Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/7oQCkgQiQe0aSOMjKsk2Vf3ItZA.roa
File:                     7oQCkgQiQe0aSOMjKsk2Vf3ItZA.roa (raw, json)
Hash identifier:          OZo+8ycY2uARq9nd9Pz7Wqlpz2p0AEsCp3Kn3mOE7gY=
Subject key identifier:   EE:84:02:92:04:22:41:ED:1A:48:E3:23:2A:C9:36:55:FD:C8:B5:90
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258ECA5BF3ABC50942B8C40E7A706EDF
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/7oQCkgQiQe0aSOMjKsk2Vf3ItZA.roa
Signing time:             Thu 02 Jan 2025 05:48:22 +0000
ROA not before:           Thu 02 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139317
IP address blocks:        2a0e:aa07:f080::/44 maxlen: 48
                          2a0e:aa07:f0d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ca:5b:f3:ab:c5:09:42:b8:c4:0e:7a:70:6e:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee840292042241ed1a48e3232ac93655fdc8b590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cd:a2:a5:74:8a:79:39:a8:54:b9:5b:0c:3b:
                    82:ce:69:a0:cd:f4:af:8b:09:bf:d4:d1:3f:42:37:
                    5c:79:7e:aa:89:0a:5b:23:5c:89:6f:f5:df:13:53:
                    fc:a4:e1:05:75:bd:3b:25:03:b4:d7:69:1f:da:29:
                    1c:39:3f:e9:47:43:de:8b:9d:93:03:a0:d3:ab:58:
                    57:4c:45:10:e2:e8:5d:b4:91:e4:b1:44:60:92:6e:
                    67:af:cd:6f:08:d8:df:7b:fa:4c:24:ab:c9:9f:26:
                    eb:44:92:ca:de:cc:4b:9f:32:5d:36:c9:f5:74:7d:
                    39:fd:09:db:31:26:77:8b:41:b1:1b:d0:e0:b4:0d:
                    59:a5:ff:0f:5d:3f:d1:ea:b2:a6:59:de:5a:0e:4a:
                    1e:f2:9d:cd:64:b2:fb:52:9a:dc:41:64:61:bf:ff:
                    3b:ce:5e:c9:7c:aa:d0:27:f0:85:a2:cb:1f:17:af:
                    ac:00:8c:f9:d0:88:b2:3c:65:db:62:a6:fd:5c:18:
                    9a:13:08:fc:c8:e5:64:5c:0f:19:78:75:9e:83:ab:
                    0a:84:36:8d:a8:02:f8:12:d6:2f:70:94:b1:30:ae:
                    ef:5c:86:79:c3:3e:10:6e:bb:d8:10:0d:8b:63:25:
                    04:a1:b7:06:0d:80:31:b7:61:b1:6e:41:2f:3b:13:
                    51:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:84:02:92:04:22:41:ED:1A:48:E3:23:2A:C9:36:55:FD:C8:B5:90
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/7oQCkgQiQe0aSOMjKsk2Vf3ItZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:f080::/44
                  2a0e:aa07:f0d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1c:29:1a:ec:38:65:6d:c3:33:c5:1c:bd:7f:9d:44:67:36:a7:
         ce:9e:0d:44:ab:f1:f7:f4:8a:b2:f1:4c:01:64:91:67:da:ee:
         32:46:c7:46:9e:ac:70:5c:26:d2:9c:77:ed:73:c6:cd:85:e6:
         d4:3b:35:09:49:f7:32:0e:aa:cf:9b:5e:d3:8b:56:bb:e3:9a:
         b0:ec:2e:30:09:77:e8:23:3b:9a:c6:09:1a:05:0a:0d:36:92:
         5d:26:f5:19:bd:16:de:ed:80:e5:b1:16:78:4d:8b:1e:76:67:
         a6:41:d2:6c:6d:39:18:7b:2a:ea:80:9d:11:e9:38:5a:23:f1:
         84:66:49:97:1a:a9:28:69:5f:ae:42:c5:03:8d:7d:54:7b:eb:
         2f:4e:ae:f3:2b:2c:49:e3:a9:5f:56:69:50:e7:b7:16:3f:1f:
         ff:38:5a:62:47:2a:92:03:13:57:9b:3f:ea:ee:2d:73:48:cb:
         28:66:2c:db:0f:97:0d:81:93:ad:cb:21:9f:3c:65:f3:63:25:
         e5:da:7a:4d:09:bb:c4:91:f4:96:76:ec:85:55:b7:08:bc:b5:
         63:b0:1f:7d:d9:7d:de:73:fa:c1:1e:26:a5:33:91:0c:3c:e8:
         82:87:fc:57:d8:0c:2e:ff:a5:72:9d:12:01:7e:c6:6e:11:af:
         89:2a:48:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQljspb86vFCUK4xA56cG7fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTg0MDI5MjA0MjI0MWVkMWE0OGUzMjMyYWM5MzY1NWZkYzhiNTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvM2ipXSKeTmoVLlbDDuCzmmgzfSv
iwm/1NE/QjdceX6qiQpbI1yJb/XfE1P8pOEFdb07JQO012kf2ikcOT/pR0Pei52T
A6DTq1hXTEUQ4uhdtJHksURgkm5nr81vCNjfe/pMJKvJnybrRJLK3sxLnzJdNsn1
dH05/QnbMSZ3i0GxG9DgtA1Zpf8PXT/R6rKmWd5aDkoe8p3NZLL7UprcQWRhv/87
zl7JfKrQJ/CFossfF6+sAIz50IiyPGXbYqb9XBiaEwj8yOVkXA8ZeHWeg6sKhDaN
qAL4EtYvcJSxMK7vXIZ5wz4QbrvYEA2LYyUEobcGDYAxt2GxbkEvOxNRDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO6EApIEIkHtGkjjIyrJNlX9yLWQMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvN29RQ2tnUWlRZTBhU09NaktzazJWZjNJdFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6qB/CA
AwcEKg6qB/DQMA0GCSqGSIb3DQEBCwUAA4IBAQAcKRrsOGVtwzPFHL1/nURnNqfO
ng1Eq/H39Iqy8UwBZJFn2u4yRsdGnqxwXCbSnHftc8bNhebUOzUJSfcyDqrPm17T
i1a745qw7C4wCXfoIzuaxgkaBQoNNpJdJvUZvRbe7YDlsRZ4TYsedmemQdJsbTkY
eyrqgJ0R6ThaI/GEZkmXGqkoaV+uQsUDjX1Ue+svTq7zKyxJ46lfVmlQ57cWPx//
OFpiRyqSAxNXmz/q7i1zSMsoZizbD5cNgZOtyyGfPGXzYyXl2npNCbvEkfSWduyF
VbcIvLVjsB992X3ec/rBHialM5EMPOiCh/xX2Awu/6VynRIBfsZuEa+JKkhc
-----END CERTIFICATE-----