Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/NFWjygI2rAHaMJj7Z6tY8LI6RSU.roa
File:                     NFWjygI2rAHaMJj7Z6tY8LI6RSU.roa (raw, json)
Hash identifier:          Wf17fZC0UTpOrO8FEQkt8WIw3AidHqnd2AFjCzBPkXI=
Subject key identifier:   34:55:A3:CA:02:36:AC:01:DA:30:98:FB:67:AB:58:F0:B2:3A:45:25
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       01968925AF685BE50D35CC5AD6A2D5C16A90
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/NFWjygI2rAHaMJj7Z6tY8LI6RSU.roa
Signing time:             Thu 01 May 2025 00:01:10 +0000
ROA not before:           Thu 01 May 2025 00:01:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0f:b241:40::/44 maxlen: 48
                          2a0f:b242:6000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:89:25:af:68:5b:e5:0d:35:cc:5a:d6:a2:d5:c1:6a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: May  1 00:01:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3455a3ca0236ac01da3098fb67ab58f0b23a4525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c4:60:ae:8a:9d:c9:20:1f:c0:88:c9:05:e2:
                    63:68:52:3b:a2:8b:b6:e9:b8:59:c1:35:38:e6:30:
                    ef:f6:01:95:a2:14:d3:bb:5b:61:23:6e:90:9e:2e:
                    a5:f7:5e:e3:1a:9c:f2:79:c8:9b:0f:f2:3f:7e:2f:
                    45:0f:5d:75:54:ce:98:79:c8:39:4e:9c:e3:70:35:
                    27:c1:c7:18:fd:78:1f:1c:93:cc:87:c8:1a:22:50:
                    35:b6:22:81:11:a4:7c:82:e4:3f:73:69:90:af:b2:
                    16:ac:95:74:98:c0:0f:b8:4e:94:80:ba:ab:33:a7:
                    54:71:cd:19:e1:0c:17:f9:3c:4c:9e:1b:55:82:99:
                    7f:72:60:6b:c9:a3:dd:a0:55:60:2c:15:91:73:6e:
                    1c:e6:a0:82:4a:9d:84:e0:7c:80:8b:06:9c:86:21:
                    b5:0f:d5:72:0c:4e:d1:47:f4:c1:f2:16:18:8b:f9:
                    1e:cd:69:ad:5f:f3:c0:4c:17:ef:9c:90:ed:f5:1f:
                    d6:ad:9b:a2:ef:6a:2c:0f:60:7d:e5:bd:90:30:79:
                    cc:67:c1:85:20:5a:99:8b:87:5d:6b:b4:a6:0d:6a:
                    53:ce:3d:0a:45:d3:38:8b:b0:89:78:8a:d7:7d:66:
                    ec:dd:29:0f:6e:68:a1:84:93:3a:dd:0a:f7:43:48:
                    45:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:55:A3:CA:02:36:AC:01:DA:30:98:FB:67:AB:58:F0:B2:3A:45:25
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/NFWjygI2rAHaMJj7Z6tY8LI6RSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:40::/44
                  2a0f:b242:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         5a:92:7a:8e:8d:2b:e9:d2:e0:f9:2a:ca:47:cd:8d:34:2e:65:
         88:7b:fa:2a:89:cd:60:61:bb:03:52:ef:a3:29:bd:cc:9a:dd:
         44:f8:91:30:42:19:4b:7c:16:c4:15:33:19:90:1e:42:ab:2e:
         16:f0:99:f5:30:28:3c:b4:20:86:39:7c:05:e8:35:6f:c2:da:
         3a:cd:0c:46:09:7c:db:28:a4:dc:f4:80:df:aa:77:3b:d5:d2:
         5f:d1:00:17:16:8a:d1:c1:5f:ea:cb:09:32:ec:74:26:1d:80:
         ba:fd:22:a9:ac:d9:96:f1:a1:83:32:5d:42:1b:e3:de:39:66:
         24:61:0e:80:91:36:f1:cd:8a:23:35:6d:d2:02:a8:eb:db:b0:
         8f:18:24:0b:50:66:d7:73:7a:42:c3:72:d7:e5:23:fc:c0:d5:
         ce:58:6b:f1:ed:8d:d6:6d:4a:f0:4a:80:ca:dc:64:a3:65:5b:
         59:bc:e0:10:7f:fa:12:5d:00:38:00:c6:eb:20:d9:b8:8b:5c:
         25:26:24:ec:20:53:9e:6d:1a:69:1c:82:2b:5f:46:44:dd:89:
         f3:b8:32:b2:79:9f:ea:96:2b:5e:89:30:70:37:f6:81:1f:d7:
         c4:57:58:ce:8d:55:40:39:80:8f:08:43:93:82:fe:f8:a7:80:
         77:4e:46:49
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZaJJa9oW+UNNcxa1qLVwWqQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwNTAxMDAwMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDU1YTNjYTAyMzZhYzAxZGEzMDk4ZmI2N2FiNThmMGIyM2E0NTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMRgroqdySAfwIjJBeJjaFI7oou2
6bhZwTU45jDv9gGVohTTu1thI26Qni6l917jGpzyecibD/I/fi9FD111VM6Yecg5
TpzjcDUnwccY/XgfHJPMh8gaIlA1tiKBEaR8guQ/c2mQr7IWrJV0mMAPuE6UgLqr
M6dUcc0Z4QwX+TxMnhtVgpl/cmBryaPdoFVgLBWRc24c5qCCSp2E4HyAiwachiG1
D9VyDE7RR/TB8hYYi/kezWmtX/PATBfvnJDt9R/WrZui72osD2B95b2QMHnMZ8GF
IFqZi4dda7SmDWpTzj0KRdM4i7CJeIrXfWbs3SkPbmihhJM63Qr3Q0hFkwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFDRVo8oCNqwB2jCY+2erWPCyOkUlMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvTkZXanlnSTJyQUhhTUpqN1o2dFk4TEk2UlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKg+yQQBA
AwYEKg+yQmAwDQYJKoZIhvcNAQELBQADggEBAFqSeo6NK+nS4PkqykfNjTQuZYh7
+iqJzWBhuwNS76Mpvcya3UT4kTBCGUt8FsQVMxmQHkKrLhbwmfUwKDy0IIY5fAXo
NW/C2jrNDEYJfNsopNz0gN+qdzvV0l/RABcWitHBX+rLCTLsdCYdgLr9Iqms2Zbx
oYMyXUIb4945ZiRhDoCRNvHNiiM1bdICqOvbsI8YJAtQZtdzekLDctflI/zA1c5Y
a/HtjdZtSvBKgMrcZKNlW1m84BB/+hJdADgAxusg2biLXCUmJOwgU55tGmkcgitf
RkTdifO4MrJ5n+qWK16JMHA39oEf18RXWM6NVUA5gI8IQ5OC/vingHdORkk=
-----END CERTIFICATE-----