Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/I3kb68DqpZjEwCdq_ajMNyjqDPg.roa
File:                     I3kb68DqpZjEwCdq_ajMNyjqDPg.roa (raw, json)
Hash identifier:          bR6MzAZcmvQ2z1FRFZItShV++7Umj9ewPdOcxoNXjqU=
Subject key identifier:   23:79:1B:EB:C0:EA:A5:98:C4:C0:27:6A:FD:A8:CC:37:28:EA:0C:F8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01975F65366E78BC8B9AED043F879BAED8C0
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/I3kb68DqpZjEwCdq_ajMNyjqDPg.roa
Signing time:             Wed 11 Jun 2025 14:29:17 +0000
ROA not before:           Wed 11 Jun 2025 14:29:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207099
IP address blocks:        2a0c:b641:540::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5f:65:36:6e:78:bc:8b:9a:ed:04:3f:87:9b:ae:d8:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun 11 14:29:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23791bebc0eaa598c4c0276afda8cc3728ea0cf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:62:db:3c:cf:49:e6:30:e3:6c:57:55:3a:8e:
                    9f:ff:ba:44:57:05:eb:ed:f0:c1:c7:2b:4b:a1:12:
                    3a:00:b7:24:24:48:a1:5a:47:60:2d:4f:16:d2:0c:
                    3f:bf:f7:9d:f0:e4:64:f8:ec:4a:d9:b3:5f:e5:8b:
                    50:a9:33:5f:39:2d:40:66:59:09:6e:4c:bb:de:f7:
                    f8:12:6b:51:5b:32:24:6c:09:24:55:37:fd:7f:10:
                    12:6c:34:8c:60:cf:81:42:c9:1e:ef:88:d0:e7:b8:
                    93:c8:98:d4:be:98:4a:fa:b9:74:f4:87:ac:d1:ff:
                    31:c0:dc:f3:a5:4a:32:63:d1:20:0d:db:bf:88:67:
                    d5:35:a8:24:0a:be:57:91:dc:93:50:12:c7:0a:ad:
                    96:d7:69:ce:16:cf:ef:3d:f7:a7:99:3f:e9:b0:e5:
                    09:25:e2:8c:71:1e:b9:c0:db:c8:8e:0d:5b:4a:b8:
                    4d:26:f6:48:25:f5:87:d7:b6:b4:35:3f:15:26:36:
                    93:f8:7a:03:8d:63:c3:c4:6b:ba:39:d4:4b:76:91:
                    45:30:cc:05:14:cc:2d:03:57:7f:25:13:1f:33:52:
                    90:90:d7:6a:67:3e:c6:d9:5c:cd:32:83:23:bb:60:
                    ce:f5:e4:07:5d:6b:d3:e9:6f:c5:1b:d0:d5:f0:2e:
                    7c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:79:1B:EB:C0:EA:A5:98:C4:C0:27:6A:FD:A8:CC:37:28:EA:0C:F8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/I3kb68DqpZjEwCdq_ajMNyjqDPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:540::/44

    Signature Algorithm: sha256WithRSAEncryption
         91:74:bc:21:61:f6:64:76:1f:24:52:e6:f1:f7:00:82:23:74:
         30:4e:6e:a4:fb:fd:aa:d8:b7:07:bb:72:89:b1:2b:6d:a2:bc:
         a4:23:93:e0:db:f3:6f:2d:a0:e2:75:5b:ad:68:55:f0:fc:ba:
         26:aa:e2:bf:ae:4f:c5:f5:1b:b6:9e:d6:77:67:2d:06:8a:fd:
         1f:09:38:7d:6e:38:91:4c:6b:35:af:d6:9c:39:c1:f8:88:86:
         91:0e:4f:2e:7e:db:ab:6b:57:6f:68:1c:43:b3:39:76:6c:a1:
         81:2e:14:8b:6f:41:da:71:9e:7c:16:19:e0:bc:6c:f2:32:11:
         58:35:0b:24:aa:b8:cc:0c:04:d7:f5:4e:81:b6:c9:82:49:b6:
         3a:c8:e9:26:bc:cd:d7:df:07:e2:f6:a7:89:12:b3:05:ce:6a:
         5b:68:8e:ba:23:ef:61:6a:68:b4:e2:03:be:aa:ea:2d:93:47:
         5b:64:56:91:7a:4f:68:9c:b2:45:94:5a:8e:8d:d4:c9:ea:58:
         5c:cc:92:12:59:ab:4a:0d:26:4f:d3:54:bf:09:05:8c:ac:0b:
         9f:38:2a:33:ad:27:ed:3c:ae:9c:c1:fb:45:29:c9:37:0e:18:
         de:db:d4:9b:f7:c7:f2:6d:82:b2:28:7c:9b:86:ee:f3:17:ea:
         f1:12:75:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdfZTZueLyLmu0EP4ebrtjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNjExMTQyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzc5MWJlYmMwZWFhNTk4YzRjMDI3NmFmZGE4Y2MzNzI4ZWEwY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGLbPM9J5jDjbFdVOo6f/7pEVwXr
7fDBxytLoRI6ALckJEihWkdgLU8W0gw/v/ed8ORk+OxK2bNf5YtQqTNfOS1AZlkJ
bky73vf4EmtRWzIkbAkkVTf9fxASbDSMYM+BQske74jQ57iTyJjUvphK+rl09Ies
0f8xwNzzpUoyY9EgDdu/iGfVNagkCr5XkdyTUBLHCq2W12nOFs/vPfenmT/psOUJ
JeKMcR65wNvIjg1bSrhNJvZIJfWH17a0NT8VJjaT+HoDjWPDxGu6OdRLdpFFMMwF
FMwtA1d/JRMfM1KQkNdqZz7G2VzNMoMju2DO9eQHXWvT6W/FG9DV8C58WQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCN5G+vA6qWYxMAnav2ozDco6gz4MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSTNrYjY4RHFwWmpFd0NkcV9hak1OeWpxRFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQVA
MA0GCSqGSIb3DQEBCwUAA4IBAQCRdLwhYfZkdh8kUubx9wCCI3QwTm6k+/2q2LcH
u3KJsSttorykI5Pg2/NvLaDidVutaFXw/LomquK/rk/F9Ru2ntZ3Zy0Giv0fCTh9
bjiRTGs1r9acOcH4iIaRDk8uftura1dvaBxDszl2bKGBLhSLb0HacZ58FhngvGzy
MhFYNQskqrjMDATX9U6BtsmCSbY6yOkmvM3X3wfi9qeJErMFzmpbaI66I+9hami0
4gO+quotk0dbZFaRek9onLJFlFqOjdTJ6lhczJISWatKDSZP01S/CQWMrAufOCoz
rSftPK6cwftFKck3Dhje29Sb98fybYKyKHybhu7zF+rxEnXr
-----END CERTIFICATE-----