Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/Z6_bYbvmyerAM_VgnIaDcW67oTI.roa
File:                     Z6_bYbvmyerAM_VgnIaDcW67oTI.roa (raw, json)
Hash identifier:          QWDvfYg2hEe0SCxsF7DniMhJuC7NKbaUI8wFEj7S2ns=
Subject key identifier:   67:AF:DB:61:BB:E6:C9:EA:C0:33:F5:60:9C:86:83:71:6E:BB:A1:32
Certificate issuer:       /CN=98c9c3189bec1379311bd1353fa9749a68dd992d
Certificate serial:       0195CA3ADBF9616B9939A184FC8A707A15A8
Authority key identifier: 98:C9:C3:18:9B:EC:13:79:31:1B:D1:35:3F:A9:74:9A:68:DD:99:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMnDGJvsE3kxG9E1P6l0mmjdmS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/Z6_bYbvmyerAM_VgnIaDcW67oTI.roa
Signing time:             Mon 24 Mar 2025 22:16:49 +0000
ROA not before:           Mon 24 Mar 2025 22:16:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214011
IP address blocks:        2a0f:2880:500::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/mMnDGJvsE3kxG9E1P6l0mmjdmS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/mMnDGJvsE3kxG9E1P6l0mmjdmS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mMnDGJvsE3kxG9E1P6l0mmjdmS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ca:3a:db:f9:61:6b:99:39:a1:84:fc:8a:70:7a:15:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98c9c3189bec1379311bd1353fa9749a68dd992d
        Validity
            Not Before: Mar 24 22:16:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67afdb61bbe6c9eac033f5609c8683716ebba132
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b9:c4:1e:07:9b:ae:85:90:f5:0a:bb:24:b8:
                    e3:5e:27:cd:b5:dc:8d:5c:d3:37:51:23:ef:7d:c2:
                    54:48:12:8e:e5:7d:76:36:e3:09:02:62:33:87:e0:
                    2a:b8:c9:24:1e:36:d6:26:12:af:ad:1f:4b:07:38:
                    01:45:f3:b6:8e:95:13:75:fb:0f:7d:d0:5a:4d:63:
                    e4:e7:a4:9b:27:9f:6f:4d:a0:76:84:a5:38:d8:34:
                    c1:29:b7:fd:06:af:67:4d:4e:49:53:7d:f8:3d:a8:
                    81:1d:f8:77:47:d8:28:36:3f:b0:1a:e4:f2:df:e9:
                    96:4f:bb:6c:e6:d7:fb:3b:41:c9:fd:70:c1:f0:05:
                    19:42:fc:3f:6b:94:a7:a2:f0:97:84:f3:ce:44:87:
                    2e:0d:55:d6:e2:f7:ea:aa:bf:76:9f:87:86:59:20:
                    f4:38:f3:06:5e:db:60:cc:9c:57:57:83:41:55:4f:
                    5b:ea:bd:f9:f2:3b:20:7a:12:10:78:3d:f7:17:b1:
                    b4:aa:42:8c:80:5a:c5:98:d4:86:c6:11:05:3d:71:
                    8e:48:c0:37:d5:c5:86:92:47:c0:41:b6:b1:22:9f:
                    d3:10:50:08:96:13:fa:56:0e:41:6b:51:63:4e:87:
                    39:a1:e3:6d:7c:26:81:e0:12:08:33:5f:41:92:54:
                    96:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:AF:DB:61:BB:E6:C9:EA:C0:33:F5:60:9C:86:83:71:6E:BB:A1:32
            X509v3 Authority Key Identifier:
