Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/fBloLefjZBz_GK_XvFwW7TJeZ60.roa
File:                     fBloLefjZBz_GK_XvFwW7TJeZ60.roa (raw, json)
Hash identifier:          qdjyv0uS5BTxA4SRZAdyy0Olotu7A+RGHk+rwWGE3uE=
Subject key identifier:   7C:19:68:2D:E7:E3:64:1C:FF:18:AF:D7:BC:5C:16:ED:32:5E:67:AD
Certificate issuer:       /CN=94948e5f2fa04b222a6e96883b840f7124531556
Certificate serial:       0196FC7D08F0F75B810F6C3350C1FF414086
Authority key identifier: 94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/fBloLefjZBz_GK_XvFwW7TJeZ60.roa
Signing time:             Fri 23 May 2025 09:32:54 +0000
ROA not before:           Fri 23 May 2025 09:32:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36352
IP address blocks:        2a0e:df40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fc:7d:08:f0:f7:5b:81:0f:6c:33:50:c1:ff:41:40:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94948e5f2fa04b222a6e96883b840f7124531556
        Validity
            Not Before: May 23 09:32:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c19682de7e3641cff18afd7bc5c16ed325e67ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:31:a0:3a:15:cb:14:88:b3:55:b2:2b:5b:36:
                    77:76:0f:c3:ca:37:23:c3:f7:7f:1d:60:3e:9c:38:
                    4d:25:cb:6b:ee:e3:d5:98:8d:fd:f6:1d:8e:3a:69:
                    81:c3:8f:8f:a5:c2:3e:51:28:80:63:0f:60:5e:56:
                    01:a3:0b:02:2e:ce:17:03:59:52:7b:94:90:a4:41:
                    0e:81:27:40:0a:05:f1:c4:05:0d:7f:e3:ad:97:c2:
                    75:fc:8f:db:26:77:be:f1:28:04:22:ef:71:65:76:
                    27:6c:f3:98:35:04:b7:81:dc:ff:bf:e2:e2:10:cf:
                    d6:91:54:19:d3:4e:f7:36:a6:3b:b0:f7:69:be:d1:
                    ef:66:b1:9a:69:dd:c9:b9:37:62:81:34:a2:aa:d4:
                    85:dc:ad:ad:ac:85:ba:b2:9e:15:b1:53:76:b3:65:
                    74:fc:f3:05:eb:91:d2:27:c6:11:ea:f8:e1:f4:0f:
                    16:0f:28:57:e8:0c:da:78:dd:96:6d:2d:cc:de:dc:
                    2a:0f:32:bd:a2:b0:10:01:75:ea:58:b8:53:1c:d6:
                    53:a8:45:89:1b:92:38:58:5e:93:f1:d6:c1:2f:4b:
                    a9:ce:9b:13:c8:45:11:a9:f6:c8:5f:f5:60:52:f2:
                    d5:7c:ce:c5:36:b8:dd:69:46:59:5a:69:d7:a5:33:
                    81:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:19:68:2D:E7:E3:64:1C:FF:18:AF:D7:BC:5C:16:ED:32:5E:67:AD
            X509v3 Authority Key Identifier:
