Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/RNey77PyYZ7q5aSaC4PKivPQUp4.roa
File:                     RNey77PyYZ7q5aSaC4PKivPQUp4.roa (raw, json)
Hash identifier:          nbnaDHAsWvelX6heHPYA3AE04SRORSzM43r0uMU5XGU=
Subject key identifier:   44:D7:B2:EF:B3:F2:61:9E:EA:E5:A4:9A:0B:83:CA:8A:F3:D0:52:9E
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       019607F3F1FCEC8DC7CC8FB90A77CAEADDF9
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/RNey77PyYZ7q5aSaC4PKivPQUp4.roa
Signing time:             Sat 05 Apr 2025 21:55:49 +0000
ROA not before:           Sat 05 Apr 2025 21:55:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        2a01:e284::/32 maxlen: 32
                          2a01:e285::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:07:f3:f1:fc:ec:8d:c7:cc:8f:b9:0a:77:ca:ea:dd:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Apr  5 21:55:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44d7b2efb3f2619eeae5a49a0b83ca8af3d0529e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:40:28:7d:21:59:eb:a8:f9:cc:c8:a8:63:e5:
                    f6:4d:d6:85:de:9c:39:ef:84:af:cb:60:fd:d8:38:
                    3a:29:d2:38:02:d5:0b:04:00:f4:c3:48:b1:dd:5d:
                    77:b5:a2:db:4f:fc:d8:ac:04:67:55:63:af:7d:40:
                    81:0c:86:0a:58:b3:ab:b0:0f:fc:fd:16:79:81:d2:
                    bd:c8:5a:a5:03:b8:a3:f5:65:34:e4:81:73:93:37:
                    86:3f:70:d6:34:f0:24:4d:5a:9f:e3:d3:ce:14:f1:
                    32:ea:56:17:ef:42:5d:8e:96:0b:ef:8a:51:df:23:
                    ec:26:a7:bd:7b:78:c4:7b:f0:80:1c:bc:71:80:62:
                    8c:28:ea:f2:24:67:e4:ca:6a:82:bb:f8:62:f9:a8:
                    f0:69:ca:77:1c:19:aa:f6:05:61:09:ec:a0:95:8d:
                    42:c5:3e:e3:a9:c2:81:fb:1b:fe:11:0e:db:ce:ab:
                    e0:31:67:d9:5a:5f:83:8a:73:38:67:4a:c0:e0:ff:
                    c7:4a:d2:2a:d2:bd:e1:4e:ba:a0:86:6e:72:8f:8b:
                    9f:ed:2c:3f:e2:8b:6e:1c:65:9f:44:f0:a5:97:85:
                    1a:87:b5:92:ac:0c:01:31:76:0b:e4:50:7e:00:bd:
                    08:00:a6:d4:b6:6e:ac:88:7f:01:fe:c0:e1:ef:0f:
                    4c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D7:B2:EF:B3:F2:61:9E:EA:E5:A4:9A:0B:83:CA:8A:F3:D0:52:9E
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/RNey77PyYZ7q5aSaC4PKivPQUp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e284::/31

    Signature Algorithm: sha256WithRSAEncryption
         42:68:b5:d9:d3:df:54:03:8b:ea:c6:c9:cc:8d:f6:45:4f:22:
         90:b3:85:97:ea:e9:6e:29:a5:b3:2e:98:66:b1:65:97:70:73:
         d1:0e:f8:2e:1d:ef:ad:d2:bd:88:bd:24:d6:c5:36:48:c0:81:
         4d:4f:6b:d7:06:cd:d0:ab:63:cd:64:f2:51:b8:cf:36:21:4a:
         2c:ba:e2:43:11:0f:4a:37:ff:26:08:b8:94:64:d5:a6:50:20:
         52:75:bf:de:b4:cb:a2:9a:33:e4:95:c1:4b:af:05:65:03:f6:
         cc:58:2f:6e:2b:ef:a7:1c:ec:4b:3e:f3:54:7f:a9:03:6e:4c:
         5f:08:be:d7:c2:03:54:2c:cd:e7:1d:30:db:e9:9d:f8:0f:e2:
         7e:03:bc:70:de:5d:57:3b:41:0b:12:d5:ca:a2:20:c2:42:d5:
         21:f5:53:a9:27:95:eb:a6:8d:32:01:54:4a:15:a6:2f:7a:79:
         0c:b2:1d:06:52:be:a6:1a:b2:a1:32:a0:31:53:ef:fa:2e:87:
         32:99:1a:f9:9b:dd:c9:41:b5:96:68:11:c1:86:70:8b:c1:3b:
         99:b3:c7:40:1e:68:5f:7d:80:eb:5e:d8:cb:4f:47:5b:70:93:
         9c:6c:06:c5:f2:9a:f5:2f:1f:29:b2:19:a2:f4:53:9b:ac:ef:
         df:fe:1e:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZYH8/H87I3HzI+5CnfK6t35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjUwNDA1MjE1NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGQ3YjJlZmIzZjI2MTllZWFlNWE0OWEwYjgzY2E4YWYzZDA1MjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0AofSFZ66j5zMioY+X2TdaF3pw5
74Svy2D92Dg6KdI4AtULBAD0w0ix3V13taLbT/zYrARnVWOvfUCBDIYKWLOrsA/8
/RZ5gdK9yFqlA7ij9WU05IFzkzeGP3DWNPAkTVqf49POFPEy6lYX70JdjpYL74pR
3yPsJqe9e3jEe/CAHLxxgGKMKOryJGfkymqCu/hi+ajwacp3HBmq9gVhCeyglY1C
xT7jqcKB+xv+EQ7bzqvgMWfZWl+DinM4Z0rA4P/HStIq0r3hTrqghm5yj4uf7Sw/
4otuHGWfRPCll4Uah7WSrAwBMXYL5FB+AL0IAKbUtm6siH8B/sDh7w9MswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFETXsu+z8mGe6uWkmguDyorz0FKeMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvUk5leTc3UHlZWjdxNWFTYUM0UEtpdlBRVXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKgHihDAN
BgkqhkiG9w0BAQsFAAOCAQEAQmi12dPfVAOL6sbJzI32RU8ikLOFl+rpbimlsy6Y
ZrFll3Bz0Q74Lh3vrdK9iL0k1sU2SMCBTU9r1wbN0KtjzWTyUbjPNiFKLLriQxEP
Sjf/Jgi4lGTVplAgUnW/3rTLopoz5JXBS68FZQP2zFgvbivvpxzsSz7zVH+pA25M
Xwi+18IDVCzN5x0w2+md+A/ifgO8cN5dVztBCxLVyqIgwkLVIfVTqSeV66aNMgFU
ShWmL3p5DLIdBlK+phqyoTKgMVPv+i6HMpka+ZvdyUG1lmgRwYZwi8E7mbPHQB5o
X32A617Yy09HW3CTnGwGxfKa9S8fKbIZovRTm6zv3/4elQ==
-----END CERTIFICATE-----