Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/i9pP0UdC60SIkPjAyVnRvnkLQpI.roa
File:                     i9pP0UdC60SIkPjAyVnRvnkLQpI.roa (raw, json)
Hash identifier:          DCLA36TFrAK5MuagUyc5DT4JGQhrH1BUGZII4pznSfI=
Subject key identifier:   8B:DA:4F:D1:47:42:EB:44:88:90:F8:C0:C9:59:D1:BE:79:0B:42:92
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0198277797DFDDB91D8855CB59B45C7597BA
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/i9pP0UdC60SIkPjAyVnRvnkLQpI.roa
Signing time:             Sun 20 Jul 2025 10:53:25 +0000
ROA not before:           Sun 20 Jul 2025 10:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11967
IP address blocks:        2a0d:d940:70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:27:77:97:df:dd:b9:1d:88:55:cb:59:b4:5c:75:97:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jul 20 10:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bda4fd14742eb448890f8c0c959d1be790b4292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b1:11:30:f1:3b:c5:a2:aa:d0:07:68:ba:bc:
                    fd:9e:fc:d5:74:f9:6d:fc:84:e7:94:75:24:38:0f:
                    9c:e8:ca:9c:75:cf:e6:b2:67:dd:09:34:c2:d7:8b:
                    c7:ae:ac:d3:63:42:6e:2c:c0:dc:ca:d6:06:f6:de:
                    ba:0e:b5:98:fe:fc:91:89:81:a0:c4:e9:d8:c8:d1:
                    c6:7b:1d:27:71:dc:a5:03:5e:17:83:ef:53:7c:0a:
                    df:c1:ef:85:1e:ba:62:8d:9f:a9:d7:6d:5f:51:34:
                    76:ae:be:ea:0c:ec:c0:7c:16:bf:e1:b4:33:83:98:
                    fb:be:2c:c7:c1:3f:12:ec:6c:f0:e8:0f:d6:5f:2e:
                    d1:6c:3b:a7:0c:94:c9:44:67:6a:a1:d4:9e:1a:cb:
                    8c:50:92:1e:05:68:66:25:ec:44:fd:c0:4c:67:89:
                    13:76:98:ae:ad:5f:bf:61:08:87:60:20:2a:71:99:
                    d9:ad:cb:f5:13:7a:a3:5b:d4:bc:9a:b6:78:f4:87:
                    1d:bb:5a:68:59:36:00:92:e9:3a:3b:09:86:91:49:
                    f5:86:8b:1c:0b:ba:be:24:01:bb:0d:39:13:70:b7:
                    d7:54:4b:f1:63:0a:e5:cc:26:b1:9a:db:2c:f5:46:
                    56:1a:7e:ba:49:8c:0a:d3:ee:84:35:4a:a2:37:fc:
                    7c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:DA:4F:D1:47:42:EB:44:88:90:F8:C0:C9:59:D1:BE:79:0B:42:92
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/i9pP0UdC60SIkPjAyVnRvnkLQpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         0b:b2:d0:ed:d0:e1:15:fc:c1:4d:b8:46:98:a3:45:5f:7c:0e:
         0e:f5:1c:32:cd:3e:ac:bd:29:3c:34:b4:80:32:86:9c:37:88:
         b3:95:e2:6c:88:95:c4:6e:62:85:73:30:5c:44:2f:dc:92:42:
         3c:82:eb:1c:7d:b8:66:3b:60:d9:f2:1b:3e:27:d2:50:cd:7d:
         1c:71:df:51:20:16:79:94:a5:91:8d:9c:2b:3a:b8:0d:ba:0f:
         d1:f1:c0:eb:ab:30:92:3d:8d:d1:7f:0e:24:f5:6b:3e:3b:96:
         db:c5:da:00:8a:ee:72:08:c8:d2:cf:0d:a2:31:d4:44:6f:96:
         f3:49:8f:b9:e9:50:f0:26:de:8b:99:14:58:df:f9:f2:42:c2:
         4f:ba:50:d6:13:5a:4c:d9:5a:8a:72:cc:58:b9:72:54:55:7e:
         41:64:23:1d:a8:bd:45:a8:46:9d:9a:68:84:66:0b:a7:6a:22:
         d8:d3:c2:2f:bd:3e:c4:2f:b1:98:be:e3:b3:36:58:1d:d1:3d:
         ee:0b:4f:e6:30:61:15:3c:5b:35:0b:ee:c0:17:e1:ea:5e:61:
         d8:9e:81:f7:72:6f:77:c2:ba:b5:df:57:79:32:7d:a0:1e:30:
         a9:35:8c:b7:f2:19:6f:87:75:a0:59:f1:4e:66:04:37:38:af:
         27:51:1a:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgnd5ff3bkdiFXLWbRcdZe6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNzIwMTA1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmRhNGZkMTQ3NDJlYjQ0ODg5MGY4YzBjOTU5ZDFiZTc5MGI0MjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrERMPE7xaKq0Adourz9nvzVdPlt
/ITnlHUkOA+c6Mqcdc/msmfdCTTC14vHrqzTY0JuLMDcytYG9t66DrWY/vyRiYGg
xOnYyNHGex0ncdylA14Xg+9TfArfwe+FHrpijZ+p121fUTR2rr7qDOzAfBa/4bQz
g5j7vizHwT8S7Gzw6A/WXy7RbDunDJTJRGdqodSeGsuMUJIeBWhmJexE/cBMZ4kT
dpiurV+/YQiHYCAqcZnZrcv1E3qjW9S8mrZ49Icdu1poWTYAkuk6OwmGkUn1hosc
C7q+JAG7DTkTcLfXVEvxYwrlzCaxmtss9UZWGn66SYwK0+6ENUqiN/x8qQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIvaT9FHQutEiJD4wMlZ0b55C0KSMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvaTlwUDBVZEM2MFNJa1BqQXlWblJ2bmtMUXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQABw
MA0GCSqGSIb3DQEBCwUAA4IBAQALstDt0OEV/MFNuEaYo0VffA4O9RwyzT6svSk8
NLSAMoacN4izleJsiJXEbmKFczBcRC/ckkI8guscfbhmO2DZ8hs+J9JQzX0ccd9R
IBZ5lKWRjZwrOrgNug/R8cDrqzCSPY3Rfw4k9Ws+O5bbxdoAiu5yCMjSzw2iMdRE
b5bzSY+56VDwJt6LmRRY3/nyQsJPulDWE1pM2VqKcsxYuXJUVX5BZCMdqL1FqEad
mmiEZgunaiLY08IvvT7EL7GYvuOzNlgd0T3uC0/mMGEVPFs1C+7AF+HqXmHYnoH3
cm93wrq131d5Mn2gHjCpNYy38hlvh3WgWfFOZgQ3OK8nURq3
-----END CERTIFICATE-----