Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Pb42r7nwM47VavoOQ9mYw-8QExg.roa
File:                     Pb42r7nwM47VavoOQ9mYw-8QExg.roa (raw, json)
Hash identifier:          n9TNvmSP4oR2/Y6xlh02FA4riwSwruFUbYMOHStW6bU=
Subject key identifier:   3D:BE:36:AF:B9:F0:33:8E:D5:6A:FA:0E:43:D9:98:C3:EF:10:13:18
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019953022F28C7AFC65E99CEDABE71666F19
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Pb42r7nwM47VavoOQ9mYw-8QExg.roa
Signing time:             Tue 16 Sep 2025 14:51:15 +0000
ROA not before:           Tue 16 Sep 2025 14:51:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211333
IP address blocks:        2a0c:b641:7c0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:53:02:2f:28:c7:af:c6:5e:99:ce:da:be:71:66:6f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Sep 16 14:51:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dbe36afb9f0338ed56afa0e43d998c3ef101318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d8:6f:12:16:21:4a:24:13:e1:c1:ca:40:19:
                    92:85:cf:1a:e6:00:52:71:0c:4b:d5:41:45:2a:5e:
                    e9:b4:d7:e7:0d:6a:a5:d1:d9:74:34:1e:c0:fa:d6:
                    8a:1a:b3:fb:69:40:fe:ab:02:ff:b4:74:57:96:28:
                    a2:f4:86:3d:81:16:f3:3c:62:cf:44:b3:b5:88:5d:
                    37:23:64:c2:81:bf:12:52:cf:f2:b6:c7:18:8c:b1:
                    b9:2f:46:5f:b1:df:67:eb:4f:da:17:ff:a7:75:88:
                    19:6a:80:d4:eb:81:d7:af:c2:6d:d1:54:d7:11:33:
                    07:88:ba:76:20:ad:ed:42:08:b1:a7:16:ba:de:b2:
                    b5:1f:67:bd:42:c0:d5:c9:4c:c7:4f:8e:a4:0d:3f:
                    de:ed:43:c7:33:30:29:36:d0:40:48:a4:c2:51:7a:
                    6d:c5:4c:78:2e:1f:0b:26:bd:17:86:03:4f:e2:53:
                    b3:05:19:3f:1e:b3:49:48:e8:09:1f:20:e3:88:0e:
                    c8:e1:53:f0:fd:fa:e5:cf:01:7d:0e:b1:b9:00:2b:
                    f7:0a:41:bf:ac:41:4a:b2:14:f2:71:f4:85:bf:7a:
                    33:45:85:a8:1f:4e:4e:89:93:92:ee:35:a5:f1:8c:
                    30:39:c6:85:79:bf:91:5f:6a:2e:70:ad:a1:5e:10:
                    25:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:BE:36:AF:B9:F0:33:8E:D5:6A:FA:0E:43:D9:98:C3:EF:10:13:18
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Pb42r7nwM47VavoOQ9mYw-8QExg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:7c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:b6:e1:cb:8a:03:b0:3a:6c:ef:2f:6f:cc:d1:13:c5:71:e2:
         81:c5:2d:8c:a9:c9:30:27:2e:ed:de:80:f5:b4:b6:06:51:5e:
         4a:83:82:16:9f:2a:5b:73:68:88:f0:b7:40:df:58:23:67:5a:
         66:7c:0d:c2:f5:5d:ab:46:d7:fb:0d:4a:5f:fd:f1:8a:c6:27:
         1b:90:93:7c:09:6e:35:4a:ae:e1:53:3b:32:7b:ca:a0:d4:0c:
         d0:bd:4e:53:b6:1e:9e:0c:15:2d:4d:b4:3b:cb:3c:a8:23:19:
         bd:aa:2c:ac:ea:54:66:34:1f:e0:8c:2b:de:c1:58:5a:38:b5:
         5d:9d:1c:1c:ec:b3:7b:9c:c1:43:a4:cc:6f:5b:f3:ca:82:04:
         78:f0:52:af:b9:ff:99:39:87:fd:bc:55:ee:0e:56:e8:e3:47:
         71:6d:82:e8:0c:94:4b:52:3e:b3:d0:ea:cd:e5:0b:7f:79:53:
         17:2c:c2:98:ea:99:c8:38:7d:64:d8:47:78:7d:86:b4:61:9b:
         67:a2:b7:5c:7b:a0:7d:ac:b6:43:35:3d:27:d5:43:2c:54:3b:
         4f:f9:b7:09:c9:b7:0f:aa:95:50:98:8a:c8:31:f4:f3:65:24:
         18:67:54:20:cc:7b:a6:be:9a:75:d8:e5:c4:f1:ab:91:33:89:
         ff:ab:3d:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlTAi8ox6/GXpnO2r5xZm8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwOTE2MTQ1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGJlMzZhZmI5ZjAzMzhlZDU2YWZhMGU0M2Q5OThjM2VmMTAxMzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhthvEhYhSiQT4cHKQBmShc8a5gBS
cQxL1UFFKl7ptNfnDWql0dl0NB7A+taKGrP7aUD+qwL/tHRXliii9IY9gRbzPGLP
RLO1iF03I2TCgb8SUs/ytscYjLG5L0Zfsd9n60/aF/+ndYgZaoDU64HXr8Jt0VTX
ETMHiLp2IK3tQgixpxa63rK1H2e9QsDVyUzHT46kDT/e7UPHMzApNtBASKTCUXpt
xUx4Lh8LJr0XhgNP4lOzBRk/HrNJSOgJHyDjiA7I4VPw/frlzwF9DrG5ACv3CkG/
rEFKshTycfSFv3ozRYWoH05OiZOS7jWl8YwwOcaFeb+RX2oucK2hXhAlTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD2+Nq+58DOO1Wr6DkPZmMPvEBMYMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUGI0MnI3bndNNDdWYXZvT1E5bVl3LThRRXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQfA
MA0GCSqGSIb3DQEBCwUAA4IBAQBZtuHLigOwOmzvL2/M0RPFceKBxS2MqckwJy7t
3oD1tLYGUV5Kg4IWnypbc2iI8LdA31gjZ1pmfA3C9V2rRtf7DUpf/fGKxicbkJN8
CW41Sq7hUzsye8qg1AzQvU5Tth6eDBUtTbQ7yzyoIxm9qiys6lRmNB/gjCvewVha
OLVdnRwc7LN7nMFDpMxvW/PKggR48FKvuf+ZOYf9vFXuDlbo40dxbYLoDJRLUj6z
0OrN5Qt/eVMXLMKY6pnIOH1k2Ed4fYa0YZtnordce6B9rLZDNT0n1UMsVDtP+bcJ
ybcPqpVQmIrIMfTzZSQYZ1QgzHumvpp12OXE8auRM4n/qz0U
-----END CERTIFICATE-----