                keyid:98:C9:C3:18:9B:EC:13:79:31:1B:D1:35:3F:A9:74:9A:68:DD:99:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMnDGJvsE3kxG9E1P6l0mmjdmS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/Z6_bYbvmyerAM_VgnIaDcW67oTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/mMnDGJvsE3kxG9E1P6l0mmjdmS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:2880:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         b0:8c:57:99:51:02:4e:18:35:3e:ad:f2:f2:0d:34:8f:2e:b3:
         6a:da:f5:db:a4:8e:e6:3f:12:66:50:3e:e0:3a:50:3b:fa:b2:
         d9:8f:22:b7:1e:51:2b:f4:2d:0c:78:eb:ed:ac:3f:dd:dd:ad:
         89:0f:68:5c:ad:43:e1:51:bc:0b:90:79:9a:29:e6:09:40:53:
         fe:d2:b1:97:b2:b0:0d:13:bd:51:02:46:36:55:00:7c:ab:26:
         74:39:b9:78:06:46:6e:75:9b:8b:8f:0e:c7:62:6f:97:f0:ad:
         2c:88:f9:6b:79:ea:e3:33:4d:52:6b:1a:04:54:2b:06:46:74:
         d9:ae:d7:0f:27:33:5f:46:0a:29:b7:df:ae:70:33:4c:01:e3:
         cb:00:7b:05:f1:54:4b:8f:ea:d0:c8:82:ab:ed:fe:f6:c4:8a:
         9b:8e:37:41:7d:92:11:d0:f3:6b:25:30:80:06:fa:fa:ab:f4:
         9f:9b:c0:c0:58:bf:7b:ec:81:0c:ce:b1:ce:7c:0e:60:5c:63:
         a8:71:60:36:93:a9:39:4e:3e:0a:2c:1f:e1:6f:aa:9b:cb:40:
         dc:ad:d7:bf:70:1e:60:a4:85:ad:38:08:13:db:5b:3f:95:cd:
         0f:eb:a8:ea:66:ea:6a:72:fd:59:cc:a3:d1:64:77:be:dc:15:
         42:d3:16:d2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZXKOtv5YWuZOaGE/IpwehWoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzljMzE4OWJlYzEzNzkzMTFiZDEzNTNmYTk3NDlhNjhk
ZDk5MmQwHhcNMjUwMzI0MjIxNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2FmZGI2MWJiZTZjOWVhYzAzM2Y1NjA5Yzg2ODM3MTZlYmJhMTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7nEHgebroWQ9Qq7JLjjXifNtdyN
XNM3USPvfcJUSBKO5X12NuMJAmIzh+AquMkkHjbWJhKvrR9LBzgBRfO2jpUTdfsP
fdBaTWPk56SbJ59vTaB2hKU42DTBKbf9Bq9nTU5JU334PaiBHfh3R9goNj+wGuTy
3+mWT7ts5tf7O0HJ/XDB8AUZQvw/a5SnovCXhPPORIcuDVXW4vfqqr92n4eGWSD0
OPMGXttgzJxXV4NBVU9b6r358jsgehIQeD33F7G0qkKMgFrFmNSGxhEFPXGOSMA3
1cWGkkfAQbaxIp/TEFAIlhP6Vg5Ba1FjToc5oeNtfCaB4BIIM19BklSWiwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGev22G75snqwDP1YJyGg3Fuu6EyMB8GA1UdIwQY
MBaAFJjJwxib7BN5MRvRNT+pdJpo3ZktMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1uREdKdnNFM2t4RzlFMVA2bDBtbWpkbVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83MDEzOWQtMWU3NS00MGI1LTkxNmEt
OWM4MTZhNDA0OTBlLzEvWjZfYllidm15ZXJBTV9WZ25JYURjVzY3b1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83MDEzOWQtMWU3NS00MGI1LTkxNmEtOWM4MTZhNDA0OTBl
LzEvbU1uREdKdnNFM2t4RzlFMVA2bDBtbWpkbVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg8ogAUw
DQYJKoZIhvcNAQELBQADggEBALCMV5lRAk4YNT6t8vINNI8us2ra9dukjuY/EmZQ
PuA6UDv6stmPIrceUSv0LQx46+2sP93drYkPaFytQ+FRvAuQeZop5glAU/7SsZey
sA0TvVECRjZVAHyrJnQ5uXgGRm51m4uPDsdib5fwrSyI+Wt56uMzTVJrGgRUKwZG
dNmu1w8nM19GCim3365wM0wB48sAewXxVEuP6tDIgqvt/vbEipuON0F9khHQ82sl
MIAG+vqr9J+bwMBYv3vsgQzOsc58DmBcY6hxYDaTqTlOPgosH+FvqpvLQNyt179w
HmCkha04CBPbWz+VzQ/rqOpm6mpy/VnMo9Fkd77cFULTFtI=
-----END CERTIFICATE-----