Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/Jy053hxreS1mhBIYPf1qEV6q8xU.roa
File:                     Jy053hxreS1mhBIYPf1qEV6q8xU.roa (raw, json)
Hash identifier:          k5jKQxUhjzxS0xUSiqR57wxTDoi8K8tPdC3IRRvhbQY=
Subject key identifier:   27:2D:39:DE:1C:6B:79:2D:66:84:12:18:3D:FD:6A:11:5E:AA:F3:15
Certificate issuer:       /CN=7e3150f8c67063121027328954968d08d4cf329a
Certificate serial:       0197892884678ECDAEAC995BC235978657AD
Authority key identifier: 7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/Jy053hxreS1mhBIYPf1qEV6q8xU.roa
Signing time:             Thu 19 Jun 2025 17:07:03 +0000
ROA not before:           Thu 19 Jun 2025 17:07:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203062
IP address blocks:        2a06:2c80:1000::/36 maxlen: 48
                          2a06:2c80:4000::/36 maxlen: 48
                          2a06:2c87:e000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:89:28:84:67:8e:cd:ae:ac:99:5b:c2:35:97:86:57:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e3150f8c67063121027328954968d08d4cf329a
        Validity
            Not Before: Jun 19 17:07:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=272d39de1c6b792d668412183dfd6a115eaaf315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:24:b4:60:8a:84:b0:fc:67:2c:73:33:0b:b7:
                    d4:fa:ca:d5:fc:d8:e7:03:0e:9b:26:d4:32:9d:38:
                    5d:b3:c2:5a:50:6f:b7:32:12:01:62:cb:6b:11:e2:
                    8f:ef:02:33:0b:8e:cc:6f:1d:b4:93:2e:88:20:69:
                    f8:6c:81:72:09:17:dd:ab:64:6c:d8:59:36:02:6b:
                    1a:ab:02:fe:a4:24:b5:a7:4b:7d:e7:93:23:08:86:
                    0c:9e:3a:ef:6d:1e:85:1a:93:41:21:37:33:80:ab:
                    13:4a:94:7b:eb:4b:73:4e:42:e5:c4:48:02:5c:72:
                    a6:17:3b:93:99:b1:d6:c1:e8:4b:05:b6:bd:f2:03:
                    c7:3e:62:e4:ac:97:b4:e4:21:22:0d:fb:cc:f6:a6:
                    60:78:82:00:5d:a5:1b:4a:9a:06:28:61:57:a8:ae:
                    d0:98:4b:6a:c7:d9:f0:9b:ca:69:c1:4b:c8:b8:ab:
                    09:38:fd:f7:b3:ff:96:1c:ae:49:88:08:a9:c7:5a:
                    f1:53:87:00:3e:3f:b7:20:32:bd:4b:78:9d:94:73:
                    85:18:66:d3:a7:37:9a:7d:ce:6a:d5:08:fe:70:dd:
                    ee:7c:a9:83:25:10:ed:70:f3:6c:cb:74:82:5d:1d:
                    16:df:cb:bb:7b:8f:e3:83:9d:0c:c4:cd:75:51:c6:
                    47:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:2D:39:DE:1C:6B:79:2D:66:84:12:18:3D:FD:6A:11:5E:AA:F3:15
            X509v3 Authority Key Identifier:
                keyid:7E:31:50:F8:C6:70:63:12:10:27:32:89:54:96:8D:08:D4:CF:32:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/Jy053hxreS1mhBIYPf1qEV6q8xU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8bcfd7-f6d3-432a-b5f0-935e418bdbe7/1/fjFQ-MZwYxIQJzKJVJaNCNTPMpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:2c80:1000::/36
