Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/naY9fp5NjU8tDM9SZRY3PwOYYGE.roa
File:                     naY9fp5NjU8tDM9SZRY3PwOYYGE.roa (raw, json)
Hash identifier:          J2q3UXA0g3wffHsTK3B29tfni2jGtIyER66BpRGgXKA=
Subject key identifier:   9D:A6:3D:7E:9E:4D:8D:4F:2D:0C:CF:52:65:16:37:3F:03:98:60:61
Certificate issuer:       /CN=58ffa14df2a89cb6709636f2b0b570abccf8b84b
Certificate serial:       0194266C3EB574A68BD0E8B0AFC3F0A30514
Authority key identifier: 58:FF:A1:4D:F2:A8:9C:B6:70:96:36:F2:B0:B5:70:AB:CC:F8:B8:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WP-hTfKonLZwljbysLVwq8z4uEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/naY9fp5NjU8tDM9SZRY3PwOYYGE.roa
Signing time:             Thu 02 Jan 2025 09:50:15 +0000
ROA not before:           Thu 02 Jan 2025 09:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213251
IP address blocks:        2a0b:bbc0:1c00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/WP-hTfKonLZwljbysLVwq8z4uEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/WP-hTfKonLZwljbysLVwq8z4uEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WP-hTfKonLZwljbysLVwq8z4uEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:3e:b5:74:a6:8b:d0:e8:b0:af:c3:f0:a3:05:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ffa14df2a89cb6709636f2b0b570abccf8b84b
        Validity
            Not Before: Jan  2 09:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9da63d7e9e4d8d4f2d0ccf526516373f03986061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9a:08:43:08:ec:c3:e5:10:2f:4c:02:48:ad:
                    eb:fc:9f:ac:b5:a9:3e:66:f9:5a:a2:f4:c8:85:de:
                    08:4e:41:40:52:ed:c3:ad:fe:dd:43:07:e8:62:09:
                    cd:4c:9e:6a:9d:6d:3a:b2:f3:d7:d8:cd:ff:2c:f4:
                    1c:9a:e9:18:8c:38:58:9f:1f:08:d8:68:f5:80:31:
                    85:a7:bd:4e:8f:5e:7e:e3:6d:20:0c:50:43:76:aa:
                    bb:42:ab:35:ce:1d:62:4d:52:3a:7b:31:9d:92:17:
                    63:f2:8e:c0:77:90:07:46:44:4f:ff:33:b1:24:f8:
                    a8:2b:de:04:a5:1f:20:d9:10:6f:5a:18:b8:3b:33:
                    a2:64:16:16:6b:b6:aa:5a:83:c3:b3:4e:00:6d:aa:
                    73:35:ce:bd:4c:0c:fb:4d:11:7a:f1:4d:4a:8f:2e:
                    e0:5f:2f:55:48:e2:85:92:ac:9f:42:d5:65:e6:6d:
                    f1:01:4d:76:de:3e:58:6a:dc:a8:e4:45:44:e0:06:
                    36:f1:f5:7d:f0:7a:ea:73:09:fd:ea:2c:a5:27:4e:
                    ec:6f:a5:ff:68:9c:99:60:98:2e:98:b1:be:8c:e8:
                    e8:23:2e:e3:b9:28:f3:c4:18:1e:15:57:f5:16:6a:
                    f3:1b:74:41:b2:0f:a0:06:c7:e4:4f:9b:a0:b5:06:
                    31:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:A6:3D:7E:9E:4D:8D:4F:2D:0C:CF:52:65:16:37:3F:03:98:60:61
            X509v3 Authority Key Identifier:
