Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/CAoRm_NPK8PfeGJv38H3DAAqgwY.roa
File:                     CAoRm_NPK8PfeGJv38H3DAAqgwY.roa (raw, json)
Hash identifier:          EdFjhhEvB+nVaMBUtV2CyFZBHaxTW29TZ7K1aFMV1ck=
Subject key identifier:   08:0A:11:9B:F3:4F:2B:C3:DF:78:62:6F:DF:C1:F7:0C:00:2A:83:06
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01956BF0878907925E2B63DCE6C136507EAD
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/CAoRm_NPK8PfeGJv38H3DAAqgwY.roa
Signing time:             Thu 06 Mar 2025 14:51:20 +0000
ROA not before:           Thu 06 Mar 2025 14:51:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202496
IP address blocks:        2a11:2500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6b:f0:87:89:07:92:5e:2b:63:dc:e6:c1:36:50:7e:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Mar  6 14:51:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=080a119bf34f2bc3df78626fdfc1f70c002a8306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:84:18:af:a3:27:d4:5d:6f:e3:f8:e5:4a:17:
                    76:e2:a0:c8:cc:32:e6:e2:6a:39:89:c0:91:57:3f:
                    64:de:91:f9:63:bd:6a:73:74:c0:a3:91:fa:c1:8a:
                    5b:dd:22:52:74:93:bf:a7:67:fa:f1:78:c3:d2:17:
                    59:1f:42:7f:f6:d8:ab:f1:eb:42:c9:30:bf:c2:07:
                    05:03:5a:29:79:61:84:9c:37:d8:49:4c:05:74:ca:
                    41:39:94:0b:be:e7:b4:2a:e2:6b:bd:91:45:31:05:
                    0e:00:6f:dc:7c:2b:9a:83:45:ea:92:cb:7f:b2:1a:
                    db:54:58:ef:18:0f:1d:57:74:31:7a:6d:ef:d2:40:
                    f4:4b:31:03:7a:8d:59:03:95:f0:32:d7:ef:a6:ac:
                    b3:66:51:d4:70:5c:88:84:c1:74:3f:3c:cf:bb:4d:
                    2e:59:69:dc:7a:5e:65:b8:5d:2d:4e:bb:bb:ed:ec:
                    4b:e9:7a:a6:1a:0c:16:ec:51:3a:64:4a:ee:ff:0a:
                    07:c3:42:be:9b:24:a4:61:50:61:4b:96:d5:dd:f7:
                    9e:59:07:9d:9b:ec:86:a6:6a:45:1b:2d:e4:99:25:
                    a9:97:9e:cf:d5:06:b4:60:61:2c:91:b3:45:27:0a:
                    c4:02:70:15:20:9a:69:4f:46:d7:b8:db:2d:ba:53:
                    5a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:0A:11:9B:F3:4F:2B:C3:DF:78:62:6F:DF:C1:F7:0C:00:2A:83:06
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/CAoRm_NPK8PfeGJv38H3DAAqgwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2500::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:26:e9:ad:2b:1f:66:6c:3a:18:df:d4:72:c4:31:fc:51:4e:
         ac:71:a7:b6:50:6b:83:25:27:84:e6:c9:8a:2a:9b:44:b1:b6:
         c3:17:a4:a5:14:b9:33:f5:6a:c4:36:e8:6e:91:6f:31:9e:6c:
         68:5c:87:64:06:f2:8e:42:8b:f4:6a:b3:88:b3:c3:15:7e:77:
         b0:4e:f5:ec:55:fc:9d:c9:e0:21:b3:7a:ba:1a:95:52:52:84:
         67:1b:71:91:27:d0:5a:ca:aa:f2:e4:0c:35:f9:43:31:18:0a:
         88:a7:90:40:18:36:7a:12:eb:6c:f4:d0:39:01:f8:77:43:b9:
         91:44:05:6d:9b:6d:b5:6b:87:97:e3:d0:ac:ba:80:01:79:df:
         f6:3d:df:94:95:f4:d8:2d:3d:0d:26:bd:1c:5d:86:33:63:e5:
         b1:50:c2:26:f7:62:46:90:7e:c9:1c:c5:76:c7:84:ad:9d:c5:
         93:0e:29:dd:40:2b:cc:7c:fd:4b:2d:98:ec:37:0c:74:9c:c7:
         2a:0e:9c:89:43:c4:2d:bb:8d:3a:c1:24:50:d0:10:4e:1b:7e:
         7d:70:b3:11:ca:87:86:77:ec:f4:39:d1:ab:71:1f:fd:0e:fa:
         29:b6:5f:e3:50:4f:73:5e:7b:a3:bd:b0:c3:ce:4e:06:f9:9d:
         1f:83:df:27
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVr8IeJB5JeK2Pc5sE2UH6tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMzA2MTQ1MTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODBhMTE5YmYzNGYyYmMzZGY3ODYyNmZkZmMxZjcwYzAwMmE4MzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIQYr6Mn1F1v4/jlShd24qDIzDLm
4mo5icCRVz9k3pH5Y71qc3TAo5H6wYpb3SJSdJO/p2f68XjD0hdZH0J/9tir8etC
yTC/wgcFA1opeWGEnDfYSUwFdMpBOZQLvue0KuJrvZFFMQUOAG/cfCuag0Xqkst/
shrbVFjvGA8dV3Qxem3v0kD0SzEDeo1ZA5XwMtfvpqyzZlHUcFyIhMF0PzzPu00u
WWncel5luF0tTru77exL6XqmGgwW7FE6ZEru/woHw0K+mySkYVBhS5bV3feeWQed
m+yGpmpFGy3kmSWpl57P1Qa0YGEskbNFJwrEAnAVIJppT0bXuNstulNa/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAgKEZvzTyvD33hib9/B9wwAKoMGMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvQ0FvUm1fTlBLOFBmZUdKdjM4SDNEQUFxZ3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhElADAN
BgkqhkiG9w0BAQsFAAOCAQEALibprSsfZmw6GN/UcsQx/FFOrHGntlBrgyUnhObJ
iiqbRLG2wxekpRS5M/VqxDbobpFvMZ5saFyHZAbyjkKL9GqziLPDFX53sE717FX8
ncngIbN6uhqVUlKEZxtxkSfQWsqq8uQMNflDMRgKiKeQQBg2ehLrbPTQOQH4d0O5
kUQFbZtttWuHl+PQrLqAAXnf9j3flJX02C09DSa9HF2GM2PlsVDCJvdiRpB+yRzF
dseErZ3Fkw4p3UArzHz9Sy2Y7DcMdJzHKg6ciUPELbuNOsEkUNAQTht+fXCzEcqH
hnfs9DnRq3Ef/Q76KbZf41BPc157o72ww85OBvmdH4PfJw==
-----END CERTIFICATE-----