Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/2MnJb6c5YnNQ1zVgyuJ_IZ3n2QI.roa
File:                     2MnJb6c5YnNQ1zVgyuJ_IZ3n2QI.roa (raw, json)
Hash identifier:          k/m6yvyjLdB8+4uEbTkqM+WRV4cgI1Ugl2bD6WkY+xM=
Subject key identifier:   D8:C9:C9:6F:A7:39:62:73:50:D7:35:60:CA:E2:7F:21:9D:E7:D9:02
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       01994E36742BEECA0A54E7CDC58B294472D2
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/2MnJb6c5YnNQ1zVgyuJ_IZ3n2QI.roa
Signing time:             Mon 15 Sep 2025 16:30:15 +0000
ROA not before:           Mon 15 Sep 2025 16:30:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34665
IP address blocks:        2a11:68c1::/32 maxlen: 32
                          2a11:8943::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:36:74:2b:ee:ca:0a:54:e7:cd:c5:8b:29:44:72:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Sep 15 16:30:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8c9c96fa739627350d73560cae27f219de7d902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:94:4a:59:da:fd:c4:e7:79:fd:0d:3b:82:5b:
                    b1:69:cf:69:76:b6:05:ac:65:18:76:5e:3f:9f:b9:
                    c2:95:20:83:77:b6:a5:25:21:94:56:8d:d8:f7:b7:
                    a9:90:ae:28:c3:93:34:9c:c3:f0:c2:47:bc:b9:c2:
                    54:d6:c3:ef:86:ad:3f:07:fc:d4:7b:98:56:ed:cf:
                    0d:2a:f9:bc:1b:ad:55:c8:11:b9:48:fd:b7:9d:69:
                    ce:08:55:04:32:9d:a8:09:99:6d:41:b6:9b:fd:af:
                    73:7e:57:f3:52:c1:5e:11:91:2b:f4:7d:3a:f6:dc:
                    19:a0:db:eb:2d:0a:cc:bd:45:f1:65:c7:e1:a4:b3:
                    fc:0a:ae:d8:81:5b:86:2b:3a:21:ff:44:ae:79:66:
                    78:d3:35:10:e7:ac:e7:54:2a:1d:73:b2:63:f6:29:
                    7e:fa:a1:b6:77:16:2d:e5:32:5e:0e:d9:b1:3f:f8:
                    4d:88:a3:d1:c3:bf:3d:18:42:48:44:f6:e9:35:60:
                    54:ce:30:71:8c:7e:09:8b:5d:07:e1:01:f8:11:34:
                    81:58:f7:c2:6d:ee:37:6c:c4:23:87:dc:33:f1:2e:
                    97:38:c8:04:6a:4f:f0:c6:26:7d:db:25:11:95:ae:
                    80:9e:32:12:b7:1f:39:7f:d8:08:dd:45:20:4f:77:
                    11:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C9:C9:6F:A7:39:62:73:50:D7:35:60:CA:E2:7F:21:9D:E7:D9:02
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/2MnJb6c5YnNQ1zVgyuJ_IZ3n2QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:68c1::/32
                  2a11:8943::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:49:0b:39:db:0e:ce:c7:fa:7d:f6:fd:8e:67:12:df:18:ef:
         6c:61:e7:fd:6b:72:bb:4d:76:a8:98:3f:74:60:47:dc:76:22:
         be:2b:e3:29:db:15:bc:3d:5f:3e:26:51:cd:94:06:72:d8:c6:
         00:04:1e:a2:bf:a5:81:a6:dc:05:a7:c4:d7:ca:af:e3:c0:6c:
         a3:d8:12:f7:7e:b2:86:e3:20:21:1b:e5:6e:11:2b:3a:5a:a0:
         2e:56:17:d3:03:64:dc:28:a0:7b:30:34:01:ed:64:ae:dd:44:
         38:cc:6a:4b:de:dd:b9:be:f3:f3:35:ee:9d:c7:d2:45:b0:0d:
         7b:d3:85:3d:b7:84:70:c2:39:de:33:30:2b:56:4f:94:dc:81:
         bd:d4:81:dd:cf:74:39:7e:17:cb:68:90:9f:01:5f:aa:97:3d:
         bc:58:e8:d5:72:8c:05:83:c0:1a:4c:02:3f:eb:a3:f1:6d:9b:
         08:f8:1e:84:f0:b5:10:6a:96:f1:83:fc:f2:55:28:7f:b7:2a:
         1f:0b:6c:b1:ca:61:39:26:13:a3:49:60:99:83:a0:67:d1:b9:
         1e:b1:5e:3e:4d:a5:30:8e:08:bf:d4:14:ee:f0:e3:4b:cc:17:
         c5:48:19:e1:6b:11:34:d3:ba:55:87:20:e5:9a:79:2f:0b:c0:
         72:78:a7:4f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZlONnQr7soKVOfNxYspRHLSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwOTE1MTYzMDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGM5Yzk2ZmE3Mzk2MjczNTBkNzM1NjBjYWUyN2YyMTlkZTdkOTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZRKWdr9xOd5/Q07gluxac9pdrYF
rGUYdl4/n7nClSCDd7alJSGUVo3Y97epkK4ow5M0nMPwwke8ucJU1sPvhq0/B/zU
e5hW7c8NKvm8G61VyBG5SP23nWnOCFUEMp2oCZltQbab/a9zflfzUsFeEZEr9H06
9twZoNvrLQrMvUXxZcfhpLP8Cq7YgVuGKzoh/0SueWZ40zUQ56znVCodc7Jj9il+
+qG2dxYt5TJeDtmxP/hNiKPRw789GEJIRPbpNWBUzjBxjH4Ji10H4QH4ETSBWPfC
be43bMQjh9wz8S6XOMgEak/wxiZ92yURla6AnjIStx85f9gI3UUgT3cRAwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNjJyW+nOWJzUNc1YMrifyGd59kCMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvMk1uSmI2YzVZbk5RMXpWZ3l1Sl9JWjNuMlFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhFowQMF
ACoRiUMwDQYJKoZIhvcNAQELBQADggEBAGVJCznbDs7H+n32/Y5nEt8Y72xh5/1r
crtNdqiYP3RgR9x2Ir4r4ynbFbw9Xz4mUc2UBnLYxgAEHqK/pYGm3AWnxNfKr+PA
bKPYEvd+sobjICEb5W4RKzpaoC5WF9MDZNwooHswNAHtZK7dRDjMakve3bm+8/M1
7p3H0kWwDXvThT23hHDCOd4zMCtWT5Tcgb3Ugd3PdDl+F8tokJ8BX6qXPbxY6NVy
jAWDwBpMAj/ro/Ftmwj4HoTwtRBqlvGD/PJVKH+3Kh8LbLHKYTkmE6NJYJmDoGfR
uR6xXj5NpTCOCL/UFO7w40vMF8VIGeFrETTTulWHIOWaeS8LwHJ4p08=
-----END CERTIFICATE-----