Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/qv7xduA3jCa7OBvcem7Mo_EyzMI.roa
File:                     qv7xduA3jCa7OBvcem7Mo_EyzMI.roa (raw, json)
Hash identifier:          f8wy2gWZS4jn6jgqMf0JkGM9asBrYgcWxPxrkAn0mEM=
Subject key identifier:   AA:FE:F1:76:E0:37:8C:26:BB:38:1B:DC:7A:6E:CC:A3:F1:32:CC:C2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFABBAA08397D6CC2FA21A693CFD5AE
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/qv7xduA3jCa7OBvcem7Mo_EyzMI.roa
Signing time:             Wed 01 Jan 2025 03:48:33 +0000
ROA not before:           Wed 01 Jan 2025 03:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216301
IP address blocks:        2a0c:b641:cc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:bb:aa:08:39:7d:6c:c2:fa:21:a6:93:cf:d5:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aafef176e0378c26bb381bdc7a6ecca3f132ccc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:87:b8:c6:76:fb:92:aa:d1:17:b6:fa:5a:c3:
                    31:eb:b2:ee:ef:ed:73:b8:fc:41:51:84:62:90:aa:
                    57:ac:ce:16:74:68:a3:c1:e6:e1:96:7b:2a:20:2f:
                    bc:40:a5:74:5c:b4:c1:ca:60:24:57:25:c7:8f:63:
                    01:3e:7a:33:f0:6b:c3:4e:cb:78:f5:71:97:00:fe:
                    41:9c:91:f5:de:06:b1:40:cf:7d:1a:d6:b8:7b:63:
                    6b:7c:91:df:30:69:2b:d0:6e:64:89:2a:f7:b4:17:
                    74:66:f2:77:c0:a5:7b:c3:88:9a:24:81:a6:6f:af:
                    f2:b9:a2:4a:93:6b:1e:a2:07:50:1a:02:97:4c:1b:
                    58:75:8c:ea:2a:81:1e:fb:e2:5d:2a:4b:f2:3b:d1:
                    bc:40:16:15:86:77:53:f7:cf:07:09:74:e3:04:a7:
                    6a:35:f9:cf:61:06:60:32:73:d1:e7:eb:f3:89:00:
                    04:9a:93:c4:d6:d9:9d:a9:0a:9a:19:a4:5c:ed:a5:
                    4f:70:81:75:ec:c1:3c:30:ba:8c:00:1b:ed:0c:71:
                    25:94:3a:25:00:ba:5f:4b:b5:57:e0:60:d2:f9:e8:
                    e0:21:58:df:d0:34:a3:4d:bb:e9:eb:cf:22:fc:b0:
                    d6:2a:1b:fe:14:2f:03:6b:6d:b5:e4:e8:28:29:10:
                    71:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:FE:F1:76:E0:37:8C:26:BB:38:1B:DC:7A:6E:CC:A3:F1:32:CC:C2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/qv7xduA3jCa7OBvcem7Mo_EyzMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:cc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:a4:39:dc:e4:87:44:7e:eb:8f:5e:0b:1a:7b:f4:7c:3c:00:
         e3:0c:66:10:b1:87:43:74:2d:79:f0:4e:6c:a1:aa:74:69:c3:
         65:e2:54:72:20:00:1e:c2:fd:a1:cf:b0:79:4f:db:29:38:f2:
         47:7d:d4:37:c9:a1:a3:99:13:11:b5:fc:f9:5f:32:cb:52:a8:
         0b:a9:3d:10:18:0c:e8:1e:9f:99:16:48:0a:ef:08:06:cb:ae:
         20:eb:ec:7e:35:3e:43:73:0b:bf:4a:2c:28:2b:95:59:f3:36:
         49:9b:34:64:98:a2:35:fb:95:05:4c:e6:b4:98:c4:e3:e6:8b:
         8f:23:8f:e5:e3:99:d5:5b:c3:30:07:a0:3e:59:37:26:29:04:
         0e:50:46:58:a6:3e:58:db:0b:c6:3d:c7:9a:78:a8:32:08:b8:
         85:02:d7:fe:65:0e:e1:14:5a:6e:e8:09:e3:75:61:87:19:e9:
         14:d1:b9:f2:54:8d:df:7d:75:1b:88:50:45:e4:24:ca:f9:e2:
         21:84:5d:7f:28:5a:6a:95:e5:d4:4d:83:4c:f6:fb:5f:05:61:
         d6:a5:fd:cb:7e:b7:aa:64:6d:3c:a8:03:08:73:56:0d:5c:66:
         cd:93:1d:e2:00:0d:a1:27:84:78:b5:5d:f0:bf:0b:98:9c:7a:
         ac:43:5f:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+ruqCDl9bML6IaaTz9WuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWZlZjE3NmUwMzc4YzI2YmIzODFiZGM3YTZlY2NhM2YxMzJjY2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoe4xnb7kqrRF7b6WsMx67Lu7+1z
uPxBUYRikKpXrM4WdGijwebhlnsqIC+8QKV0XLTBymAkVyXHj2MBPnoz8GvDTst4
9XGXAP5BnJH13gaxQM99Gta4e2NrfJHfMGkr0G5kiSr3tBd0ZvJ3wKV7w4iaJIGm
b6/yuaJKk2seogdQGgKXTBtYdYzqKoEe++JdKkvyO9G8QBYVhndT988HCXTjBKdq
NfnPYQZgMnPR5+vziQAEmpPE1tmdqQqaGaRc7aVPcIF17ME8MLqMABvtDHEllDol
ALpfS7VX4GDS+ejgIVjf0DSjTbvp688i/LDWKhv+FC8Da2215OgoKRBxJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKr+8XbgN4wmuzgb3HpuzKPxMszCMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcXY3eGR1QTNqQ2E3T0J2Y2VtN01vX0V5ek1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQzA
MA0GCSqGSIb3DQEBCwUAA4IBAQBspDnc5IdEfuuPXgsae/R8PADjDGYQsYdDdC15
8E5soap0acNl4lRyIAAewv2hz7B5T9spOPJHfdQ3yaGjmRMRtfz5XzLLUqgLqT0Q
GAzoHp+ZFkgK7wgGy64g6+x+NT5Dcwu/SiwoK5VZ8zZJmzRkmKI1+5UFTOa0mMTj
5ouPI4/l45nVW8MwB6A+WTcmKQQOUEZYpj5Y2wvGPceaeKgyCLiFAtf+ZQ7hFFpu
6AnjdWGHGekU0bnyVI3ffXUbiFBF5CTK+eIhhF1/KFpqleXUTYNM9vtfBWHWpf3L
freqZG08qAMIc1YNXGbNkx3iAA2hJ4R4tV3wvwuYnHqsQ19m
-----END CERTIFICATE-----