Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/BT9PpbhARp2PKEupubiiio8TvBc.roa
File:                     BT9PpbhARp2PKEupubiiio8TvBc.roa (raw, json)
Hash identifier:          PoRHUsj11iEWOHUhXg6p185DLswF97IfYO5dpNwM+4k=
Subject key identifier:   05:3F:4F:A5:B8:40:46:9D:8F:28:4B:A9:B9:B8:A2:8A:8F:13:BC:17
Certificate issuer:       /CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
Certificate serial:       019600DF33E37F77C768013519B310D1B264
Authority key identifier: 29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/BT9PpbhARp2PKEupubiiio8TvBc.roa
Signing time:             Fri 04 Apr 2025 12:55:49 +0000
ROA not before:           Fri 04 Apr 2025 12:55:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202496
IP address blocks:        2a14:c883:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:00:df:33:e3:7f:77:c7:68:01:35:19:b3:10:d1:b2:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
        Validity
            Not Before: Apr  4 12:55:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=053f4fa5b840469d8f284ba9b9b8a28a8f13bc17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:53:a5:9d:ca:da:b1:42:50:9d:a0:66:11:48:
                    17:f4:81:46:aa:80:aa:da:e8:40:5f:48:61:4b:d6:
                    02:4e:91:20:d2:1b:2b:76:0d:9d:47:15:a7:d0:5b:
                    94:7a:78:b4:41:14:46:66:ab:74:c7:13:63:b9:dd:
                    06:6d:46:6b:3b:d3:a0:a8:a1:13:44:40:d0:9f:60:
                    73:cc:ff:2e:61:c2:93:66:f8:6f:26:63:3b:8e:da:
                    bd:b3:2d:97:07:95:90:b9:90:1b:b3:c7:29:97:bf:
                    a5:ec:2d:34:b6:62:3d:76:72:c3:5b:f1:6c:d9:e6:
                    cf:e5:52:4f:bb:95:e6:07:21:7a:1a:86:8f:de:3b:
                    4a:d6:e7:5e:f1:d4:e9:43:0d:28:3e:9d:7d:ea:76:
                    fc:4c:af:50:e3:52:e6:c9:b0:25:19:c8:79:d9:e6:
                    85:74:ac:c7:d7:40:cb:3c:72:d2:16:a6:94:02:9f:
                    3b:01:17:49:84:29:07:c7:a4:ed:5f:85:44:e3:aa:
                    f2:4d:49:df:2b:3f:de:e8:39:9d:f5:83:97:74:50:
                    2f:ba:bc:94:f7:f3:41:6d:c1:e8:6c:ab:28:9c:79:
                    74:75:f4:a1:42:7c:70:96:1f:04:01:ff:e5:0c:48:
                    1f:04:83:62:b2:a4:e9:b0:c1:82:ec:29:03:91:05:
                    7c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:3F:4F:A5:B8:40:46:9D:8F:28:4B:A9:B9:B8:A2:8A:8F:13:BC:17
            X509v3 Authority Key Identifier:
                keyid:29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/BT9PpbhARp2PKEupubiiio8TvBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c883:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         81:46:cf:44:b4:56:e0:86:73:fe:35:a1:f9:09:cf:43:40:1e:
         50:f9:35:12:18:95:75:cc:10:6c:d6:13:ac:b2:7e:f4:db:02:
         cd:00:bd:c6:9c:3d:6f:66:5f:a4:fa:d8:34:52:33:31:5f:1d:
         0b:9b:fe:51:94:63:79:43:e5:d0:34:cc:65:8a:58:fe:14:76:
         19:dd:7c:1c:e6:54:ec:85:f6:90:35:ec:65:e9:5d:7d:d7:7a:
         b8:d7:29:b6:33:98:2d:16:53:d9:28:53:98:bb:e5:bd:a0:aa:
         9a:3c:67:3b:40:cc:4e:85:d9:d9:af:40:f5:03:72:11:8c:6d:
         df:f1:03:64:8c:13:0d:ef:c4:9a:7b:68:fa:d6:0c:84:0f:ba:
         2b:19:e9:d0:60:3c:0b:de:8a:d7:ae:77:9f:6c:66:5c:99:24:
         6a:7f:79:ab:db:39:e4:38:e1:fe:3b:d2:c8:41:e9:e2:8f:f0:
         8c:fa:fd:7b:e4:e2:e7:7d:87:6d:2b:c2:83:49:c3:00:73:36:
         b5:d1:d6:95:d1:96:b9:d9:94:05:7f:26:10:35:ab:81:69:c4:
         bf:9d:63:25:a8:2d:b4:40:6e:06:00:7f:86:9d:7c:aa:2b:01:
         43:ec:a8:b2:4f:4c:49:28:72:f8:d4:a2:35:d8:d6:fa:42:5f:
         cb:3f:52:88
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZYA3zPjf3fHaAE1GbMQ0bJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZmE3ZGQ2M2YyZTJkODdiNWY3ODUwMDkzYzc0M2JiZmJl
MTRlNDQwHhcNMjUwNDA0MTI1NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTNmNGZhNWI4NDA0NjlkOGYyODRiYTliOWI4YTI4YThmMTNiYzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA51OlncrasUJQnaBmEUgX9IFGqoCq
2uhAX0hhS9YCTpEg0hsrdg2dRxWn0FuUeni0QRRGZqt0xxNjud0GbUZrO9OgqKET
REDQn2BzzP8uYcKTZvhvJmM7jtq9sy2XB5WQuZAbs8cpl7+l7C00tmI9dnLDW/Fs
2ebP5VJPu5XmByF6GoaP3jtK1ude8dTpQw0oPp196nb8TK9Q41LmybAlGch52eaF
dKzH10DLPHLSFqaUAp87ARdJhCkHx6TtX4VE46ryTUnfKz/e6Dmd9YOXdFAvuryU
9/NBbcHobKsonHl0dfShQnxwlh8EAf/lDEgfBINisqTpsMGC7CkDkQV8GQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAU/T6W4QEadjyhLqbm4ooqPE7wXMB8GA1UdIwQY
MBaAFCn6fdY/Li2HtfeFAJPHQ7v74U5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUt
NzlmN2I2ZWE3YzE0LzEvQlQ5UHBiaEFScDJQS0V1cHViaWlpbzhUdkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUtNzlmN2I2ZWE3YzE0
LzEvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhTIg4Aw
DQYJKoZIhvcNAQELBQADggEBAIFGz0S0VuCGc/41ofkJz0NAHlD5NRIYlXXMEGzW
E6yyfvTbAs0AvcacPW9mX6T62DRSMzFfHQub/lGUY3lD5dA0zGWKWP4UdhndfBzm
VOyF9pA17GXpXX3XerjXKbYzmC0WU9koU5i75b2gqpo8ZztAzE6F2dmvQPUDchGM
bd/xA2SMEw3vxJp7aPrWDIQPuisZ6dBgPAveiteud59sZlyZJGp/eavbOeQ44f47
0shB6eKP8Iz6/Xvk4ud9h20rwoNJwwBzNrXR1pXRlrnZlAV/JhA1q4FpxL+dYyWo
LbRAbgYAf4adfKorAUPsqLJPTEkocvjUojXY1vpCX8s/Uog=
-----END CERTIFICATE-----