1b:fa:2f:03:75:c1:a8:23:df:
                    68:0c:9f:d7:cf:48:0a:90:8b:2e:dd:d7:b2:68:ff:
                    8c:b4:df:10:3f:2d:6e:59:0b:19:f9:79:39:14:53:
                    9f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:73:9F:86:6C:FF:B0:D7:A1:76:1E:AB:FB:90:3D:68:74:6F:4F:09
            X509v3 Authority Key Identifier:
                keyid:BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/P3Ofhmz_sNehdh6r-5A9aHRvTwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8340:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         79:72:1e:54:e5:19:dd:cb:5c:d8:e5:ed:f2:2b:43:f5:a7:75:
         b9:cb:4d:2b:d0:ca:60:ab:8d:75:de:3a:d4:62:5b:48:12:2c:
         63:7d:3b:ca:31:b0:11:c0:cf:cd:31:ba:1f:2f:07:94:5f:9d:
         e7:84:af:b1:79:05:c7:19:19:1b:00:89:cc:d0:3f:51:dd:1d:
         27:ce:79:c0:1d:57:11:6e:04:36:87:6a:16:08:25:72:7a:79:
         15:15:1a:89:de:84:ae:05:a5:97:7a:15:82:41:51:96:d2:31:
         66:f9:67:9d:60:61:76:a5:82:a0:fb:58:2a:c7:4c:d8:21:ff:
         bb:d2:cf:fc:4e:e5:b3:c8:57:04:73:70:ad:83:01:e5:e1:b5:
         0f:e5:18:07:9e:6f:80:5a:7a:7c:d1:de:bd:ea:67:bd:b7:15:
         67:11:e2:bf:b8:01:65:10:cd:cd:cc:f7:71:65:de:b3:d9:f0:
         8d:40:18:b7:25:4d:aa:6e:4b:20:cd:e4:0a:a9:b9:82:f5:f7:
         60:2e:33:97:93:70:64:8c:f0:28:d0:a3:8c:7f:90:b0:f9:22:
         aa:61:24:75:32:ee:38:ce:d1:84:65:22:c1:7c:b1:64:a6:69:
         f6:89:9d:ba:5d:67:e6:f8:96:1c:7e:4d:43:cc:d7:85:03:1b:
         02:a9:d1:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRhTlY2X1k0YIa+6SnInBniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMjNiMDdhM2MwYWM5ZTMzM2Y1MmU4YjVkNDFhNzY4YTNk
MzkwMjUwHhcNMjUwMTEzMjAxNTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjczOWY4NjZjZmZiMGQ3YTE3NjFlYWJmYjkwM2Q2ODc0NmY0ZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx7crYc9L4OWHwjxqiw7NuL2qmyR
rdtMJsByFB3g7PDaUyc/5yAAomQU1c9uLeVpyfZVNT1+bxd0aaHXdiV0zTsCCfpW
ghMAyW3EifurPYAZl/Iqmxefld6k0FdqKWvgOR6ntevq67GWZfvduce3g0WDHoP0
38q+zYKwxvNx2Cn3p08RVHjdbX+c7LdHHO3zc6KGAALzCObTPXvi5ewYzZ3B09Nl
akBVxmPyCakF7rK8lIF2/jSXK7OHjNpIuBmUWT3dPJK6Ygvrl9X9F2xg5gjCVjz7
HBkb+i8DdcGoI99oDJ/Xz0gKkIsu3deyaP+MtN8QPy1uWQsZ+Xk5FFOfuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD9zn4Zs/7DXoXYeq/uQPWh0b08JMB8GA1UdIwQY
MBaAFLojsHo8CsnjM/Uui11Bp2ij05AlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEt
ODA2OWM0Njc3MWNjLzEvUDNPZmhtel9zTmVoZGg2ci01QTlhSFJ2VHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEtODA2OWM0Njc3MWNj
LzEvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6DQAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQB5ch5U5Rndy1zY5e3yK0P1p3W5y00r0Mpgq411
3jrUYltIEixjfTvKMbARwM/NMbofLweUX53nhK+xeQXHGRkbAInM0D9R3R0nznnA
HVcRbgQ2h2oWCCVyenkVFRqJ3oSuBaWXehWCQVGW0jFm+WedYGF2pYKg+1gqx0zY
If+70s/8TuWzyFcEc3CtgwHl4bUP5RgHnm+AWnp80d696me9txVnEeK/uAFlEM3N
zPdxZd6z2fCNQBi3JU2qbksgzeQKqbmC9fdgLjOXk3BkjPAo0KOMf5Cw+SKqYSR1
Mu44ztGEZSLBfLFkpmn2iZ26XWfm+JYcfk1DzNeFAxsCqdGf
-----END CERTIFICATE-----