Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/rI3BUUNmmdz_A7GTMa-NmL7qtcI.roa
File:                     rI3BUUNmmdz_A7GTMa-NmL7qtcI.roa (raw, json)
Hash identifier:          aUp66qmmCZlHuRPbWVjj6jt7emRrai3ZD6hH/ipGctU=
Subject key identifier:   AC:8D:C1:51:43:66:99:DC:FF:03:B1:93:31:AF:8D:98:BE:EA:B5:C2
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       0194266B63B4B5928CDC32385FFEA96654AE
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/rI3BUUNmmdz_A7GTMa-NmL7qtcI.roa
Signing time:             Thu 02 Jan 2025 09:49:19 +0000
ROA not before:           Thu 02 Jan 2025 09:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204405
IP address blocks:        2a02:17a5::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:63:b4:b5:92:8c:dc:32:38:5f:fe:a9:66:54:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  2 09:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac8dc151436699dcff03b19331af8d98beeab5c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:81:59:8b:76:3f:b6:0c:55:70:46:d3:fb:48:
                    f9:24:36:ef:6e:fb:a8:6f:53:31:e5:06:a5:24:67:
                    5d:a4:c6:37:e5:04:d8:6c:1b:65:f2:59:7f:a0:88:
                    b2:23:cc:4f:3a:b9:3a:3d:93:4c:b3:9d:6e:df:35:
                    83:ac:e0:1b:71:bf:a4:93:da:36:74:ce:a6:0d:9c:
                    9c:36:d1:7d:fa:88:be:b0:e9:86:1a:ac:80:8f:99:
                    b3:d0:4e:b3:ed:5c:e6:ab:d4:52:0f:88:86:86:9a:
                    e2:8f:e3:ac:85:cd:02:f0:d2:bf:5a:47:a2:de:f1:
                    f3:49:9a:ba:49:d8:91:b8:0c:88:02:06:db:29:c8:
                    3f:2d:43:2d:cd:5d:f1:9f:73:d9:ab:cb:d9:82:71:
                    f6:34:95:fc:d0:8c:c1:95:02:5a:42:28:9e:82:cd:
                    1b:ba:c4:5d:2f:65:bf:9d:15:26:a8:6b:39:9b:2e:
                    e7:0c:58:11:6c:28:7e:db:08:af:6e:9b:23:16:08:
                    ce:9b:bd:71:b7:34:80:a8:f1:d3:0a:01:eb:45:71:
                    ac:17:0f:ec:1b:4e:54:c9:63:99:08:22:10:96:4f:
                    ed:85:d9:78:37:52:3e:5c:34:e7:4e:12:53:1b:4c:
                    a8:92:f9:87:6a:7d:ce:64:87:57:a6:8a:8b:16:8a:
                    bc:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:8D:C1:51:43:66:99:DC:FF:03:B1:93:31:AF:8D:98:BE:EA:B5:C2
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/rI3BUUNmmdz_A7GTMa-NmL7qtcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:17a5::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:28:d9:9d:c0:2a:30:3c:a4:94:92:7b:eb:e1:a8:c9:77:e1:
         06:08:a4:85:21:ba:ac:54:56:87:33:b3:64:27:25:94:85:ab:
         68:d9:9a:2a:7d:8c:91:af:f8:61:5d:7c:28:3c:7a:f6:29:2b:
         e3:94:22:6d:42:ee:b2:e5:80:6a:ee:f1:d2:1d:5f:4e:ac:ec:
         65:92:f0:a0:78:51:e9:13:b7:64:a4:5f:d7:1d:08:49:66:19:
         0e:a5:4d:c7:65:7b:72:2a:de:0a:e7:c6:b6:5c:9b:e3:11:a7:
         31:3d:25:d0:26:ef:50:a5:57:b5:63:c7:e7:a0:60:6c:c4:2c:
         c7:fe:b3:08:4a:94:51:28:ac:b7:6c:b1:ea:dc:6c:ac:cf:c9:
         9c:93:8d:76:c0:18:f8:fd:db:27:a0:09:ed:29:ea:fe:ce:45:
         8c:e5:00:89:54:83:72:24:de:ba:b7:83:8d:38:90:30:03:57:
         31:da:2c:34:6e:5a:6b:32:ce:d4:bd:08:cd:a1:81:4d:50:2c:
         88:4a:9c:62:ff:16:40:d2:fc:78:42:e0:6a:f7:36:8b:61:a1:
         0b:a7:53:f0:37:ee:c0:d5:4c:2f:d9:46:18:e9:d5:fe:57:c6:
         0f:ef:ad:0b:22:2a:ff:98:18:9a:94:f9:0b:b2:ce:7b:57:bd:
         16:ee:cc:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQma2O0tZKM3DI4X/6pZlSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjUwMTAyMDk0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzhkYzE1MTQzNjY5OWRjZmYwM2IxOTMzMWFmOGQ5OGJlZWFiNWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIFZi3Y/tgxVcEbT+0j5JDbvbvuo
b1Mx5QalJGddpMY35QTYbBtl8ll/oIiyI8xPOrk6PZNMs51u3zWDrOAbcb+kk9o2
dM6mDZycNtF9+oi+sOmGGqyAj5mz0E6z7Vzmq9RSD4iGhprij+Oshc0C8NK/Wkei
3vHzSZq6SdiRuAyIAgbbKcg/LUMtzV3xn3PZq8vZgnH2NJX80IzBlQJaQiiegs0b
usRdL2W/nRUmqGs5my7nDFgRbCh+2wivbpsjFgjOm71xtzSAqPHTCgHrRXGsFw/s
G05UyWOZCCIQlk/thdl4N1I+XDTnThJTG0yokvmHan3OZIdXpoqLFoq8aQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKyNwVFDZpnc/wOxkzGvjZi+6rXCMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvckkzQlVVTm1tZHpfQTdHVE1hLU5tTDdxdGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIXpTAN
BgkqhkiG9w0BAQsFAAOCAQEApSjZncAqMDyklJJ76+GoyXfhBgikhSG6rFRWhzOz
ZCcllIWraNmaKn2Mka/4YV18KDx69ikr45QibULusuWAau7x0h1fTqzsZZLwoHhR
6RO3ZKRf1x0ISWYZDqVNx2V7cireCufGtlyb4xGnMT0l0CbvUKVXtWPH56BgbMQs
x/6zCEqUUSist2yx6txsrM/JnJONdsAY+P3bJ6AJ7Snq/s5FjOUAiVSDciTeureD
jTiQMANXMdosNG5aazLO1L0IzaGBTVAsiEqcYv8WQNL8eELgavc2i2GhC6dT8Dfu
wNVML9lGGOnV/lfGD++tCyIq/5gYmpT5C7LOe1e9Fu7Myw==
-----END CERTIFICATE-----