Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/n5ExxW7AlKYh8Zobqyue2WEan98.roa
File:                     n5ExxW7AlKYh8Zobqyue2WEan98.roa (raw, json)
Hash identifier:          53bKldCzLO+N7tn60ehAZ5PROGRcKw9uwit5PGEVVvo=
Subject key identifier:   9F:91:31:C5:6E:C0:94:A6:21:F1:9A:1B:AB:2B:9E:D9:61:1A:9F:DF
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BF16B17976FA17AAD03CA04A986BA
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/n5ExxW7AlKYh8Zobqyue2WEan98.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211301
IP address blocks:        2a0f:5707:25::/48 maxlen: 48
                          2a0f:5707:aa60::/44 maxlen: 48
                          2a0f:5707:aaf0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f1:6b:17:97:6f:a1:7a:ad:03:ca:04:a9:86:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f9131c56ec094a621f19a1bab2b9ed9611a9fdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:92:03:b4:e7:76:f0:c7:1c:a9:96:6a:fa:d3:
                    6e:13:cd:b9:28:c2:77:b8:2c:4e:f6:4d:ae:c6:28:
                    e9:82:44:00:d4:7b:84:ea:62:1c:b6:8b:64:23:20:
                    e8:18:3e:15:71:0a:b7:91:6e:69:87:0b:a4:d5:10:
                    7f:ea:72:24:28:78:8f:f2:c9:65:b5:f1:51:4a:48:
                    b6:0f:f7:31:62:a8:77:4d:ff:3d:c6:e1:00:9b:c1:
                    46:df:0c:80:3e:e0:2f:d5:2b:a6:2d:56:11:82:af:
                    2e:6c:4e:84:13:cb:43:4b:ae:00:4c:d2:fa:f7:e0:
                    20:25:d8:49:7a:e8:0f:6b:96:4c:e9:e5:f6:ba:42:
                    da:fb:75:76:62:b8:85:9a:fd:a5:7c:0d:6d:cf:7a:
                    c4:eb:a9:54:b9:95:5a:ee:85:19:01:a5:4c:53:d6:
                    34:e4:b6:16:15:54:3c:c6:6e:5c:82:e4:ed:5d:53:
                    79:b9:d0:d6:fb:36:a2:4e:1d:f8:13:83:a4:a5:43:
                    5e:2f:97:03:7a:cb:3b:9d:b8:8b:34:ab:47:c5:25:
                    64:30:a2:c8:6b:87:08:ea:76:37:a6:17:b5:2d:a4:
                    c6:8c:c7:95:0d:19:0b:ce:58:7f:c7:35:66:c3:9a:
                    aa:e7:4b:ae:f8:1d:ca:df:ac:25:b0:6d:8a:c4:eb:
                    06:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:91:31:C5:6E:C0:94:A6:21:F1:9A:1B:AB:2B:9E:D9:61:1A:9F:DF
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/n5ExxW7AlKYh8Zobqyue2WEan98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:25::/48
                  2a0f:5707:aa60::/44
                  2a0f:5707:aaf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:60:a0:c8:ac:65:38:e3:9f:f4:b5:e7:86:5f:90:d6:4e:8e:
         eb:47:0e:27:75:bb:f2:9c:77:5c:28:44:bc:7b:1b:d0:51:78:
         5a:4c:fd:3f:50:cb:98:8b:51:7b:43:ad:ae:a8:9d:16:4c:79:
         a6:32:f4:ba:aa:0c:78:0b:0d:34:fd:d9:25:38:c1:45:41:54:
         70:2c:99:c6:2a:a7:9d:89:2f:a2:78:32:18:6d:d0:25:3f:22:
         aa:93:25:a6:8d:b9:b3:a8:13:db:e8:56:0a:93:6e:07:f3:e4:
         0c:dd:b4:3c:01:ff:cf:12:ef:10:d4:56:81:3f:73:e8:2e:4a:
         3e:db:54:9b:3d:61:68:60:7c:a9:0f:db:13:70:2f:e0:da:fd:
         7e:00:a3:d0:3f:1f:78:df:0d:8c:9a:71:6b:9c:cd:31:70:2e:
         7e:a3:24:4f:3e:e8:84:60:6c:04:0e:bd:f0:4b:5e:c9:de:49:
         10:e8:c6:87:d4:db:2a:1e:bd:2e:b2:09:20:43:26:c5:95:d4:
         7f:66:a2:08:d8:3a:6a:51:ed:c7:a3:7d:3e:6a:ba:59:fc:79:
         1b:34:0a:1d:6f:1b:9b:bf:52:b4:47:d3:31:47:c4:0f:12:da:
         8f:26:ad:f1:63:92:71:90:bd:15:c9:56:67:dc:35:31:d5:5f:
         a5:c9:87:ae
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQma/FrF5dvoXqtA8oEqYa6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjkxMzFjNTZlYzA5NGE2MjFmMTlhMWJhYjJiOWVkOTYxMWE5ZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJIDtOd28MccqZZq+tNuE825KMJ3
uCxO9k2uxijpgkQA1HuE6mIctotkIyDoGD4VcQq3kW5phwuk1RB/6nIkKHiP8sll
tfFRSki2D/cxYqh3Tf89xuEAm8FG3wyAPuAv1SumLVYRgq8ubE6EE8tDS64ATNL6
9+AgJdhJeugPa5ZM6eX2ukLa+3V2YriFmv2lfA1tz3rE66lUuZVa7oUZAaVMU9Y0
5LYWFVQ8xm5cguTtXVN5udDW+zaiTh34E4OkpUNeL5cDess7nbiLNKtHxSVkMKLI
a4cI6nY3phe1LaTGjMeVDRkLzlh/xzVmw5qq50uu+B3K36wlsG2KxOsGFQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ+RMcVuwJSmIfGaG6srntlhGp/fMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvbjVFeHhXN0FsS1loOFpvYnF5dWUyV0Vhbjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg9XBwAl
AwcEKg9XB6pgAwcEKg9XB6rwMA0GCSqGSIb3DQEBCwUAA4IBAQBMYKDIrGU445/0
teeGX5DWTo7rRw4ndbvynHdcKES8exvQUXhaTP0/UMuYi1F7Q62uqJ0WTHmmMvS6
qgx4Cw00/dklOMFFQVRwLJnGKqediS+ieDIYbdAlPyKqkyWmjbmzqBPb6FYKk24H
8+QM3bQ8Af/PEu8Q1FaBP3PoLko+21SbPWFoYHypD9sTcC/g2v1+AKPQPx943w2M
mnFrnM0xcC5+oyRPPuiEYGwEDr3wS17J3kkQ6MaH1NsqHr0usgkgQybFldR/ZqII
2DpqUe3Ho30+arpZ/HkbNAodbxubv1K0R9MxR8QPEtqPJq3xY5JxkL0VyVZn3DUx
1V+lyYeu
-----END CERTIFICATE-----