Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/vgCjvG_wkxirWT_2I0NCA8WfuV0.roa
File:                     vgCjvG_wkxirWT_2I0NCA8WfuV0.roa (raw, json)
Hash identifier:          fVyTpHSdJKRFPl3etH3MptZh/U/IfTkLseoYsou2AIY=
Subject key identifier:   BE:00:A3:BC:6F:F0:93:18:AB:59:3F:F6:23:43:42:03:C5:9F:B9:5D
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       0196C54EAFAB5E64FA68B4F4488499143C1B
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/vgCjvG_wkxirWT_2I0NCA8WfuV0.roa
Signing time:             Mon 12 May 2025 16:23:10 +0000
ROA not before:           Mon 12 May 2025 16:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208709
IP address blocks:        2a0e:8f02:2030::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c5:4e:af:ab:5e:64:fa:68:b4:f4:48:84:99:14:3c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: May 12 16:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be00a3bc6ff09318ab593ff623434203c59fb95d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:bb:0e:cd:be:8e:7b:e3:5c:bd:a5:48:d3:ca:
                    9a:30:5e:64:34:a4:3f:55:90:13:12:84:6e:18:b3:
                    87:e7:f8:d5:f5:2d:ca:f3:de:b8:5f:f9:29:d2:b3:
                    cf:6c:db:ba:c3:e4:47:08:a5:73:61:ef:8f:05:15:
                    c4:05:b0:63:5b:02:a5:5f:d6:ea:e6:b0:dc:fc:ca:
                    dd:13:31:86:bd:d4:eb:4b:36:de:68:3d:c6:82:77:
                    37:47:87:3b:85:32:d2:6f:c1:34:32:ec:d2:65:90:
                    10:49:bd:69:2a:29:11:a6:4f:62:1a:34:01:ef:07:
                    4b:bd:ec:a2:37:59:17:ec:c8:ee:f2:93:ed:73:56:
                    c2:c5:aa:0c:51:51:6c:21:83:0a:b3:04:c8:8e:c9:
                    d8:c2:86:ab:35:e7:43:cc:91:ec:ec:1e:ad:81:a1:
                    47:7a:96:71:29:21:b3:47:8f:de:70:d8:b2:d1:cd:
                    09:32:2b:a3:11:fc:73:15:57:c0:5f:bd:b3:61:03:
                    8c:05:57:20:55:7c:78:fc:75:be:6f:35:14:c9:d1:
                    00:45:22:f0:96:ca:a5:06:4b:13:d6:7a:8c:a7:21:
                    a8:cf:5a:ee:6a:5c:30:96:15:01:fe:01:a7:1d:38:
                    11:00:16:a7:ad:27:4f:b7:45:9e:58:ab:37:b0:d2:
                    d0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:00:A3:BC:6F:F0:93:18:AB:59:3F:F6:23:43:42:03:C5:9F:B9:5D
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/vgCjvG_wkxirWT_2I0NCA8WfuV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2030::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:4a:b1:48:2b:2e:cf:2d:49:2f:9f:df:f1:9f:21:dc:42:b3:
         35:db:65:17:7f:aa:aa:b7:87:b1:7e:68:14:2d:a9:00:7e:5c:
         b5:17:11:ae:81:94:d8:33:ae:78:b6:99:48:a3:fe:ef:46:56:
         23:3c:9e:27:c7:ed:fc:57:0d:22:d7:66:5d:33:97:e3:5e:ea:
         bc:6e:a2:5c:47:97:48:bd:a2:ae:f0:ee:4f:4d:f1:92:1d:ed:
         a8:65:9c:13:d3:d8:f4:a4:96:fc:5d:2f:37:6e:1c:c8:53:14:
         4f:e0:b5:86:c5:f6:e1:1e:ab:a5:d5:ee:96:55:f1:ad:8e:51:
         4f:5e:9e:b9:7d:87:ab:c7:e8:b2:3c:1e:2f:09:94:ff:cd:35:
         c1:6c:34:ac:9c:6b:e3:d1:d2:0d:15:2b:75:82:33:7c:bd:b8:
         6a:4e:32:2e:ef:c7:01:49:d1:09:0b:3f:04:62:e0:b3:ee:6a:
         7c:b0:54:b2:9c:d1:58:ff:aa:30:1f:34:2c:b4:50:76:2b:13:
         a7:0f:2f:b3:fd:6c:9e:e7:62:65:3f:0b:8a:3d:ce:2d:b2:ba:
         ba:f2:55:e6:44:91:68:28:57:b8:d1:0f:61:33:5c:9f:b7:94:
         b5:80:72:01:23:c0:7a:c7:8f:94:d0:8c:6f:60:0e:1b:ea:ae:
         e2:08:b9:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbFTq+rXmT6aLT0SISZFDwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwNTEyMTYyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTAwYTNiYzZmZjA5MzE4YWI1OTNmZjYyMzQzNDIwM2M1OWZiOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rsOzb6Oe+NcvaVI08qaMF5kNKQ/
VZATEoRuGLOH5/jV9S3K8964X/kp0rPPbNu6w+RHCKVzYe+PBRXEBbBjWwKlX9bq
5rDc/MrdEzGGvdTrSzbeaD3Ggnc3R4c7hTLSb8E0MuzSZZAQSb1pKikRpk9iGjQB
7wdLveyiN1kX7Mju8pPtc1bCxaoMUVFsIYMKswTIjsnYwoarNedDzJHs7B6tgaFH
epZxKSGzR4/ecNiy0c0JMiujEfxzFVfAX72zYQOMBVcgVXx4/HW+bzUUydEARSLw
lsqlBksT1nqMpyGoz1rualwwlhUB/gGnHTgRABanrSdPt0WeWKs3sNLQ1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL4Ao7xv8JMYq1k/9iNDQgPFn7ldMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvdmdDanZHX3dreGlyV1RfMkkwTkNBOFdmdVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiAw
MA0GCSqGSIb3DQEBCwUAA4IBAQAYSrFIKy7PLUkvn9/xnyHcQrM122UXf6qqt4ex
fmgULakAfly1FxGugZTYM654tplIo/7vRlYjPJ4nx+38Vw0i12ZdM5fjXuq8bqJc
R5dIvaKu8O5PTfGSHe2oZZwT09j0pJb8XS83bhzIUxRP4LWGxfbhHqul1e6WVfGt
jlFPXp65fYerx+iyPB4vCZT/zTXBbDSsnGvj0dINFSt1gjN8vbhqTjIu78cBSdEJ
Cz8EYuCz7mp8sFSynNFY/6owHzQstFB2KxOnDy+z/Wye52JlPwuKPc4tsrq68lXm
RJFoKFe40Q9hM1yft5S1gHIBI8B6x4+U0IxvYA4b6q7iCLmL
-----END CERTIFICATE-----