Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/NjkpRdEpxNsm8wrcNM9aefJVdQI.roa
File:                     NjkpRdEpxNsm8wrcNM9aefJVdQI.roa (raw, json)
Hash identifier:          SjORWnr19cENupMIzp+SEZJ+XxwL0HBZAxpGV9hyvUU=
Subject key identifier:   36:39:29:45:D1:29:C4:DB:26:F3:0A:DC:34:CF:5A:79:F2:55:75:02
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       0196A602E8564FD314B33D59D0D75E2858C3
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/NjkpRdEpxNsm8wrcNM9aefJVdQI.roa
Signing time:             Tue 06 May 2025 14:32:10 +0000
ROA not before:           Tue 06 May 2025 14:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        2a0e:c4c2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a6:02:e8:56:4f:d3:14:b3:3d:59:d0:d7:5e:28:58:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: May  6 14:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36392945d129c4db26f30adc34cf5a79f2557502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ed:96:92:a2:56:f4:f1:b4:e7:a8:74:8d:e2:
                    85:91:73:a4:ef:57:57:3b:63:d1:d5:c6:a9:ff:21:
                    f0:16:16:14:a4:56:00:87:69:59:3a:0e:d1:f8:fe:
                    ec:12:e0:55:4d:52:15:bc:98:d6:33:cc:e0:9e:98:
                    b7:ba:07:a9:34:7e:ea:98:ed:96:bc:ee:44:14:62:
                    cf:3c:b6:56:6f:c5:ef:de:da:cd:d2:56:0f:69:eb:
                    30:64:74:c6:52:84:8b:3a:e4:2b:f6:94:6e:c1:ac:
                    4d:cd:7e:77:91:12:72:31:f4:3f:55:03:d2:b1:90:
                    98:65:54:f4:25:8e:4f:64:dd:70:31:0d:31:bd:35:
                    a9:a2:5a:cd:fa:03:06:87:ab:84:fa:59:37:80:72:
                    88:c3:d5:d4:73:5a:85:77:fe:23:69:ab:30:74:f4:
                    b3:7e:e2:ad:da:0a:5d:9a:28:c6:67:7b:23:34:03:
                    87:68:3a:e2:b6:70:63:ae:6f:83:c9:a2:07:0f:dd:
                    e5:5d:e6:db:44:61:09:76:79:f6:ae:d5:77:44:e3:
                    8d:be:e2:1f:4d:b7:bb:83:86:df:46:84:85:a4:1c:
                    3d:7b:7c:d7:ba:dc:d6:d2:39:62:bc:a4:0c:70:87:
                    b8:c3:49:79:99:30:5b:f6:66:74:fb:f0:05:77:c7:
                    25:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:39:29:45:D1:29:C4:DB:26:F3:0A:DC:34:CF:5A:79:F2:55:75:02
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/NjkpRdEpxNsm8wrcNM9aefJVdQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:c4c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:4c:60:50:aa:9d:8a:f5:00:93:6e:63:8d:2b:cd:ee:9f:59:
         07:ec:e8:9b:96:ac:ec:2d:a4:b8:59:ff:8f:61:23:36:74:eb:
         d5:61:66:a1:f9:28:09:9f:5a:1a:8a:f0:62:07:29:10:77:d7:
         6f:77:7b:06:dc:18:36:ea:13:2f:f2:be:66:f6:e6:54:13:b7:
         d5:1e:44:ce:09:62:47:8a:ea:9b:69:fd:00:38:c5:02:1c:f7:
         34:ba:56:d4:88:7f:36:c0:a3:17:19:94:d7:7f:b2:ed:53:43:
         fc:4a:36:6f:97:62:da:c5:4d:97:dd:da:65:dd:14:39:d8:dc:
         41:09:0c:db:fb:f8:30:45:77:71:9b:78:f9:a2:4c:4b:79:3e:
         cf:a5:72:a8:d5:c3:ba:b3:c1:10:53:62:4b:69:b0:fa:1a:29:
         3d:87:6e:eb:1b:04:a0:80:9e:4a:9d:4a:f7:60:f1:bd:f9:c0:
         17:a2:88:15:24:71:4a:5a:6c:55:75:8b:e1:65:25:18:6c:91:
         af:be:31:62:b1:a6:85:e4:14:9a:9a:ee:8b:7f:78:4f:d7:de:
         21:40:ae:14:22:3d:bd:2d:cc:58:a6:7f:81:a7:ee:10:01:aa:
         fb:57:65:84:f7:dc:cf:be:ce:d6:34:ec:dc:2c:8a:d1:38:73:
         7e:43:75:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZamAuhWT9MUsz1Z0NdeKFjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjUwNTA2MTQzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM5Mjk0NWQxMjljNGRiMjZmMzBhZGMzNGNmNWE3OWYyNTU3NTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAru2WkqJW9PG056h0jeKFkXOk71dX
O2PR1cap/yHwFhYUpFYAh2lZOg7R+P7sEuBVTVIVvJjWM8zgnpi3ugepNH7qmO2W
vO5EFGLPPLZWb8Xv3trN0lYPaeswZHTGUoSLOuQr9pRuwaxNzX53kRJyMfQ/VQPS
sZCYZVT0JY5PZN1wMQ0xvTWpolrN+gMGh6uE+lk3gHKIw9XUc1qFd/4jaaswdPSz
fuKt2gpdmijGZ3sjNAOHaDritnBjrm+DyaIHD93lXebbRGEJdnn2rtV3ROONvuIf
Tbe7g4bfRoSFpBw9e3zXutzW0jlivKQMcIe4w0l5mTBb9mZ0+/AFd8clgwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDY5KUXRKcTbJvMK3DTPWnnyVXUCMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvTmprcFJkRXB4TnNtOHdyY05NOWFlZkpWZFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7EwjAN
BgkqhkiG9w0BAQsFAAOCAQEALExgUKqdivUAk25jjSvN7p9ZB+zom5as7C2kuFn/
j2EjNnTr1WFmofkoCZ9aGorwYgcpEHfXb3d7BtwYNuoTL/K+ZvbmVBO31R5Ezgli
R4rqm2n9ADjFAhz3NLpW1Ih/NsCjFxmU13+y7VND/Eo2b5di2sVNl93aZd0UOdjc
QQkM2/v4MEV3cZt4+aJMS3k+z6VyqNXDurPBEFNiS2mw+hopPYdu6xsEoICeSp1K
92DxvfnAF6KIFSRxSlpsVXWL4WUlGGyRr74xYrGmheQUmprui394T9feIUCuFCI9
vS3MWKZ/gafuEAGq+1dlhPfcz77O1jTs3CyK0ThzfkN1CA==
-----END CERTIFICATE-----