Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/9RdZIw-S-FYoTEGCNtUVTMr1UI0.roa
File:                     9RdZIw-S-FYoTEGCNtUVTMr1UI0.roa (raw, json)
Hash identifier:          cuWu4zoZh39hHnMbQsbn1GavX5fkwgR9EpdjwPAYmFM=
Subject key identifier:   F5:17:59:23:0F:92:F8:56:28:4C:41:82:36:D5:15:4C:CA:F5:50:8D
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       0194236984E3328F01C2181A5B4CC9EBA2DD
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/9RdZIw-S-FYoTEGCNtUVTMr1UI0.roa
Signing time:             Wed 01 Jan 2025 19:48:25 +0000
ROA not before:           Wed 01 Jan 2025 19:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0b:d500::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:84:e3:32:8f:01:c2:18:1a:5b:4c:c9:eb:a2:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Jan  1 19:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f51759230f92f856284c418236d5154ccaf5508d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:9d:5a:7b:f3:59:5d:a9:74:13:56:e4:e3:2e:
                    11:f0:e1:3d:2a:19:b1:9f:bf:e3:60:ec:c6:da:47:
                    75:04:d2:55:3c:c9:25:bf:ae:b8:cb:d3:6f:ea:de:
                    9c:ea:db:ae:23:b8:5c:01:e3:bb:e2:7f:b4:68:4a:
                    75:89:c0:22:bf:43:1b:17:11:19:c8:03:17:89:39:
                    3c:4d:bd:12:0b:76:fe:9d:dc:50:b0:d5:3f:f3:41:
                    41:96:1f:5f:c9:eb:41:bc:d3:56:fd:10:a4:65:35:
                    c1:88:cf:33:80:ae:44:33:d2:69:6f:29:9e:c4:bb:
                    90:e1:53:48:40:b5:06:97:3e:12:3c:b9:51:9b:89:
                    a4:79:3f:db:7a:c6:e7:cb:be:a5:b0:d9:47:db:e2:
                    73:90:1d:f9:83:2e:24:d5:ac:ef:6f:f9:cc:35:91:
                    5b:c4:17:63:09:3f:85:a8:9a:fc:b4:8a:e1:92:d0:
                    91:d4:ff:b7:b0:c7:a1:73:a5:7e:53:7d:b0:26:7f:
                    9a:a0:86:7b:5c:98:54:7a:eb:26:5f:82:32:28:53:
                    19:ce:85:69:2e:68:6f:b1:93:96:44:d9:d8:92:1c:
                    0c:28:1b:31:23:7d:d3:02:20:d7:07:a4:34:2b:e0:
                    9a:e0:83:29:2d:4f:e7:8a:70:1d:00:fc:87:5c:41:
                    1e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:17:59:23:0F:92:F8:56:28:4C:41:82:36:D5:15:4C:CA:F5:50:8D
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/9RdZIw-S-FYoTEGCNtUVTMr1UI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:d500::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:7b:cb:6c:67:13:34:b3:c8:80:fa:51:79:cf:cf:9c:67:34:
         ff:d9:9b:8c:9d:09:ca:a2:7f:4d:72:b4:13:d1:02:cb:7f:00:
         83:a1:44:fb:f3:e7:e3:20:4a:a0:ef:3c:79:81:29:e8:18:10:
         65:2a:55:77:0d:92:96:bd:3b:de:5e:44:6b:f8:bc:bf:33:ab:
         72:ea:b3:da:f4:9a:ae:3c:1f:93:03:4f:43:40:8f:e8:28:bc:
         02:cf:05:5d:79:75:0d:f4:c1:e6:73:fe:eb:bb:07:ff:d0:99:
         bb:ca:f4:29:c2:43:6b:42:f2:f4:6b:fb:8e:2d:c6:84:62:cd:
         58:b0:e8:91:35:5a:11:9c:07:ab:31:2d:a5:b8:6e:96:ad:b1:
         b3:8b:a7:78:8f:d2:01:e8:a3:46:5e:cc:72:e9:ac:74:f8:6e:
         4e:81:40:b4:cc:0b:14:0e:8e:71:bd:b1:b5:d0:c7:48:51:13:
         db:bd:b7:e5:37:69:68:96:36:8e:44:4a:86:94:cb:65:b2:7e:
         ba:dd:1e:48:1a:dc:4c:c7:64:4e:3c:db:7a:e4:ab:9a:91:0f:
         35:1d:b1:23:7b:f5:27:8d:f2:d0:86:38:2e:aa:0d:8b:d5:4e:
         1a:45:07:fc:61:a2:65:f6:5e:b2:8e:90:e9:42:f6:d9:f7:28:
         43:2d:d6:79
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjaYTjMo8BwhgaW0zJ66LdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjUwMTAxMTk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTE3NTkyMzBmOTJmODU2Mjg0YzQxODIzNmQ1MTU0Y2NhZjU1MDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Z1ae/NZXal0E1bk4y4R8OE9Khmx
n7/jYOzG2kd1BNJVPMklv664y9Nv6t6c6tuuI7hcAeO74n+0aEp1icAiv0MbFxEZ
yAMXiTk8Tb0SC3b+ndxQsNU/80FBlh9fyetBvNNW/RCkZTXBiM8zgK5EM9Jpbyme
xLuQ4VNIQLUGlz4SPLlRm4mkeT/besbny76lsNlH2+JzkB35gy4k1azvb/nMNZFb
xBdjCT+FqJr8tIrhktCR1P+3sMehc6V+U32wJn+aoIZ7XJhUeusmX4IyKFMZzoVp
LmhvsZOWRNnYkhwMKBsxI33TAiDXB6Q0K+Ca4IMpLU/ninAdAPyHXEEeUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPUXWSMPkvhWKExBgjbVFUzK9VCNMB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEvOVJkWkl3LVMtRllvVEVHQ050VVZUTXIxVUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgvVADAN
BgkqhkiG9w0BAQsFAAOCAQEAJXvLbGcTNLPIgPpRec/PnGc0/9mbjJ0JyqJ/TXK0
E9ECy38Ag6FE+/Pn4yBKoO88eYEp6BgQZSpVdw2Slr073l5Ea/i8vzOrcuqz2vSa
rjwfkwNPQ0CP6Ci8As8FXXl1DfTB5nP+67sH/9CZu8r0KcJDa0Ly9Gv7ji3GhGLN
WLDokTVaEZwHqzEtpbhulq2xs4uneI/SAeijRl7McumsdPhuToFAtMwLFA6Ocb2x
tdDHSFET27235TdpaJY2jkRKhpTLZbJ+ut0eSBrcTMdkTjzbeuSrmpEPNR2xI3v1
J43y0IY4LqoNi9VOGkUH/GGiZfZeso6Q6UL22fcoQy3WeQ==
-----END CERTIFICATE-----