Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/vNxy9JwWQEY0XVf4WysK_7x3VCE.roa
File:                     vNxy9JwWQEY0XVf4WysK_7x3VCE.roa (raw, json)
Hash identifier:          XrUrBk9ES6M7Qos81vZPrbRNAQMiDM19Q8xEy3XUylg=
Subject key identifier:   BC:DC:72:F4:9C:16:40:46:34:5D:57:F8:5B:2B:0A:FF:BC:77:54:21
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       0198C77F4A4FB11A6DB174E2E74EFCACB42A
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/vNxy9JwWQEY0XVf4WysK_7x3VCE.roa
Signing time:             Wed 20 Aug 2025 12:41:04 +0000
ROA not before:           Wed 20 Aug 2025 12:41:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205280
IP address blocks:        2a0c:9a40:88d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c7:7f:4a:4f:b1:1a:6d:b1:74:e2:e7:4e:fc:ac:b4:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Aug 20 12:41:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bcdc72f49c164046345d57f85b2b0affbc775421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:77:64:50:75:b3:07:69:06:76:73:6c:1f:27:
                    1a:f7:07:38:11:ad:bf:ea:55:57:44:5e:51:42:64:
                    26:0f:a7:9f:3d:d9:1d:4e:e0:13:3d:1b:c9:dd:a7:
                    af:4a:cc:3e:41:bc:0e:c9:69:90:70:57:02:ea:8f:
                    45:fe:f9:02:44:10:dd:82:74:7f:54:26:74:16:49:
                    4b:fe:f1:bb:58:d0:56:0e:0f:61:18:eb:3e:eb:4b:
                    51:33:d9:38:b5:4c:71:e4:eb:fa:97:34:e3:05:a3:
                    cc:49:32:68:64:62:18:f9:b5:a4:07:7d:eb:90:f4:
                    34:cf:74:10:e0:15:6c:38:f2:bd:dd:0c:17:99:3e:
                    4d:71:7d:60:73:9c:c8:42:54:6e:ad:6d:49:15:b8:
                    18:5e:68:cd:dc:50:1d:62:d1:c5:c3:ef:55:28:59:
                    bf:c4:53:d6:41:49:ba:e6:b5:01:1c:f1:38:e8:4c:
                    74:4b:8d:54:13:fb:c5:ab:ad:ea:f7:08:5a:99:c8:
                    b5:40:ab:ba:cb:6e:26:b3:9d:cf:fa:b2:38:e0:d4:
                    fc:c5:2a:43:8c:ee:81:82:fb:92:99:18:d9:53:04:
                    08:11:0a:be:4a:16:51:e0:66:0d:90:40:36:60:36:
                    74:90:62:a5:cd:fd:ab:c5:0d:34:bc:f1:75:fc:69:
                    bc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:DC:72:F4:9C:16:40:46:34:5D:57:F8:5B:2B:0A:FF:BC:77:54:21
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/vNxy9JwWQEY0XVf4WysK_7x3VCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:88d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         81:9c:83:f1:5b:fb:7a:28:c7:71:c2:53:d7:ee:4a:05:e8:17:
         95:a5:da:fa:14:72:2b:d0:68:e4:6c:35:e6:5b:12:83:56:a9:
         f7:5b:ab:db:72:6d:61:6c:e1:28:41:03:60:36:90:41:ab:66:
         7f:c2:37:2d:17:3f:7b:1f:71:09:f6:01:2d:9f:66:2f:81:ef:
         a7:ef:5f:d2:7f:f2:ea:d3:42:83:2b:bc:80:66:63:0d:8e:92:
         f6:db:7c:26:5f:04:fa:6e:7d:7e:0e:97:8c:53:9c:0f:14:e6:
         23:00:3c:76:61:bd:a1:02:99:eb:38:10:1f:44:6e:4a:0a:4e:
         02:4b:74:43:71:43:88:39:0f:ea:a0:c5:df:6f:ec:9d:f5:aa:
         b5:6a:78:bf:90:d8:8b:28:78:7b:79:13:b0:17:bd:30:96:8c:
         f3:0c:90:5c:ed:fd:39:0d:d9:0a:1e:22:3c:4e:f6:86:36:ed:
         12:c4:a9:2b:81:66:6d:79:45:dc:f4:9a:a7:3d:10:9d:cc:05:
         cd:75:d5:01:58:e2:5f:a8:9e:bb:de:e8:5e:82:d0:e8:bf:e8:
         c6:ef:25:1d:3e:aa:24:17:83:77:e2:06:df:51:63:15:e3:8f:
         6d:f1:a3:a3:f8:8b:5d:8f:d6:5a:31:0f:00:fe:7e:13:53:92:
         6b:8e:0f:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjHf0pPsRptsXTi5078rLQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwODIwMTI0MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2RjNzJmNDljMTY0MDQ2MzQ1ZDU3Zjg1YjJiMGFmZmJjNzc1NDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13dkUHWzB2kGdnNsHyca9wc4Ea2/
6lVXRF5RQmQmD6efPdkdTuATPRvJ3aevSsw+QbwOyWmQcFcC6o9F/vkCRBDdgnR/
VCZ0FklL/vG7WNBWDg9hGOs+60tRM9k4tUxx5Ov6lzTjBaPMSTJoZGIY+bWkB33r
kPQ0z3QQ4BVsOPK93QwXmT5NcX1gc5zIQlRurW1JFbgYXmjN3FAdYtHFw+9VKFm/
xFPWQUm65rUBHPE46Ex0S41UE/vFq63q9whamci1QKu6y24ms53P+rI44NT8xSpD
jO6BgvuSmRjZUwQIEQq+ShZR4GYNkEA2YDZ0kGKlzf2rxQ00vPF1/Gm8pwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLzccvScFkBGNF1X+FsrCv+8d1QhMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvdk54eTlKd1dRRVkwWFZmNFd5c0tfN3gzVkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIjQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCBnIPxW/t6KMdxwlPX7koF6BeVpdr6FHIr0Gjk
bDXmWxKDVqn3W6vbcm1hbOEoQQNgNpBBq2Z/wjctFz97H3EJ9gEtn2Yvge+n71/S
f/Lq00KDK7yAZmMNjpL223wmXwT6bn1+DpeMU5wPFOYjADx2Yb2hApnrOBAfRG5K
Ck4CS3RDcUOIOQ/qoMXfb+yd9aq1ani/kNiLKHh7eROwF70wlozzDJBc7f05DdkK
HiI8TvaGNu0SxKkrgWZteUXc9JqnPRCdzAXNddUBWOJfqJ673uhegtDov+jG7yUd
PqokF4N34gbfUWMV449t8aOj+Itdj9ZaMQ8A/n4TU5Jrjg+i
-----END CERTIFICATE-----