                  2a06:2c80:4000::/36
                  2a06:2c87:e000::/36

    Signature Algorithm: sha256WithRSAEncryption
         67:ab:74:ca:c4:f8:73:9e:21:a4:29:93:9c:33:8f:d0:bc:05:
         f0:e8:ea:c0:cf:67:3b:bf:10:8d:3f:61:04:24:b2:85:0e:bf:
         19:85:91:90:5d:d2:22:d3:1b:14:c5:83:6c:50:b8:52:6b:fe:
         e7:82:eb:5d:7c:4c:4a:23:7c:d1:ed:d5:cf:d4:ef:45:8e:a3:
         2e:db:aa:83:ca:65:5b:08:23:9a:42:64:6e:0b:73:79:f1:f1:
         ca:eb:ca:d1:97:14:e2:81:f6:ef:70:39:10:28:8d:48:51:96:
         d6:c6:9a:f8:b6:72:d5:ff:2c:a5:8b:c7:a1:8d:a2:7f:a9:22:
         34:95:d4:7b:ad:81:a6:cb:2b:f6:22:62:b7:59:e5:a9:82:15:
         48:7b:32:11:6f:73:83:b6:78:4b:b2:15:7d:3c:25:dd:14:01:
         e9:c2:cb:86:9f:cb:85:d7:cb:f7:75:12:49:64:c9:11:fe:39:
         c6:48:8d:3e:d6:cf:22:ff:e7:8c:42:a3:fe:bd:d5:9f:79:3a:
         6c:b0:0e:15:a8:22:48:2f:04:48:2e:e7:1a:28:5c:0a:ba:97:
         f9:35:8d:5f:9d:47:ec:35:af:62:ce:61:fb:ef:0e:34:9c:89:
         38:d7:91:b6:7a:df:45:d5:17:d0:95:4d:4b:0a:52:ac:5f:9b:
         06:18:54:4f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZeJKIRnjs2urJlbwjWXhletMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMzE1MGY4YzY3MDYzMTIxMDI3MzI4OTU0OTY4ZDA4ZDRj
ZjMyOWEwHhcNMjUwNjE5MTcwNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzJkMzlkZTFjNmI3OTJkNjY4NDEyMTgzZGZkNmExMTVlYWFmMzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SS0YIqEsPxnLHMzC7fU+srV/Njn
Aw6bJtQynThds8JaUG+3MhIBYstrEeKP7wIzC47Mbx20ky6IIGn4bIFyCRfdq2Rs
2Fk2AmsaqwL+pCS1p0t955MjCIYMnjrvbR6FGpNBITczgKsTSpR760tzTkLlxEgC
XHKmFzuTmbHWwehLBba98gPHPmLkrJe05CEiDfvM9qZgeIIAXaUbSpoGKGFXqK7Q
mEtqx9nwm8ppwUvIuKsJOP33s/+WHK5JiAipx1rxU4cAPj+3IDK9S3idlHOFGGbT
pzeafc5q1Qj+cN3ufKmDJRDtcPNsy3SCXR0W38u7e4/jg50MxM11UcZHbwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCctOd4ca3ktZoQSGD39ahFeqvMVMB8GA1UdIwQY
MBaAFH4xUPjGcGMSECcyiVSWjQjUzzKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAt
OTM1ZTQxOGJkYmU3LzEvSnkwNTNoeHJlUzFtaEJJWVBmMXFFVjZxOHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84YmNmZDctZjZkMy00MzJhLWI1ZjAtOTM1ZTQxOGJkYmU3
LzEvZmpGUS1NWndZeElRSnpLSlZKYU5DTlRQTXBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAAjAYAwYEKgYsgBAD
BgQqBiyAQAMGBCoGLIfgMA0GCSqGSIb3DQEBCwUAA4IBAQBnq3TKxPhzniGkKZOc
M4/QvAXw6OrAz2c7vxCNP2EEJLKFDr8ZhZGQXdIi0xsUxYNsULhSa/7ngutdfExK
I3zR7dXP1O9FjqMu26qDymVbCCOaQmRuC3N58fHK68rRlxTigfbvcDkQKI1IUZbW
xpr4tnLV/yyli8ehjaJ/qSI0ldR7rYGmyyv2ImK3WeWpghVIezIRb3ODtnhLshV9
PCXdFAHpwsuGn8uF18v3dRJJZMkR/jnGSI0+1s8i/+eMQqP+vdWfeTpssA4VqCJI
LwRILucaKFwKupf5NY1fnUfsNa9izmH77w40nIk415G2et9F1RfQlU1LClKsX5sG
GFRP
-----END CERTIFICATE-----