Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/xXju9qGmfbY7jtuhCeomjVXSGgc.roa
File:                     xXju9qGmfbY7jtuhCeomjVXSGgc.roa (raw, json)
Hash identifier:          aLsgVbOegZpDj1KVoAXCqtR2JSEILQDuwOxScth37yg=
Subject key identifier:   C5:78:EE:F6:A1:A6:7D:B6:3B:8E:DB:A1:09:EA:26:8D:55:D2:1A:07
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       019730AE97C90EE26B68ED22FFF46F4A91EA
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/xXju9qGmfbY7jtuhCeomjVXSGgc.roa
Signing time:             Mon 02 Jun 2025 12:47:17 +0000
ROA not before:           Mon 02 Jun 2025 12:47:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210325
IP address blocks:        2a0d:3140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:30:ae:97:c9:0e:e2:6b:68:ed:22:ff:f4:6f:4a:91:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jun  2 12:47:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c578eef6a1a67db63b8edba109ea268d55d21a07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ec:77:21:57:95:42:d0:01:d3:74:ff:c3:0c:
                    d0:8a:f1:39:e0:cf:cd:60:0d:d2:1d:83:65:6c:15:
                    93:c4:22:86:23:b8:8b:37:5c:da:0d:29:eb:6b:6a:
                    55:01:13:a6:cb:43:32:4f:87:64:cb:52:3d:25:70:
                    bb:ab:6a:f3:d6:f9:7b:02:ce:d5:37:06:fe:26:b5:
                    55:d4:ca:20:39:e7:b2:a2:58:9d:7d:f3:fe:45:ff:
                    04:c7:c7:2c:a3:1c:8f:84:9a:3c:2b:6c:38:42:12:
                    81:60:34:96:6b:ad:99:3b:ac:a9:11:09:a4:43:c2:
                    c8:72:03:88:e5:5a:82:8b:63:5e:b7:a2:a3:53:a1:
                    b1:b2:cf:27:97:4a:65:c8:12:35:62:f3:dc:51:e5:
                    e7:92:9b:34:58:5d:a3:8f:41:f8:98:1c:3f:c3:7a:
                    1d:2b:d0:d4:d5:3b:d4:11:8d:b5:ed:93:60:94:1c:
                    7a:a6:a9:9d:09:51:46:6f:0a:82:b2:5a:70:3e:26:
                    c4:a1:69:dd:da:14:d1:ab:68:11:e2:b2:29:ba:eb:
                    be:ce:58:dd:8d:bf:ca:71:0c:e2:c5:ad:b6:3c:ae:
                    6f:4d:8b:84:fd:c2:5f:78:6f:91:03:f2:46:7a:8a:
                    77:53:52:34:e8:0f:9d:9a:6d:87:d1:1b:9b:df:aa:
                    a8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:78:EE:F6:A1:A6:7D:B6:3B:8E:DB:A1:09:EA:26:8D:55:D2:1A:07
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/xXju9qGmfbY7jtuhCeomjVXSGgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:3140::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:3b:c9:b9:b5:2b:a6:70:6b:bc:94:59:3e:54:5c:a7:52:36:
         ae:5f:23:0c:ce:74:c2:dd:13:a9:b7:0d:c7:cb:5e:6a:bf:3f:
         c4:c1:ed:0b:19:59:00:c5:bd:90:a9:f5:3c:1f:d5:a1:47:12:
         23:3e:1c:ec:59:4a:08:72:22:6a:55:da:b7:fe:b5:42:40:54:
         ce:f9:bb:ca:f9:3b:5d:98:15:66:1d:77:c7:9e:05:fb:78:2a:
         5c:4b:ed:25:6d:a7:38:bb:61:6a:35:0c:1b:33:bf:d0:84:77:
         77:02:72:3e:b0:d9:33:c3:dc:79:0f:3e:c8:f7:0e:46:d6:42:
         fd:aa:95:5f:7b:e4:52:20:8d:df:56:a8:1c:3a:80:31:fb:a6:
         fd:79:31:39:b5:7f:b9:d1:62:ec:3b:14:54:86:dd:d7:ca:08:
         e5:a8:ff:4e:53:9c:d9:64:a9:ad:1e:ac:eb:5c:66:82:57:38:
         80:b0:29:14:b7:ca:43:28:f0:79:09:4a:da:bc:23:f0:5a:bb:
         5c:1b:13:48:71:35:92:d7:b9:48:ac:fe:9a:6a:ce:01:54:91:
         47:4f:1a:8c:f7:2f:dc:0c:e0:21:55:5f:45:28:91:46:b9:40:
         03:0c:c2:91:a7:2a:11:bb:ba:4d:9c:3e:b8:dd:71:cb:87:dc:
         c2:7f:16:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcwrpfJDuJraO0i//RvSpHqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjUwNjAyMTI0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTc4ZWVmNmExYTY3ZGI2M2I4ZWRiYTEwOWVhMjY4ZDU1ZDIxYTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+x3IVeVQtAB03T/wwzQivE54M/N
YA3SHYNlbBWTxCKGI7iLN1zaDSnra2pVAROmy0MyT4dky1I9JXC7q2rz1vl7As7V
Nwb+JrVV1MogOeeyolidffP+Rf8Ex8csoxyPhJo8K2w4QhKBYDSWa62ZO6ypEQmk
Q8LIcgOI5VqCi2Net6KjU6Gxss8nl0plyBI1YvPcUeXnkps0WF2jj0H4mBw/w3od
K9DU1TvUEY217ZNglBx6pqmdCVFGbwqCslpwPibEoWnd2hTRq2gR4rIpuuu+zljd
jb/KcQzixa22PK5vTYuE/cJfeG+RA/JGeop3U1I06A+dmm2H0Rub36qoZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMV47vahpn22O47boQnqJo1V0hoHMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEveFhqdTlxR21mYlk3anR1aENlb21qVlhTR2djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg0xQDAN
BgkqhkiG9w0BAQsFAAOCAQEAWjvJubUrpnBrvJRZPlRcp1I2rl8jDM50wt0TqbcN
x8tear8/xMHtCxlZAMW9kKn1PB/VoUcSIz4c7FlKCHIialXat/61QkBUzvm7yvk7
XZgVZh13x54F+3gqXEvtJW2nOLthajUMGzO/0IR3dwJyPrDZM8PceQ8+yPcORtZC
/aqVX3vkUiCN31aoHDqAMfum/XkxObV/udFi7DsUVIbd18oI5aj/TlOc2WSprR6s
61xmglc4gLApFLfKQyjweQlK2rwj8Fq7XBsTSHE1kte5SKz+mmrOAVSRR08ajPcv
3AzgIVVfRSiRRrlAAwzCkacqEbu6TZw+uN1xy4fcwn8W2Q==
-----END CERTIFICATE-----