Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lzUrfdjvi4X0daNPvReXYlaxfUs.roa
File:                     lzUrfdjvi4X0daNPvReXYlaxfUs.roa (raw, json)
Hash identifier:          mmPPsLggwrEErlARtsPqmojwc7jNfBJKDlKr0vM/KnA=
Subject key identifier:   97:35:2B:7D:D8:EF:8B:85:F4:75:A3:4F:BD:17:97:62:56:B1:7D:4B
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       01982315286424661A408F33BBE63F1BB02A
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lzUrfdjvi4X0daNPvReXYlaxfUs.roa
Signing time:             Sat 19 Jul 2025 14:27:25 +0000
ROA not before:           Sat 19 Jul 2025 14:27:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213413
IP address blocks:        2a0d:d940:70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 17:44:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:23:15:28:64:24:66:1a:40:8f:33:bb:e6:3f:1b:b0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jul 19 14:27:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97352b7dd8ef8b85f475a34fbd17976256b17d4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:29:eb:34:df:fa:c5:17:20:40:27:1e:44:41:
                    e1:94:8e:88:c1:51:75:c0:d8:7b:8a:00:b8:57:26:
                    a6:86:41:a5:69:09:eb:77:77:03:f2:a3:89:71:6b:
                    be:47:f3:3b:2a:79:67:a1:90:7e:a7:30:b2:6a:ed:
                    f1:17:e1:bb:a3:9a:cc:a6:04:13:79:1c:51:7c:16:
                    bf:9a:8c:07:7b:41:3c:b6:d1:ef:5c:c8:b3:a4:52:
                    b6:50:6b:48:eb:0c:69:27:ff:3c:ee:48:00:ae:c9:
                    d0:7b:d0:f0:4b:2f:2d:b1:f4:55:4c:77:cc:2e:62:
                    c3:ef:c0:d9:42:18:ca:3e:1d:22:d4:ed:29:d6:d3:
                    7c:f6:fd:af:2a:d5:92:f0:0c:f3:a0:dd:33:25:4f:
                    3e:dc:33:65:73:84:e9:3b:ff:dd:61:f5:f1:03:96:
                    5a:df:9c:0d:46:ff:ab:a4:fc:e8:e1:83:37:97:f6:
                    e4:a6:7b:40:eb:51:72:46:6d:68:ac:1a:7a:52:78:
                    fa:43:71:04:3f:a1:81:7d:ac:2a:c5:26:1e:5b:3e:
                    cb:a8:5f:b9:e9:35:27:c9:42:83:9c:ea:5b:68:de:
                    76:a6:cc:ae:19:d4:ad:13:cc:0d:0c:f0:5f:26:5a:
                    bb:ec:66:e7:63:be:75:23:8a:d8:0c:73:a5:0b:c7:
                    54:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:35:2B:7D:D8:EF:8B:85:F4:75:A3:4F:BD:17:97:62:56:B1:7D:4B
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lzUrfdjvi4X0daNPvReXYlaxfUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:27:7e:8d:e0:0c:d7:22:3f:b8:79:df:24:98:b5:88:cf:47:
         31:6f:f8:6d:d8:bf:3a:67:ce:6f:73:3c:5f:36:42:7b:1a:8e:
         49:73:e0:57:2b:8a:66:83:d7:84:09:1f:f2:da:cc:79:26:94:
         62:04:16:46:68:3a:dc:c8:1b:5e:9e:b5:d9:fa:66:e4:d1:45:
         47:55:3c:7f:cc:5b:f4:0f:02:8a:67:17:c4:16:38:d0:73:ab:
         82:4f:51:05:13:20:ab:27:11:d2:c0:4a:9b:91:bb:ff:66:43:
         76:e0:ce:8f:09:b2:49:25:f6:58:ef:bb:ea:91:d4:80:0f:f4:
         ca:01:6c:01:2d:73:58:62:c2:45:45:f1:11:33:2c:84:19:ee:
         f5:e5:5b:55:9f:b1:4e:32:9a:f5:1b:d9:81:6b:1e:74:85:49:
         a8:01:32:b7:b5:f3:28:0a:55:d5:bb:15:7e:2f:3c:7a:c9:e3:
         3c:f4:66:3d:cc:2b:a2:dd:ec:f3:14:28:80:75:9a:f2:b8:a7:
         f1:46:5c:af:d4:af:84:d8:4c:12:a4:c8:ce:26:2e:8b:07:82:
         50:4c:10:88:8c:46:02:60:bf:ef:7a:14:23:21:5b:2e:03:02:
         48:69:a9:a5:9c:19:b1:5b:1d:c3:c8:b1:cb:2d:3c:30:2f:6d:
         cf:08:51:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgjFShkJGYaQI8zu+Y/G7AqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNzE5MTQyNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzM1MmI3ZGQ4ZWY4Yjg1ZjQ3NWEzNGZiZDE3OTc2MjU2YjE3ZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxynrNN/6xRcgQCceREHhlI6IwVF1
wNh7igC4VyamhkGlaQnrd3cD8qOJcWu+R/M7KnlnoZB+pzCyau3xF+G7o5rMpgQT
eRxRfBa/mowHe0E8ttHvXMizpFK2UGtI6wxpJ/887kgArsnQe9DwSy8tsfRVTHfM
LmLD78DZQhjKPh0i1O0p1tN89v2vKtWS8AzzoN0zJU8+3DNlc4TpO//dYfXxA5Za
35wNRv+rpPzo4YM3l/bkpntA61FyRm1orBp6Unj6Q3EEP6GBfawqxSYeWz7LqF+5
6TUnyUKDnOpbaN52psyuGdStE8wNDPBfJlq77GbnY751I4rYDHOlC8dUbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJc1K33Y74uF9HWjT70Xl2JWsX1LMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbHpVcmZkanZpNFgwZGFOUHZSZVhZbGF4ZlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQABw
MA0GCSqGSIb3DQEBCwUAA4IBAQAYJ36N4AzXIj+4ed8kmLWIz0cxb/ht2L86Z85v
czxfNkJ7Go5Jc+BXK4pmg9eECR/y2sx5JpRiBBZGaDrcyBtenrXZ+mbk0UVHVTx/
zFv0DwKKZxfEFjjQc6uCT1EFEyCrJxHSwEqbkbv/ZkN24M6PCbJJJfZY77vqkdSA
D/TKAWwBLXNYYsJFRfERMyyEGe715VtVn7FOMpr1G9mBax50hUmoATK3tfMoClXV
uxV+Lzx6yeM89GY9zCui3ezzFCiAdZryuKfxRlyv1K+E2EwSpMjOJi6LB4JQTBCI
jEYCYL/vehQjIVsuAwJIaamlnBmxWx3DyLHLLTwwL23PCFHY
-----END CERTIFICATE-----