Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/PShglmQTXkIQHkPe8FzwFmHj5JU.roa
File:                     PShglmQTXkIQHkPe8FzwFmHj5JU.roa (raw, json)
Hash identifier:          /e+wgkBq61bmma1KHWS9Osz5g9pecTkL2xoyoNPkRJQ=
Subject key identifier:   3D:28:60:96:64:13:5E:42:10:1E:43:DE:F0:5C:F0:16:61:E3:E4:95
Certificate issuer:       /CN=805db5678139e2eeace89b5ee9982c35449c0b3b
Certificate serial:       0194221F9ABD87811F0F60D351CED8AF970A
Authority key identifier: 80:5D:B5:67:81:39:E2:EE:AC:E8:9B:5E:E9:98:2C:35:44:9C:0B:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gF21Z4E54u6s6Jte6ZgsNUScCzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/PShglmQTXkIQHkPe8FzwFmHj5JU.roa
Signing time:             Wed 01 Jan 2025 13:48:03 +0000
ROA not before:           Wed 01 Jan 2025 13:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209638
IP address blocks:        2a07:900::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/gF21Z4E54u6s6Jte6ZgsNUScCzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/gF21Z4E54u6s6Jte6ZgsNUScCzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gF21Z4E54u6s6Jte6ZgsNUScCzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9a:bd:87:81:1f:0f:60:d3:51:ce:d8:af:97:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=805db5678139e2eeace89b5ee9982c35449c0b3b
        Validity
            Not Before: Jan  1 13:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d28609664135e42101e43def05cf01661e3e495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:70:a7:c0:5b:bc:58:25:61:63:da:0f:f6:68:
                    62:db:53:54:bd:55:83:cb:04:80:d8:a7:4a:52:3d:
                    f1:87:40:7d:6a:0c:6e:3d:f5:31:bb:cc:d2:5d:55:
                    b5:aa:bf:d4:a1:66:73:9e:c3:e8:a9:c3:16:1c:92:
                    56:64:70:3a:0f:18:3c:72:bf:26:13:dd:c8:dd:69:
                    6e:48:56:aa:f9:95:95:85:70:6f:1f:6a:96:a8:d7:
                    b1:e7:a3:e1:8e:b8:18:59:e6:4a:1e:68:5e:ef:16:
                    e0:94:2d:43:53:b7:03:9e:de:fd:81:85:39:8f:2c:
                    f7:76:4e:ce:d6:72:96:a1:b4:77:0c:bc:28:9d:fa:
                    46:76:75:4c:c3:60:f9:5e:58:36:2d:8a:01:b6:f8:
                    e3:09:fc:da:93:b8:6d:69:c9:c0:63:3f:ae:37:1e:
                    d5:ca:a9:4f:77:e3:3e:d5:c7:77:b5:e1:6c:67:b5:
                    8e:a6:9b:ca:7b:72:67:b0:41:97:80:46:9c:aa:58:
                    38:57:79:38:ed:a3:c3:0b:c7:d2:95:b0:87:29:aa:
                    10:2b:e3:3e:79:3e:a0:a6:91:24:5f:53:99:98:33:
                    15:9a:87:71:01:ed:9f:56:20:6b:2a:17:77:8e:7e:
                    d0:58:be:74:76:4f:98:ec:19:af:08:be:67:7a:a6:
                    46:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:28:60:96:64:13:5E:42:10:1E:43:DE:F0:5C:F0:16:61:E3:E4:95
            X509v3 Authority Key Identifier:
