Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/aGAeUyrXlcg5P9KdO7SsyLIa3qM.roa
File:                     aGAeUyrXlcg5P9KdO7SsyLIa3qM.roa (raw, json)
Hash identifier:          zRczN1keSwgp3IQ2R1f/HYsXKJErw4zTNPUHQvEUUAQ=
Subject key identifier:   68:60:1E:53:2A:D7:95:C8:39:3F:D2:9D:3B:B4:AC:C8:B2:1A:DE:A3
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0197693A0068C531A3C421FF92328E065FA6
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/aGAeUyrXlcg5P9KdO7SsyLIa3qM.roa
Signing time:             Fri 13 Jun 2025 12:18:18 +0000
ROA not before:           Fri 13 Jun 2025 12:18:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206971
IP address blocks:        2a0c:b641:5d0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:69:3a:00:68:c5:31:a3:c4:21:ff:92:32:8e:06:5f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun 13 12:18:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68601e532ad795c8393fd29d3bb4acc8b21adea3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:87:b8:d2:e8:40:02:c2:02:e9:93:18:ed:a0:
                    a3:82:62:d5:bc:eb:4b:be:a3:71:82:20:d1:17:13:
                    4d:c0:cc:c7:dc:6d:57:1a:b8:e7:db:4a:65:94:cf:
                    7d:e4:0d:83:16:9e:2a:9a:ce:fe:bd:27:ab:2e:db:
                    b4:fe:4a:f6:de:48:83:44:0e:c9:5c:3e:fb:f9:45:
                    c9:a5:7f:fa:7c:35:ab:8d:a5:19:dc:f7:2f:cc:48:
                    50:b6:e5:4a:c1:de:bf:5c:fd:98:b6:68:6f:2c:e6:
                    c9:57:d7:1c:fd:6c:06:74:db:bc:0e:ca:b0:63:70:
                    38:3b:98:9c:04:35:3f:fd:88:88:66:1b:88:6c:cc:
                    8f:d5:88:b3:8a:d2:11:df:9c:e2:10:70:b1:85:01:
                    89:27:2c:49:ab:96:4d:5a:cf:de:eb:3a:69:a0:cb:
                    f7:a4:54:15:19:a7:d0:db:9b:8d:89:9b:29:58:3a:
                    9a:db:20:c2:9a:ef:ed:61:54:b5:df:ad:ab:5f:d8:
                    31:49:01:0c:55:82:7c:9f:ec:c2:da:e3:18:2f:bb:
                    40:c7:e5:50:96:f1:b2:f7:6b:bd:1b:98:0c:88:f9:
                    6d:7c:a0:d2:ba:f6:aa:26:d1:49:aa:3c:93:eb:de:
                    1f:35:dd:04:77:12:47:d8:ba:89:5b:96:d0:c2:fe:
                    e8:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:60:1E:53:2A:D7:95:C8:39:3F:D2:9D:3B:B4:AC:C8:B2:1A:DE:A3
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/aGAeUyrXlcg5P9KdO7SsyLIa3qM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:5d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:6e:c7:f1:d7:12:3b:52:7a:bb:c7:f5:74:d1:e2:4c:f2:63:
         ef:9e:8a:56:da:5e:9d:ad:85:d3:cb:45:a5:ea:c5:30:d5:04:
         46:f6:cb:3b:32:5a:48:09:c0:74:43:39:5d:65:4a:a7:4e:ac:
         0f:1e:5c:10:24:45:d5:14:da:85:4b:ab:85:6e:2b:1b:71:e5:
         ec:d3:0f:5a:5c:e7:32:e8:57:b4:5c:c7:59:41:24:b7:11:0e:
         9a:8e:66:63:f5:68:95:30:66:a5:27:f4:b0:1c:34:ab:82:d6:
         4a:fb:39:ca:2d:55:08:4f:f2:a9:e7:c4:a4:a4:be:7f:27:9f:
         ec:74:75:31:c0:af:62:17:f2:31:96:b5:1c:3f:0c:41:25:be:
         2c:a6:9c:31:8d:1a:74:ff:46:c4:8e:cc:67:bf:e8:0f:83:0c:
         0b:78:db:85:73:22:54:e3:b8:77:b7:90:4d:e3:a1:55:8d:78:
         60:63:59:fb:98:d4:b6:4f:49:34:7b:42:dc:b9:1f:7f:4d:51:
         52:58:d6:99:23:fa:04:d8:3c:1d:ec:69:a3:be:ec:ac:2c:e8:
         96:21:bc:b6:f3:04:1f:f0:9b:06:40:54:37:53:90:21:8a:35:
         47:0e:80:cc:dc:54:31:c5:7e:f0:f3:53:9d:85:f5:49:8a:2f:
         bf:5a:6b:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdpOgBoxTGjxCH/kjKOBl+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNjEzMTIxODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODYwMWU1MzJhZDc5NWM4MzkzZmQyOWQzYmI0YWNjOGIyMWFkZWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYe40uhAAsIC6ZMY7aCjgmLVvOtL
vqNxgiDRFxNNwMzH3G1XGrjn20pllM995A2DFp4qms7+vSerLtu0/kr23kiDRA7J
XD77+UXJpX/6fDWrjaUZ3PcvzEhQtuVKwd6/XP2YtmhvLObJV9cc/WwGdNu8Dsqw
Y3A4O5icBDU//YiIZhuIbMyP1YizitIR35ziEHCxhQGJJyxJq5ZNWs/e6zppoMv3
pFQVGafQ25uNiZspWDqa2yDCmu/tYVS1362rX9gxSQEMVYJ8n+zC2uMYL7tAx+VQ
lvGy92u9G5gMiPltfKDSuvaqJtFJqjyT694fNd0EdxJH2LqJW5bQwv7oUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGhgHlMq15XIOT/SnTu0rMiyGt6jMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvYUdBZVV5clhsY2c1UDlLZE83U3N5TElhM3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQXQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBubsfx1xI7Unq7x/V00eJM8mPvnopW2l6drYXT
y0Wl6sUw1QRG9ss7MlpICcB0QzldZUqnTqwPHlwQJEXVFNqFS6uFbisbceXs0w9a
XOcy6Fe0XMdZQSS3EQ6ajmZj9WiVMGalJ/SwHDSrgtZK+znKLVUIT/Kp58SkpL5/
J5/sdHUxwK9iF/IxlrUcPwxBJb4sppwxjRp0/0bEjsxnv+gPgwwLeNuFcyJU47h3
t5BN46FVjXhgY1n7mNS2T0k0e0LcuR9/TVFSWNaZI/oE2Dwd7GmjvuysLOiWIby2
8wQf8JsGQFQ3U5AhijVHDoDM3FQxxX7w81OdhfVJii+/WmsP
-----END CERTIFICATE-----