Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/1X-psqrhXoWJNm9AGHsWuX9CEYk.roa
File:                     1X-psqrhXoWJNm9AGHsWuX9CEYk.roa (raw, json)
Hash identifier:          bW01QgSO3kxqUT/liNPe0TPUpwe3PqHFLx6Llohhsy8=
Subject key identifier:   D5:7F:A9:B2:AA:E1:5E:85:89:36:6F:40:18:7B:16:B9:7F:42:11:89
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       019427B6695EF7FB1579C515D67484BE26D2
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/1X-psqrhXoWJNm9AGHsWuX9CEYk.roa
Signing time:             Thu 02 Jan 2025 15:50:53 +0000
ROA not before:           Thu 02 Jan 2025 15:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213220
IP address blocks:        2a0e:7f44::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:69:5e:f7:fb:15:79:c5:15:d6:74:84:be:26:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Jan  2 15:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d57fa9b2aae15e8589366f40187b16b97f421189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9c:87:22:0d:b8:6f:81:ce:0d:b9:56:38:8a:
                    14:9d:5c:ed:15:ac:8a:df:72:fd:b6:26:89:94:a5:
                    e0:93:c7:8b:16:34:49:e3:d8:68:c4:a7:91:24:0e:
                    54:19:99:61:c0:6c:b1:5a:7e:78:95:a4:e4:02:63:
                    d9:53:c4:45:c8:76:d4:a7:32:f9:1f:db:51:f3:51:
                    10:d9:45:94:b3:57:30:1f:35:c1:fa:4a:79:14:77:
                    a0:2a:d3:97:4e:21:0f:7a:36:b0:57:77:5b:d4:be:
                    e4:7f:62:b1:63:22:99:d7:a5:e0:bd:2e:bf:55:cd:
                    60:94:1b:6b:3f:5d:c5:1e:60:f4:b6:06:e5:22:99:
                    2b:e7:df:30:23:0d:d1:2c:a3:56:4f:df:bf:c8:b5:
                    a4:49:f6:f9:f7:cd:52:77:3d:de:c7:81:38:57:54:
                    43:f0:24:fe:31:00:d1:9f:fd:88:10:40:98:9e:50:
                    83:f2:3b:d0:2e:ba:86:dd:76:87:d5:b8:7c:a7:18:
                    a6:c3:9e:12:ad:cc:06:39:11:8f:35:25:5e:f3:e8:
                    a6:ce:1e:70:52:62:be:de:34:76:fe:0b:22:00:f0:
                    1f:f0:11:66:8c:77:f9:68:b0:40:ef:46:9f:f0:40:
                    c9:3d:db:91:63:25:60:01:64:ac:27:5f:85:c5:7f:
                    10:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:7F:A9:B2:AA:E1:5E:85:89:36:6F:40:18:7B:16:B9:7F:42:11:89
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/1X-psqrhXoWJNm9AGHsWuX9CEYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7f44::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:d8:6f:e3:81:1e:1a:fa:2b:97:81:c6:bf:bf:96:5b:f3:10:
         eb:3e:eb:8d:ca:73:46:09:6e:69:89:c4:f4:34:1f:e6:5a:ab:
         03:76:ea:31:ae:d9:a5:8e:4c:ae:c4:b1:7a:6d:14:a7:8c:22:
         12:74:18:5e:85:84:d1:1a:42:a0:fb:a5:b3:cb:f0:19:8e:4a:
         52:16:60:47:bd:b1:40:d7:a6:d8:97:6b:fd:89:f1:a1:2e:0e:
         b7:dd:c4:47:62:76:cf:1d:29:23:81:03:d6:4c:da:14:94:b3:
         3b:bc:94:ab:68:72:97:d7:2c:51:46:3e:23:e8:31:ea:27:a5:
         09:09:f0:54:59:02:dc:93:29:a1:c3:05:91:45:31:7b:bb:c8:
         7f:8e:97:d1:d7:62:94:b5:12:58:ee:e8:15:1e:26:22:34:4b:
         91:9e:45:97:ad:c3:38:12:b8:81:9d:f2:e4:52:d5:6a:16:57:
         a9:e3:7a:64:61:01:29:fe:ee:8e:e7:5c:13:79:e7:ee:a9:1f:
         39:90:64:ff:ba:01:5f:2b:14:e8:54:93:2e:5f:e8:31:41:a2:
         0e:32:73:f5:4f:97:5c:d0:bf:4d:d6:52:f4:0e:91:96:5e:fd:
         0b:52:f0:fc:25:7c:1f:3c:51:03:50:4c:14:eb:07:91:d8:0e:
         2b:ca:92:bb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntmle9/sVecUV1nSEvibSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjUwMTAyMTU1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTdmYTliMmFhZTE1ZTg1ODkzNjZmNDAxODdiMTZiOTdmNDIxMTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupyHIg24b4HODblWOIoUnVztFayK
33L9tiaJlKXgk8eLFjRJ49hoxKeRJA5UGZlhwGyxWn54laTkAmPZU8RFyHbUpzL5
H9tR81EQ2UWUs1cwHzXB+kp5FHegKtOXTiEPejawV3db1L7kf2KxYyKZ16XgvS6/
Vc1glBtrP13FHmD0tgblIpkr598wIw3RLKNWT9+/yLWkSfb5981Sdz3ex4E4V1RD
8CT+MQDRn/2IEECYnlCD8jvQLrqG3XaH1bh8pximw54SrcwGORGPNSVe8+imzh5w
UmK+3jR2/gsiAPAf8BFmjHf5aLBA70af8EDJPduRYyVgAWSsJ1+FxX8QMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNV/qbKq4V6FiTZvQBh7Frl/QhGJMB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvMVgtcHNxcmhYb1dKTm05QUdIc1d1WDlDRVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5/RDAN
BgkqhkiG9w0BAQsFAAOCAQEAZdhv44EeGvorl4HGv7+WW/MQ6z7rjcpzRgluaYnE
9DQf5lqrA3bqMa7ZpY5MrsSxem0Up4wiEnQYXoWE0RpCoPuls8vwGY5KUhZgR72x
QNem2Jdr/YnxoS4Ot93ER2J2zx0pI4ED1kzaFJSzO7yUq2hyl9csUUY+I+gx6iel
CQnwVFkC3JMpocMFkUUxe7vIf46X0ddilLUSWO7oFR4mIjRLkZ5Fl63DOBK4gZ3y
5FLVahZXqeN6ZGEBKf7ujudcE3nn7qkfOZBk/7oBXysU6FSTLl/oMUGiDjJz9U+X
XNC/TdZS9A6Rll79C1Lw/CV8HzxRA1BMFOsHkdgOK8qSuw==
-----END CERTIFICATE-----