Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uGjVuNZ_nNaHf6g1SqNGszR5p_M.roa
File:                     uGjVuNZ_nNaHf6g1SqNGszR5p_M.roa (raw, json)
Hash identifier:          bshqyKaoOa/Hv6eJ1RPhZYiYE5vI1j9TDmrZRmfDIVk=
Subject key identifier:   B8:68:D5:B8:D6:7F:9C:D6:87:7F:A8:35:4A:A3:46:B3:34:79:A7:F3
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EDF62A694EC57EA7A72F6D2B9DDCE
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uGjVuNZ_nNaHf6g1SqNGszR5p_M.roa
Signing time:             Thu 02 Jan 2025 05:48:27 +0000
ROA not before:           Thu 02 Jan 2025 05:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209557
IP address blocks:        2a0e:aa02:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 06:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:df:62:a6:94:ec:57:ea:7a:72:f6:d2:b9:dd:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b868d5b8d67f9cd6877fa8354aa346b33479a7f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6d:1e:9e:b9:98:f8:ca:8f:9e:2c:f9:66:c8:
                    64:e3:f0:70:37:53:2b:c0:66:a4:e3:27:41:71:f0:
                    1f:43:5f:11:4a:d0:d1:29:62:80:1a:d6:17:a9:a1:
                    96:4a:59:c8:c1:b7:7f:40:33:50:50:cc:b3:9a:5c:
                    cb:90:40:1c:b0:65:f5:c0:ac:35:65:61:91:65:67:
                    9f:e9:d0:12:03:d2:f3:9e:21:03:4e:8a:29:21:9c:
                    14:bd:76:6e:62:20:12:97:6a:b4:60:fa:f6:2b:17:
                    a9:1e:31:43:57:51:5d:f1:fd:4f:d7:a1:eb:81:e4:
                    1d:32:cf:31:8d:02:7e:85:c2:bf:51:a3:8e:19:80:
                    eb:ba:09:b5:21:0d:47:01:59:cf:dd:bb:d4:50:c3:
                    f3:04:e9:a2:c1:c0:02:67:61:c8:e0:f3:f1:18:05:
                    e6:d0:5a:72:3c:19:08:9b:07:62:77:29:a7:c4:58:
                    ca:f8:7a:a6:61:e1:8a:10:55:d9:24:a3:c7:ce:95:
                    96:0a:7e:f5:77:2a:10:29:6c:aa:04:0f:a6:4c:0d:
                    09:d1:29:35:ac:03:d3:94:62:43:de:2e:ac:d8:07:
                    d7:8b:42:a6:52:e5:77:4d:ed:f7:3b:a7:a6:b0:bc:
                    5e:42:95:73:1e:2b:73:ab:92:f1:61:64:82:f8:5a:
                    b0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:68:D5:B8:D6:7F:9C:D6:87:7F:A8:35:4A:A3:46:B3:34:79:A7:F3
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uGjVuNZ_nNaHf6g1SqNGszR5p_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa02:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:3a:ab:f9:b8:a0:df:2a:58:36:53:61:41:27:4d:14:88:df:
         e5:0a:41:a6:cc:51:d3:5d:1c:78:2d:41:3e:e2:00:43:2a:aa:
         cf:31:f7:27:89:53:1c:f1:99:ba:00:77:71:12:0e:de:20:a2:
         03:84:25:bf:02:e9:eb:da:04:e2:95:66:b3:09:81:63:59:64:
         68:61:35:3c:ff:84:77:35:8e:f1:57:51:a5:d6:e4:78:a2:85:
         fa:11:24:b3:27:10:23:63:9d:61:d2:54:e3:1b:6a:c1:c7:a0:
         95:00:b2:e8:0a:dd:60:dc:fe:3a:d7:95:02:af:54:df:16:94:
         6e:57:5a:49:91:12:41:f6:d1:da:80:bc:1b:f6:34:54:00:d0:
         21:41:7e:fc:c9:6f:35:82:5d:c4:4e:20:af:85:9e:52:fb:ff:
         1d:02:70:11:7e:b5:0a:e6:39:0e:ac:01:05:83:91:07:12:b4:
         fa:54:12:cf:5e:43:78:08:53:dd:1e:3e:4e:f6:da:f5:07:26:
         64:52:9e:c8:8f:78:ba:19:11:6a:e6:d9:4d:90:13:12:bb:ee:
         ef:1e:2a:0a:57:25:05:c6:42:a4:de:39:a7:04:67:eb:fd:4f:
         72:48:56:12:f2:b4:77:3e:24:a2:bd:57:d2:4c:b9:89:08:7e:
         12:d9:36:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljt9ippTsV+p6cvbSud3OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODY4ZDViOGQ2N2Y5Y2Q2ODc3ZmE4MzU0YWEzNDZiMzM0NzlhN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW0enrmY+MqPniz5Zshk4/BwN1Mr
wGak4ydBcfAfQ18RStDRKWKAGtYXqaGWSlnIwbd/QDNQUMyzmlzLkEAcsGX1wKw1
ZWGRZWef6dASA9LzniEDToopIZwUvXZuYiASl2q0YPr2KxepHjFDV1Fd8f1P16Hr
geQdMs8xjQJ+hcK/UaOOGYDrugm1IQ1HAVnP3bvUUMPzBOmiwcACZ2HI4PPxGAXm
0FpyPBkImwdidymnxFjK+HqmYeGKEFXZJKPHzpWWCn71dyoQKWyqBA+mTA0J0Sk1
rAPTlGJD3i6s2AfXi0KmUuV3Te33O6emsLxeQpVzHitzq5LxYWSC+FqwTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLho1bjWf5zWh3+oNUqjRrM0eafzMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvdUdqVnVOWl9uTmFIZjZnMVNxTkdzelI1cF9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qAgAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAEOqv5uKDfKlg2U2FBJ00UiN/lCkGmzFHTXRx4
LUE+4gBDKqrPMfcniVMc8Zm6AHdxEg7eIKIDhCW/Aunr2gTilWazCYFjWWRoYTU8
/4R3NY7xV1Gl1uR4ooX6ESSzJxAjY51h0lTjG2rBx6CVALLoCt1g3P4615UCr1Tf
FpRuV1pJkRJB9tHagLwb9jRUANAhQX78yW81gl3ETiCvhZ5S+/8dAnARfrUK5jkO
rAEFg5EHErT6VBLPXkN4CFPdHj5O9tr1ByZkUp7Ij3i6GRFq5tlNkBMSu+7vHioK
VyUFxkKk3jmnBGfr/U9ySFYS8rR3PiSivVfSTLmJCH4S2TaK
-----END CERTIFICATE-----