Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ENs0VS1_xeTvYzTZmqEmbB_PYVg.roa
File:                     ENs0VS1_xeTvYzTZmqEmbB_PYVg.roa (raw, json)
Hash identifier:          dl2TxChiXhquvWHjZi/+Os7yvSKlYDzVu159Q7je5+E=
Subject key identifier:   10:DB:34:55:2D:7F:C5:E4:EF:63:34:D9:9A:A1:26:6C:1F:CF:61:58
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       0196A630AE5F522A4C7B9E0BABA0BCE5C033
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ENs0VS1_xeTvYzTZmqEmbB_PYVg.roa
Signing time:             Tue 06 May 2025 15:22:10 +0000
ROA not before:           Tue 06 May 2025 15:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a0e:7f45::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 16:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a6:30:ae:5f:52:2a:4c:7b:9e:0b:ab:a0:bc:e5:c0:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: May  6 15:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10db34552d7fc5e4ef6334d99aa1266c1fcf6158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:35:1e:7c:f8:98:57:a7:a1:5d:80:81:d4:30:
                    6b:28:ca:b4:9c:ea:6a:67:d8:f0:d4:18:63:1b:c1:
                    e9:9a:71:e9:04:57:cb:23:ca:10:9d:c0:e2:d4:65:
                    ef:4a:50:33:20:a9:4a:e0:98:ed:d3:5c:9f:f7:2e:
                    0c:7c:63:1c:b2:ec:24:6b:3d:3b:72:80:17:2e:5c:
                    e2:d4:68:a3:76:c4:f8:c1:ef:e9:83:b3:35:22:da:
                    f6:42:73:10:92:07:c5:43:02:d5:19:13:71:d9:32:
                    11:cd:a5:91:ac:38:c6:17:10:7b:51:53:12:a1:fd:
                    af:58:7a:16:49:57:03:a5:9c:7b:97:e4:a8:f0:f3:
                    c9:2b:3b:ed:a1:51:43:ed:05:e5:7a:dc:b4:ea:04:
                    04:10:fa:62:6c:13:6a:52:8e:c8:84:28:1c:4c:97:
                    26:dc:07:cb:13:0b:00:97:0b:d8:b1:0f:dd:8a:79:
                    ba:e4:ec:d6:2e:26:98:59:64:8b:eb:c4:ca:6c:1f:
                    9f:46:77:10:62:fc:96:0f:ff:6b:6b:09:31:d1:5f:
                    86:11:c2:0d:29:08:79:91:af:32:7d:3a:fa:5a:c8:
                    46:de:7d:d4:14:46:a3:27:94:b3:8e:89:5a:b9:de:
                    45:a9:20:1d:4a:a0:51:b0:5f:65:47:6a:9d:19:bf:
                    c2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:DB:34:55:2D:7F:C5:E4:EF:63:34:D9:9A:A1:26:6C:1F:CF:61:58
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ENs0VS1_xeTvYzTZmqEmbB_PYVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7f45::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:89:74:f9:1e:0a:88:1f:ad:1d:70:af:e8:4a:e1:ee:1b:e4:
         b9:03:00:33:63:95:57:a0:48:c8:93:98:1d:e0:ce:f1:5f:62:
         79:b0:4f:be:2e:3d:94:70:37:de:ba:b9:86:79:2d:91:bc:cf:
         a6:95:e0:76:99:f1:6d:c2:6d:72:a1:46:22:24:52:66:96:25:
         ea:26:fd:66:dc:9a:0a:13:cc:cf:4c:74:0d:30:6b:f5:e3:98:
         01:77:cb:30:57:ec:72:91:18:eb:b0:08:db:c2:19:d7:78:95:
         74:e2:70:e9:19:38:62:15:1b:16:79:43:51:b9:85:db:a5:ae:
         eb:f4:a2:65:51:0a:82:9b:fd:52:d5:05:4e:13:94:84:a9:cc:
         ff:e1:b6:e5:8d:5f:ed:63:bc:67:a2:c5:87:8a:37:10:0e:6c:
         c2:18:ab:25:f5:46:3a:b6:76:ea:d1:80:d5:de:f4:10:1c:42:
         40:9d:c5:73:d2:72:ee:c5:c5:36:bb:61:dd:f7:af:20:8a:fc:
         40:8a:eb:30:38:68:c9:c1:b2:54:bb:30:ec:82:09:f6:19:19:
         2c:d7:a4:8b:26:33:fa:a0:81:a3:39:3a:b4:f4:9e:08:5a:48:
         68:2d:d2:5b:ff:fa:85:86:f2:5c:a1:46:06:4b:a0:b8:b3:72:
         bb:d8:55:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZamMK5fUipMe54Lq6C85cAzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjUwNTA2MTUyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGRiMzQ1NTJkN2ZjNWU0ZWY2MzM0ZDk5YWExMjY2YzFmY2Y2MTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zUefPiYV6ehXYCB1DBrKMq0nOpq
Z9jw1BhjG8HpmnHpBFfLI8oQncDi1GXvSlAzIKlK4Jjt01yf9y4MfGMcsuwkaz07
coAXLlzi1GijdsT4we/pg7M1Itr2QnMQkgfFQwLVGRNx2TIRzaWRrDjGFxB7UVMS
of2vWHoWSVcDpZx7l+So8PPJKzvtoVFD7QXlety06gQEEPpibBNqUo7IhCgcTJcm
3AfLEwsAlwvYsQ/dinm65OzWLiaYWWSL68TKbB+fRncQYvyWD/9rawkx0V+GEcIN
KQh5ka8yfTr6WshG3n3UFEajJ5Szjolaud5FqSAdSqBRsF9lR2qdGb/CpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBDbNFUtf8Xk72M02ZqhJmwfz2FYMB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvRU5zMFZTMV94ZVR2WXpUWm1xRW1iQl9QWVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5/RTAN
BgkqhkiG9w0BAQsFAAOCAQEAWYl0+R4KiB+tHXCv6Erh7hvkuQMAM2OVV6BIyJOY
HeDO8V9iebBPvi49lHA33rq5hnktkbzPppXgdpnxbcJtcqFGIiRSZpYl6ib9Ztya
ChPMz0x0DTBr9eOYAXfLMFfscpEY67AI28IZ13iVdOJw6Rk4YhUbFnlDUbmF26Wu
6/SiZVEKgpv9UtUFThOUhKnM/+G25Y1f7WO8Z6LFh4o3EA5swhirJfVGOrZ26tGA
1d70EBxCQJ3Fc9Jy7sXFNrth3fevIIr8QIrrMDhoycGyVLsw7IIJ9hkZLNekiyYz
+qCBozk6tPSeCFpIaC3SW//6hYbyXKFGBkuguLNyu9hV2Q==
-----END CERTIFICATE-----