                keyid:80:5D:B5:67:81:39:E2:EE:AC:E8:9B:5E:E9:98:2C:35:44:9C:0B:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gF21Z4E54u6s6Jte6ZgsNUScCzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/PShglmQTXkIQHkPe8FzwFmHj5JU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/3dd082-c503-45b8-9b07-922923e898e6/1/gF21Z4E54u6s6Jte6ZgsNUScCzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:900::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:07:71:b0:89:ea:0f:39:bb:04:9e:50:21:08:3c:9d:94:74:
         33:2e:96:40:0b:38:ac:b8:7f:7b:d8:18:9c:43:e4:30:b8:50:
         25:18:f9:63:1e:bd:63:f4:61:fb:c1:0a:20:ad:e1:e5:9f:40:
         96:6a:14:1c:23:93:8e:e1:9a:f4:9d:fe:d4:89:97:5f:fa:f9:
         4d:0e:07:da:97:a7:38:2e:44:c5:5d:b4:5d:7f:73:e9:4b:65:
         bc:0e:70:bd:ec:d6:50:e3:36:98:68:32:e3:f2:25:c7:08:e8:
         87:b5:d6:ed:20:c9:91:a7:c1:7e:f6:2f:22:80:92:65:e4:e0:
         1e:38:33:a0:09:37:31:da:99:2c:71:13:ff:1a:ef:2a:64:68:
         67:4c:f7:0e:aa:2e:79:d9:dd:3e:98:46:67:fc:0a:c0:01:58:
         62:be:03:8a:47:d9:66:e9:f7:9f:7b:48:ab:fe:5d:75:46:10:
         98:37:8f:40:65:7c:60:93:30:9d:52:4b:12:ef:02:ab:8a:45:
         50:a9:43:9b:32:19:b0:73:97:41:7b:63:95:7f:47:59:89:1e:
         53:fe:2c:16:f2:14:cf:a9:72:81:76:66:a7:82:a4:2f:7d:0f:
         77:e3:7f:2c:68:34:dc:03:ff:a9:ec:56:f8:00:a8:86:78:26:
         5d:b6:27:99
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH5q9h4EfD2DTUc7Yr5cKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNWRiNTY3ODEzOWUyZWVhY2U4OWI1ZWU5OTgyYzM1NDQ5
YzBiM2IwHhcNMjUwMTAxMTM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDI4NjA5NjY0MTM1ZTQyMTAxZTQzZGVmMDVjZjAxNjYxZTNlNDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonCnwFu8WCVhY9oP9mhi21NUvVWD
ywSA2KdKUj3xh0B9agxuPfUxu8zSXVW1qr/UoWZznsPoqcMWHJJWZHA6Dxg8cr8m
E93I3WluSFaq+ZWVhXBvH2qWqNex56PhjrgYWeZKHmhe7xbglC1DU7cDnt79gYU5
jyz3dk7O1nKWobR3DLwonfpGdnVMw2D5Xlg2LYoBtvjjCfzak7htacnAYz+uNx7V
yqlPd+M+1cd3teFsZ7WOppvKe3JnsEGXgEacqlg4V3k47aPDC8fSlbCHKaoQK+M+
eT6gppEkX1OZmDMVmodxAe2fViBrKhd3jn7QWL50dk+Y7BmvCL5neqZG7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD0oYJZkE15CEB5D3vBc8BZh4+SVMB8GA1UdIwQY
MBaAFIBdtWeBOeLurOibXumYLDVEnAs7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0YyMVo0RTU0dTZzNkp0ZTZaZ3NOVVNjQ3pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8zZGQwODItYzUwMy00NWI4LTliMDct
OTIyOTIzZTg5OGU2LzEvUFNoZ2xtUVRYa0lRSGtQZThGendGbUhqNUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8zZGQwODItYzUwMy00NWI4LTliMDctOTIyOTIzZTg5OGU2
LzEvZ0YyMVo0RTU0dTZzNkp0ZTZaZ3NOVVNjQ3pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgcJADAN
BgkqhkiG9w0BAQsFAAOCAQEAQAdxsInqDzm7BJ5QIQg8nZR0My6WQAs4rLh/e9gY
nEPkMLhQJRj5Yx69Y/Rh+8EKIK3h5Z9AlmoUHCOTjuGa9J3+1ImXX/r5TQ4H2pen
OC5ExV20XX9z6UtlvA5wvezWUOM2mGgy4/Ilxwjoh7XW7SDJkafBfvYvIoCSZeTg
HjgzoAk3MdqZLHET/xrvKmRoZ0z3DqouedndPphGZ/wKwAFYYr4DikfZZun3n3tI
q/5ddUYQmDePQGV8YJMwnVJLEu8Cq4pFUKlDmzIZsHOXQXtjlX9HWYkeU/4sFvIU
z6lygXZmp4KkL30Pd+N/LGg03AP/qexW+ACohngmXbYnmQ==
-----END CERTIFICATE-----