                keyid:94:94:8E:5F:2F:A0:4B:22:2A:6E:96:88:3B:84:0F:71:24:53:15:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJSOXy-gSyIqbpaIO4QPcSRTFVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/fBloLefjZBz_GK_XvFwW7TJeZ60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ec48be-9250-4f7c-9c87-641b8e60d3e2/1/lJSOXy-gSyIqbpaIO4QPcSRTFVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:df40::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:91:c7:bb:0a:ca:8b:df:e9:02:e3:08:04:65:98:c8:5e:23:
         e6:68:6e:e6:a1:4e:9e:a8:09:9f:86:de:ed:eb:a3:19:de:11:
         80:08:df:d4:ba:d4:0c:55:c7:8d:65:ae:e7:e9:8f:0e:6b:5a:
         99:bc:ae:a4:05:9e:2d:39:73:0a:3e:52:fa:87:34:f6:36:27:
         55:f3:55:a0:09:23:b5:43:89:72:17:0a:a2:6c:d8:1f:60:92:
         0e:c4:89:c3:b2:9c:b8:2e:f3:7b:11:ec:35:eb:37:c6:bf:9b:
         61:e3:23:d6:82:a2:82:72:68:47:2c:b4:85:db:9a:76:6d:ef:
         5e:24:39:2f:27:34:7f:fc:85:47:29:0a:1f:37:cf:68:e8:13:
         fd:f9:88:0a:65:01:43:6d:fd:65:a3:94:2e:f0:e8:9b:03:8c:
         71:16:9d:17:67:00:45:9d:d3:40:0a:e7:e2:30:29:c0:ce:63:
         28:38:a2:68:d2:2f:fa:8a:82:ac:8d:cf:bb:04:5f:5a:1c:1a:
         9d:d1:dc:32:96:e9:23:88:19:1a:8f:f1:a3:79:a6:c6:b8:d8:
         a7:60:61:5e:bf:62:06:1e:c1:64:5c:86:0e:38:06:ef:97:2a:
         99:2f:43:55:4b:b4:ce:d3:f3:cd:75:f4:60:b4:c7:3c:6c:ef:
         ad:be:6d:d4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZb8fQjw91uBD2wzUMH/QUCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OTQ4ZTVmMmZhMDRiMjIyYTZlOTY4ODNiODQwZjcxMjQ1
MzE1NTYwHhcNMjUwNTIzMDkzMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzE5NjgyZGU3ZTM2NDFjZmYxOGFmZDdiYzVjMTZlZDMyNWU2N2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjGgOhXLFIizVbIrWzZ3dg/Dyjcj
w/d/HWA+nDhNJctr7uPVmI399h2OOmmBw4+PpcI+USiAYw9gXlYBowsCLs4XA1lS
e5SQpEEOgSdACgXxxAUNf+Otl8J1/I/bJne+8SgEIu9xZXYnbPOYNQS3gdz/v+Li
EM/WkVQZ0073NqY7sPdpvtHvZrGaad3JuTdigTSiqtSF3K2trIW6sp4VsVN2s2V0
/PMF65HSJ8YR6vjh9A8WDyhX6AzaeN2WbS3M3twqDzK9orAQAXXqWLhTHNZTqEWJ
G5I4WF6T8dbBL0upzpsTyEURqfbIX/VgUvLVfM7FNrjdaUZZWmnXpTOB3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHwZaC3n42Qc/xiv17xcFu0yXmetMB8GA1UdIwQY
MBaAFJSUjl8voEsiKm6WiDuED3EkUxVWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODct
NjQxYjhlNjBkM2UyLzEvZkJsb0xlZmpaQnpfR0tfWHZGd1c3VEplWjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9lYzQ4YmUtOTI1MC00ZjdjLTljODctNjQxYjhlNjBkM2Uy
LzEvbEpTT1h5LWdTeUlxYnBhSU80UVBjU1JURlZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7fQDAN
BgkqhkiG9w0BAQsFAAOCAQEALpHHuwrKi9/pAuMIBGWYyF4j5mhu5qFOnqgJn4be
7eujGd4RgAjf1LrUDFXHjWWu5+mPDmtambyupAWeLTlzCj5S+oc09jYnVfNVoAkj
tUOJchcKomzYH2CSDsSJw7KcuC7zexHsNes3xr+bYeMj1oKignJoRyy0hduadm3v
XiQ5Lyc0f/yFRykKHzfPaOgT/fmICmUBQ239ZaOULvDomwOMcRadF2cARZ3TQArn
4jApwM5jKDiiaNIv+oqCrI3PuwRfWhwandHcMpbpI4gZGo/xo3mmxrjYp2BhXr9i
Bh7BZFyGDjgG75cqmS9DVUu0ztPzzXX0YLTHPGzvrb5t1A==
-----END CERTIFICATE-----