Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/m3kbgVGInZoxkGlQeAONX97frV4.roa
File:                     m3kbgVGInZoxkGlQeAONX97frV4.roa (raw, json)
Hash identifier:          8gUwO/0n4gQZPZEJMORDD8t/sRehPTtCRHIzAdAWNug=
Subject key identifier:   9B:79:1B:81:51:88:9D:9A:31:90:69:50:78:03:8D:5F:DE:DF:AD:5E
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       0195B3E77445619F46E2DC8FB756F6D98B4F
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/m3kbgVGInZoxkGlQeAONX97frV4.roa
Signing time:             Thu 20 Mar 2025 14:14:04 +0000
ROA not before:           Thu 20 Mar 2025 14:14:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214515
IP address blocks:        2a05:9080:6::/48 maxlen: 48
                          2a05:9080:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b3:e7:74:45:61:9f:46:e2:dc:8f:b7:56:f6:d9:8b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Mar 20 14:14:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b791b8151889d9a3190695078038d5fdedfad5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a1:71:c3:ec:ac:b2:42:71:aa:fc:aa:ea:c5:
                    a2:7b:59:39:ef:02:d8:86:45:68:a1:48:ce:83:af:
                    26:37:0d:ad:fc:3f:b6:43:fb:11:36:6b:16:d9:35:
                    ae:8b:27:8f:cd:9e:a1:71:d6:7e:e5:19:da:90:a4:
                    35:d0:56:0f:72:a4:e4:63:5f:c6:c0:74:1e:1a:5c:
                    00:58:9b:03:3d:20:df:37:6f:ac:02:ce:d7:87:a2:
                    63:b2:94:d0:ab:2b:3f:3a:17:16:b6:df:f6:80:34:
                    0a:a9:46:40:c9:e4:7d:03:05:e7:fc:46:3e:3b:b8:
                    e0:62:eb:01:62:dd:ae:98:c3:c8:aa:d9:fb:9f:03:
                    c6:5a:17:23:31:cf:e1:cb:98:6b:97:a6:65:03:19:
                    e6:d7:c6:ca:f1:a1:be:bd:e6:90:d3:66:f4:3b:b7:
                    12:68:51:6d:35:0f:de:b9:aa:b2:6a:0f:1e:cc:db:
                    00:fa:6b:b3:b8:a6:d8:e3:36:32:07:13:48:d7:e5:
                    1f:92:2d:38:ed:f8:ad:ad:73:13:a7:87:d6:dc:6e:
                    98:62:dc:ec:ca:ef:d0:22:71:86:cd:34:37:13:12:
                    1d:7b:9c:7b:eb:a2:63:e6:ff:00:01:51:44:8d:30:
                    4c:f0:1b:2e:2e:58:6c:c6:3f:48:47:0c:1e:6a:77:
                    9e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:79:1B:81:51:88:9D:9A:31:90:69:50:78:03:8D:5F:DE:DF:AD:5E
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/m3kbgVGInZoxkGlQeAONX97frV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:6::/48
                  2a05:9080:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:c8:bb:1c:88:9a:1f:0f:6d:b7:5d:58:a7:80:5e:11:9b:27:
         b5:ae:ce:22:dc:b5:23:b4:12:2d:84:77:42:9d:87:66:57:e7:
         22:2a:d2:8d:ca:1b:8f:a0:ca:cf:eb:bc:85:dc:9b:8d:16:af:
         35:7d:21:64:bd:85:45:65:b9:3a:44:06:fa:44:37:ba:bf:00:
         0f:f9:90:2a:bd:27:10:7b:19:67:98:8b:fc:7a:f0:fc:63:c7:
         11:d8:f9:38:bc:c9:78:51:fd:5b:d6:44:e7:68:6f:0b:22:49:
         43:70:12:f9:6b:c6:f4:2d:a5:d5:e3:84:54:bc:5d:4e:98:c6:
         f7:71:85:6f:bb:d5:b8:11:a0:0a:9e:00:d2:da:22:f5:89:57:
         eb:b9:22:23:15:04:43:bf:0f:37:70:8d:79:b7:44:22:e8:54:
         df:ca:43:9a:8c:ce:e2:f6:ae:76:1c:9c:6a:22:d0:1d:53:c2:
         04:13:0d:6f:3a:76:fc:7a:58:ef:72:37:bd:ce:ed:e4:97:d7:
         bc:d1:d7:fd:81:5e:40:e9:af:ba:0d:90:3f:e3:bc:14:b8:94:
         98:f2:77:38:97:74:a1:ec:3d:4a:9a:05:5f:0a:d2:2e:93:7a:
         7b:e2:ff:9d:c8:8f:1d:8a:0a:8e:d6:b6:31:03:2a:ac:27:ed:
         21:3c:a2:63
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWz53RFYZ9G4tyPt1b22YtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMzIwMTQxNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjc5MWI4MTUxODg5ZDlhMzE5MDY5NTA3ODAzOGQ1ZmRlZGZhZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qFxw+ysskJxqvyq6sWie1k57wLY
hkVooUjOg68mNw2t/D+2Q/sRNmsW2TWuiyePzZ6hcdZ+5RnakKQ10FYPcqTkY1/G
wHQeGlwAWJsDPSDfN2+sAs7Xh6JjspTQqys/OhcWtt/2gDQKqUZAyeR9AwXn/EY+
O7jgYusBYt2umMPIqtn7nwPGWhcjMc/hy5hrl6ZlAxnm18bK8aG+veaQ02b0O7cS
aFFtNQ/euaqyag8ezNsA+muzuKbY4zYyBxNI1+Ufki047fitrXMTp4fW3G6YYtzs
yu/QInGGzTQ3ExIde5x766Jj5v8AAVFEjTBM8BsuLlhsxj9IRwweaneerQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJt5G4FRiJ2aMZBpUHgDjV/e361eMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvbTNrYmdWR0luWm94a0dsUWVBT05YOTdmclY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgWQgAAG
AwcAKgWQgAAJMA0GCSqGSIb3DQEBCwUAA4IBAQCRyLsciJofD223XVingF4Rmye1
rs4i3LUjtBIthHdCnYdmV+ciKtKNyhuPoMrP67yF3JuNFq81fSFkvYVFZbk6RAb6
RDe6vwAP+ZAqvScQexlnmIv8evD8Y8cR2Pk4vMl4Uf1b1kTnaG8LIklDcBL5a8b0
LaXV44RUvF1OmMb3cYVvu9W4EaAKngDS2iL1iVfruSIjFQRDvw83cI15t0Qi6FTf
ykOajM7i9q52HJxqItAdU8IEEw1vOnb8eljvcje9zu3kl9e80df9gV5A6a+6DZA/
47wUuJSY8nc4l3Sh7D1KmgVfCtIuk3p74v+dyI8digqO1rYxAyqsJ+0hPKJj
-----END CERTIFICATE-----