Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/0W2rqZ9UNiezcelfUfPSzTPY_D0.roa
File:                     0W2rqZ9UNiezcelfUfPSzTPY_D0.roa (raw, json)
Hash identifier:          mH88xYomD8YngZnNbWHkOV/xeeXv/tLdrmpRYMGuP7E=
Subject key identifier:   D1:6D:AB:A9:9F:54:36:27:B3:71:E9:5F:51:F3:D2:CD:33:D8:FC:3D
Certificate issuer:       /CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
Certificate serial:       01942445565A7AC11D4940A2E64B6B16488C
Authority key identifier: D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/0W2rqZ9UNiezcelfUfPSzTPY_D0.roa
Signing time:             Wed 01 Jan 2025 23:48:31 +0000
ROA not before:           Wed 01 Jan 2025 23:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212786
IP address blocks:        2a05:e600::/29 maxlen: 29
                          2a09:cac0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 06:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:56:5a:7a:c1:1d:49:40:a2:e6:4b:6b:16:48:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
        Validity
            Not Before: Jan  1 23:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d16daba99f543627b371e95f51f3d2cd33d8fc3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a3:56:26:cf:07:10:f3:ea:21:39:7b:f1:d3:
                    7d:cb:94:f0:71:cd:f6:ad:8c:eb:8b:38:ee:64:f5:
                    7b:52:15:b6:74:90:87:88:de:a3:4c:ba:9d:61:d2:
                    41:f1:44:59:61:c6:ad:db:1a:42:59:50:ef:c2:c3:
                    cc:9a:84:c0:52:79:72:b8:5d:4e:cc:9f:31:c9:73:
                    33:d2:cd:1b:9a:fb:4c:c8:44:dc:88:f7:2a:65:42:
                    b5:84:3d:60:57:da:68:dc:83:95:f6:65:80:6f:90:
                    c7:88:ad:aa:aa:5c:b2:da:77:e9:0e:f2:01:45:d6:
                    b0:34:2a:1f:8c:37:9a:f5:24:70:0c:61:c3:42:bd:
                    a4:4d:44:9d:ba:3e:64:b8:ce:bc:47:ed:4d:71:a8:
                    b9:4b:97:5c:e0:cc:ed:98:a4:7e:93:35:cc:4d:bd:
                    a3:08:60:a7:e5:13:3b:e4:5f:34:d7:96:e7:41:11:
                    df:93:de:81:92:bd:83:36:ec:db:47:d8:9b:33:ff:
                    45:73:f4:8b:84:52:ea:80:e7:78:79:ec:9f:c1:74:
                    21:41:92:36:16:47:94:43:1a:e6:37:1e:bf:c0:88:
                    e0:a5:4d:9e:d1:72:32:a5:b8:bd:85:1f:d2:91:f4:
                    b5:da:c7:09:53:70:41:9b:6b:c4:8c:fa:50:4b:af:
                    4b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:6D:AB:A9:9F:54:36:27:B3:71:E9:5F:51:F3:D2:CD:33:D8:FC:3D
            X509v3 Authority Key Identifier:
                keyid:D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/0W2rqZ9UNiezcelfUfPSzTPY_D0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:e600::/29
                  2a09:cac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:80:a1:ac:e7:35:95:75:0b:c0:4a:ad:ba:c8:e5:07:39:11:
         79:a9:a1:18:b5:f8:80:e5:67:89:c8:50:aa:4a:30:14:68:db:
         a1:cc:2e:b7:e7:ee:af:c8:8a:2b:9d:e6:f9:86:dc:b7:f7:b4:
         aa:a4:e9:1f:51:91:fb:4e:55:c0:57:16:64:f3:b1:f8:37:c2:
         47:69:a9:fd:8c:32:46:5a:af:c4:7e:6c:0f:22:3c:f5:45:60:
         d2:ed:bd:43:70:63:2c:48:70:d8:9b:f3:bf:06:a1:b7:ba:bb:
         bc:df:81:23:91:cb:8a:af:36:03:e1:78:93:ac:18:07:26:d9:
         07:e1:8a:0b:b1:b1:6b:06:85:db:d9:9f:1a:21:27:7c:5a:a3:
         b0:03:1d:38:94:f9:f5:a9:54:f4:10:b0:57:ac:46:d4:44:a5:
         0d:b3:6d:3c:4b:6b:21:5d:05:ea:51:2e:0f:10:06:fa:3a:b1:
         fc:16:9a:91:98:e6:d7:0b:9f:e6:42:cf:80:fe:b2:7d:33:64:
         d3:d1:f4:08:56:0e:1e:9a:a2:ea:30:bb:43:8a:1f:b6:0f:2f:
         c8:ee:08:af:08:31:db:b1:2a:d0:d3:f5:88:d2:29:e4:98:7d:
         f8:31:69:d4:ad:04:1f:de:8f:5b:b9:9e:80:88:47:91:5f:c4:
         71:17:09:e5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQkRVZaesEdSUCi5ktrFkiMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZTY3MzNmYTIzOWM1ZmIwYzQzOGM4MmY3YzIzMGY1NWQ0
NzhjYjEwHhcNMjUwMTAxMjM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTZkYWJhOTlmNTQzNjI3YjM3MWU5NWY1MWYzZDJjZDMzZDhmYzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKNWJs8HEPPqITl78dN9y5Twcc32
rYzrizjuZPV7UhW2dJCHiN6jTLqdYdJB8URZYcat2xpCWVDvwsPMmoTAUnlyuF1O
zJ8xyXMz0s0bmvtMyETciPcqZUK1hD1gV9po3IOV9mWAb5DHiK2qqlyy2nfpDvIB
RdawNCofjDea9SRwDGHDQr2kTUSduj5kuM68R+1Ncai5S5dc4MztmKR+kzXMTb2j
CGCn5RM75F8015bnQRHfk96Bkr2DNuzbR9ibM/9Fc/SLhFLqgOd4eeyfwXQhQZI2
FkeUQxrmNx6/wIjgpU2e0XIypbi9hR/SkfS12scJU3BBm2vEjPpQS69LaQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNFtq6mfVDYns3HpX1Hz0s0z2Pw9MB8GA1UdIwQY
MBaAFNXmcz+iOcX7DEOMgvfCMPVdR4yxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQt
YTM4YjY3OTVmYjI0LzEvMFcycnFaOVVOaWV6Y2VsZlVmUFN6VFBZX0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQtYTM4YjY3OTVmYjI0
LzEvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgXmAAMF
AyoJysAwDQYJKoZIhvcNAQELBQADggEBAIKAoaznNZV1C8BKrbrI5Qc5EXmpoRi1
+IDlZ4nIUKpKMBRo26HMLrfn7q/Iiiud5vmG3Lf3tKqk6R9RkftOVcBXFmTzsfg3
wkdpqf2MMkZar8R+bA8iPPVFYNLtvUNwYyxIcNib878Gobe6u7zfgSORy4qvNgPh
eJOsGAcm2QfhiguxsWsGhdvZnxohJ3xao7ADHTiU+fWpVPQQsFesRtREpQ2zbTxL
ayFdBepRLg8QBvo6sfwWmpGY5tcLn+ZCz4D+sn0zZNPR9AhWDh6aouowu0OKH7YP
L8juCK8IMduxKtDT9YjSKeSYffgxadStBB/ej1u5noCIR5FfxHEXCeU=
-----END CERTIFICATE-----