Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/38LpjqqKGg4K29P-YcwB4hgDw5w.roa
File:                     38LpjqqKGg4K29P-YcwB4hgDw5w.roa (raw, json)
Hash identifier:          TjQq7Idemx6EHqhRaInQJiTIu90iiRFsWaUMFQKH8Jg=
Subject key identifier:   DF:C2:E9:8E:AA:8A:1A:0E:0A:DB:D3:FE:61:CC:01:E2:18:03:C3:9C
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0197CA13C53D21B25070F101B082E7618E20
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/38LpjqqKGg4K29P-YcwB4hgDw5w.roa
Signing time:             Wed 02 Jul 2025 07:39:42 +0000
ROA not before:           Wed 02 Jul 2025 07:39:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209618
IP address blocks:        2a0a:e9c2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:13:c5:3d:21:b2:50:70:f1:01:b0:82:e7:61:8e:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jul  2 07:39:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfc2e98eaa8a1a0e0adbd3fe61cc01e21803c39c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:17:01:09:8f:ab:fa:68:cc:74:54:97:3e:64:
                    f7:45:d2:9c:9d:dd:e9:93:ab:03:14:9c:c2:c0:d9:
                    79:7d:b2:f5:01:59:e0:eb:4e:70:86:fe:d0:5d:36:
                    31:e8:93:d1:da:1d:5d:9c:0d:16:75:ad:51:4d:6c:
                    19:6b:a2:94:dc:eb:d2:b5:93:83:12:7f:78:56:02:
                    28:9b:ee:67:1c:c7:b3:b5:a0:55:49:f7:e6:1e:00:
                    fb:19:0b:ed:79:27:35:67:97:dc:b6:1a:b4:20:6e:
                    49:6c:47:df:0b:ed:b5:1c:03:28:7b:b2:e1:94:42:
                    e5:a8:37:bd:7a:96:19:96:2c:b7:10:f7:1e:8d:e8:
                    fa:a5:d8:22:0b:82:81:d2:d3:ee:a6:4a:22:b6:d4:
                    85:c8:fb:14:4d:96:ef:99:9b:64:a2:45:80:2b:09:
                    66:f0:48:b5:7c:de:e1:de:66:fc:33:b5:da:b6:7c:
                    50:44:33:79:90:41:16:51:18:53:ad:cb:03:27:23:
                    40:22:18:19:63:6c:bf:7a:16:7e:74:92:27:63:42:
                    7e:86:cd:38:5e:f7:e1:4c:50:57:f1:8f:f2:33:c3:
                    b5:0a:9f:b5:03:b2:8d:e4:b6:1f:80:39:5c:46:19:
                    88:43:52:10:a0:bb:43:c2:9e:c8:fb:6c:c2:83:4c:
                    39:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C2:E9:8E:AA:8A:1A:0E:0A:DB:D3:FE:61:CC:01:E2:18:03:C3:9C
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/38LpjqqKGg4K29P-YcwB4hgDw5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:e9c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:a9:ed:de:ae:c5:a8:d3:43:6e:5d:05:7e:ba:5d:78:20:52:
         81:84:5a:9c:93:a2:e2:0f:12:db:10:d3:7c:87:ae:8d:c0:15:
         11:81:73:3e:3a:9f:99:e5:4e:e3:ba:ea:29:a6:28:6b:37:bd:
         ed:bf:ad:f3:55:b4:2b:46:73:a3:52:4a:2d:9c:2d:e2:79:a6:
         5e:25:9a:09:52:d0:62:09:d2:53:b0:35:f5:fd:1d:b3:20:48:
         2d:0e:13:b7:08:ee:4a:56:f1:92:41:4f:81:aa:86:42:a8:d0:
         fa:2b:7e:8c:fa:34:17:4c:44:ed:82:5c:cb:b8:16:56:d4:a0:
         b5:5e:2b:33:09:53:7c:44:62:7e:d4:22:61:bf:fb:14:d9:30:
         bc:64:a2:78:e1:38:54:86:e3:31:6b:7d:60:c7:4a:3c:9e:3d:
         a8:8f:57:05:c7:a8:95:8c:61:a0:bc:7c:b9:65:ee:ab:9f:d0:
         f1:97:74:2c:5e:cf:d4:7b:da:6c:2d:af:7b:bd:4c:76:7e:71:
         f2:3a:8c:a6:fa:f9:6a:20:6d:16:24:00:0e:a4:30:f4:1b:e9:
         dc:08:40:84:6b:e5:d9:e3:c8:93:35:36:ac:c7:eb:69:6a:cf:
         e8:36:98:28:54:cf:1e:b9:fe:8c:19:87:e5:07:b8:8f:65:7f:
         7c:75:47:3c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfKE8U9IbJQcPEBsILnYY4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNzAyMDczOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmMyZTk4ZWFhOGExYTBlMGFkYmQzZmU2MWNjMDFlMjE4MDNjMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BcBCY+r+mjMdFSXPmT3RdKcnd3p
k6sDFJzCwNl5fbL1AVng605whv7QXTYx6JPR2h1dnA0Wda1RTWwZa6KU3OvStZOD
En94VgIom+5nHMeztaBVSffmHgD7GQvteSc1Z5fcthq0IG5JbEffC+21HAMoe7Lh
lELlqDe9epYZliy3EPcejej6pdgiC4KB0tPupkoittSFyPsUTZbvmZtkokWAKwlm
8Ei1fN7h3mb8M7XatnxQRDN5kEEWURhTrcsDJyNAIhgZY2y/ehZ+dJInY0J+hs04
XvfhTFBX8Y/yM8O1Cp+1A7KN5LYfgDlcRhmIQ1IQoLtDwp7I+2zCg0w54QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN/C6Y6qihoOCtvT/mHMAeIYA8OcMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvMzhMcGpxcUtHZzRLMjlQLVljd0I0aGdEdzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgrpwjAN
BgkqhkiG9w0BAQsFAAOCAQEAKKnt3q7FqNNDbl0FfrpdeCBSgYRanJOi4g8S2xDT
fIeujcAVEYFzPjqfmeVO47rqKaYoaze97b+t81W0K0Zzo1JKLZwt4nmmXiWaCVLQ
YgnSU7A19f0dsyBILQ4TtwjuSlbxkkFPgaqGQqjQ+it+jPo0F0xE7YJcy7gWVtSg
tV4rMwlTfERiftQiYb/7FNkwvGSieOE4VIbjMWt9YMdKPJ49qI9XBceolYxhoLx8
uWXuq5/Q8Zd0LF7P1HvabC2ve71Mdn5x8jqMpvr5aiBtFiQADqQw9Bvp3AhAhGvl
2ePIkzU2rMfraWrP6DaYKFTPHrn+jBmH5Qe4j2V/fHVHPA==
-----END CERTIFICATE-----