                keyid:58:FF:A1:4D:F2:A8:9C:B6:70:96:36:F2:B0:B5:70:AB:CC:F8:B8:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WP-hTfKonLZwljbysLVwq8z4uEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/naY9fp5NjU8tDM9SZRY3PwOYYGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/WP-hTfKonLZwljbysLVwq8z4uEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:bbc0:1c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         c4:7a:fd:ae:f5:ce:30:a8:29:ee:b4:1b:7d:86:c1:1b:da:cb:
         bd:8c:e2:18:2b:6b:9d:30:79:bc:c3:13:cf:a9:57:41:03:a7:
         03:59:ec:61:b9:6d:32:e5:48:df:45:95:16:36:de:b8:a5:d9:
         61:ee:97:a3:c7:70:1f:31:10:1b:20:97:0d:01:e3:4a:b4:82:
         38:f9:3e:bc:d1:86:bd:15:3e:7f:a4:be:50:f8:4a:ee:85:f1:
         0a:7b:f1:e9:9d:d7:7d:62:38:de:1a:6f:78:ad:0b:f7:13:29:
         c0:47:e8:95:00:00:44:80:4b:85:cb:d3:c8:6a:df:49:b8:f3:
         f8:06:76:30:f3:b7:56:1e:76:25:97:bb:7d:0b:07:ad:d9:f8:
         aa:94:e0:a0:d3:af:78:41:2d:db:46:2f:4d:17:ed:02:96:7a:
         98:bf:19:36:4f:bb:24:51:c9:08:ed:25:7e:36:63:9b:e6:ba:
         ae:6a:14:f2:2e:d9:6c:04:99:d2:0e:3d:1b:16:63:1b:7b:88:
         e4:74:7a:e8:20:e3:b0:b9:e1:65:f0:c4:2a:07:7e:99:4d:b2:
         d6:3f:59:55:74:62:e6:37:72:52:08:7e:c5:35:87:bf:74:29:
         68:a6:fd:8e:c6:e7:3b:0b:00:84:23:6d:f7:b6:12:c8:e1:b6:
         62:a1:cb:2c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQmbD61dKaL0Oiwr8PwowUUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZmZhMTRkZjJhODljYjY3MDk2MzZmMmIwYjU3MGFiY2Nm
OGI4NGIwHhcNMjUwMTAyMDk1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGE2M2Q3ZTllNGQ4ZDRmMmQwY2NmNTI2NTE2MzczZjAzOTg2MDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZoIQwjsw+UQL0wCSK3r/J+stak+
ZvlaovTIhd4ITkFAUu3Drf7dQwfoYgnNTJ5qnW06svPX2M3/LPQcmukYjDhYnx8I
2Gj1gDGFp71Oj15+420gDFBDdqq7Qqs1zh1iTVI6ezGdkhdj8o7Ad5AHRkRP/zOx
JPioK94EpR8g2RBvWhi4OzOiZBYWa7aqWoPDs04AbapzNc69TAz7TRF68U1Kjy7g
Xy9VSOKFkqyfQtVl5m3xAU123j5Yatyo5EVE4AY28fV98Hrqcwn96iylJ07sb6X/
aJyZYJgumLG+jOjoIy7juSjzxBgeFVf1FmrzG3RBsg+gBsfkT5ugtQYxHQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJ2mPX6eTY1PLQzPUmUWNz8DmGBhMB8GA1UdIwQY
MBaAFFj/oU3yqJy2cJY28rC1cKvM+LhLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1AtaFRmS29uTFp3bGpieXNMVndxOHo0dUVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8wYjA2YmMtYjhjNy00Zjc1LWIyOWUt
YzEwN2E3YWMwNDg4LzEvbmFZOWZwNU5qVTh0RE05U1pSWTNQd09ZWUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8wYjA2YmMtYjhjNy00Zjc1LWIyOWUtYzEwN2E3YWMwNDg4
LzEvV1AtaFRmS29uTFp3bGpieXNMVndxOHo0dUVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgu7wBww
DQYJKoZIhvcNAQELBQADggEBAMR6/a71zjCoKe60G32GwRvay72M4hgra50webzD
E8+pV0EDpwNZ7GG5bTLlSN9FlRY23ril2WHul6PHcB8xEBsglw0B40q0gjj5PrzR
hr0VPn+kvlD4Su6F8Qp78emd131iON4ab3itC/cTKcBH6JUAAESAS4XL08hq30m4
8/gGdjDzt1YediWXu30LB63Z+KqU4KDTr3hBLdtGL00X7QKWepi/GTZPuyRRyQjt
JX42Y5vmuq5qFPIu2WwEmdIOPRsWYxt7iOR0eugg47C54WXwxCoHfplNstY/WVV0
YuY3clIIfsU1h790KWim/Y7G5zsLAIQjbfe2EsjhtmKhyyw=
-----END CERTIFICATE-----