Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/rgiByjqFfwFN6OSc0cOgOEZW5sw.roa
File:                     rgiByjqFfwFN6OSc0cOgOEZW5sw.roa (raw, json)
Hash identifier:          t5OL+2otELmhnTASFUwNxb+1yFe65JzVGd7hwNx0lx4=
Subject key identifier:   AE:08:81:CA:3A:85:7F:01:4D:E8:E4:9C:D1:C3:A0:38:46:56:E6:CC
Certificate issuer:       /CN=86d542323c0e3051c9c7bb8ed1d1e8acfd3db834
Certificate serial:       01978A4713BE5CB7601CBF8568D5F81EA668
Authority key identifier: 86:D5:42:32:3C:0E:30:51:C9:C7:BB:8E:D1:D1:E8:AC:FD:3D:B8:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htVCMjwOMFHJx7uO0dHorP09uDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/rgiByjqFfwFN6OSc0cOgOEZW5sw.roa
Signing time:             Thu 19 Jun 2025 22:20:03 +0000
ROA not before:           Thu 19 Jun 2025 22:20:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16175
IP address blocks:        2a00:e08::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/htVCMjwOMFHJx7uO0dHorP09uDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/htVCMjwOMFHJx7uO0dHorP09uDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htVCMjwOMFHJx7uO0dHorP09uDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8a:47:13:be:5c:b7:60:1c:bf:85:68:d5:f8:1e:a6:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d542323c0e3051c9c7bb8ed1d1e8acfd3db834
        Validity
            Not Before: Jun 19 22:20:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae0881ca3a857f014de8e49cd1c3a0384656e6cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a7:09:2a:13:c3:ac:ab:9e:fc:58:3e:bf:59:
                    ae:ef:a6:40:49:fb:99:5a:cc:e8:93:10:d0:c7:42:
                    90:f3:6e:74:c9:8c:5d:6e:cc:a9:73:9d:de:49:91:
                    d5:66:2c:25:ae:42:c6:a1:46:32:e5:4a:76:d4:27:
                    e2:e3:6a:05:5b:82:70:85:f6:5e:5d:5b:b8:a3:15:
                    2f:58:16:b4:56:c7:89:f0:26:88:33:95:31:98:ee:
                    20:3e:c2:58:ff:ab:96:56:b7:63:2b:9a:26:8f:09:
                    06:6a:50:c0:b5:45:af:55:35:0c:42:a5:27:f7:eb:
                    e6:bd:60:20:7d:b5:19:1c:4f:b7:e2:e6:f4:f9:c9:
                    9e:3f:0d:4b:14:e5:0a:bf:8f:83:0b:bc:3a:52:c6:
                    a3:59:40:2c:df:af:df:90:12:18:d4:3f:a0:d6:e6:
                    ed:cc:4c:82:b0:57:48:ce:f8:60:10:97:14:e1:94:
                    c2:88:da:45:6a:b7:ee:04:d9:b2:a5:b9:ab:48:da:
                    2f:45:c5:c3:b3:0d:9d:24:57:74:fd:d4:c6:1b:f6:
                    e4:b9:2d:d9:b6:60:59:4d:44:8b:f2:df:8c:ef:14:
                    74:2d:4e:15:0f:3b:d3:fa:90:1c:15:dd:35:d9:92:
                    98:d9:9c:38:c7:2f:ae:84:54:68:37:a1:43:5f:61:
                    8a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:08:81:CA:3A:85:7F:01:4D:E8:E4:9C:D1:C3:A0:38:46:56:E6:CC
            X509v3 Authority Key Identifier:
                keyid:86:D5:42:32:3C:0E:30:51:C9:C7:BB:8E:D1:D1:E8:AC:FD:3D:B8:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htVCMjwOMFHJx7uO0dHorP09uDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/rgiByjqFfwFN6OSc0cOgOEZW5sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a7c7c1-fc42-43a3-9ad8-70dad51e73fb/1/htVCMjwOMFHJx7uO0dHorP09uDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:e08::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:94:ae:93:48:73:d6:48:34:3d:e2:5a:c3:a9:1b:b9:60:26:
         26:ff:2a:0e:80:58:0c:dd:6c:c0:f4:e2:86:9f:46:6c:40:dc:
         97:5d:99:03:75:bc:44:6d:0c:52:25:0a:5a:ea:25:5c:6f:df:
         97:dd:64:5a:96:39:21:d2:b1:65:cc:55:4d:9c:6d:f5:59:90:
         cd:af:12:aa:2d:2a:1d:62:56:c3:6d:33:c6:62:0f:e9:3a:2e:
         f6:2b:71:b7:b2:fd:84:15:82:4d:cb:04:a5:38:8f:3c:09:98:
         6c:8a:38:e7:db:6a:5b:d8:a5:bc:6c:25:ed:10:d5:66:f6:56:
         c8:c1:ad:ee:28:b4:8f:13:9f:f5:45:6e:cb:a5:b7:d8:3d:3f:
         00:19:81:ff:37:3d:41:19:22:3b:fb:0e:0a:a6:16:18:51:42:
         3a:61:fc:3b:3e:22:93:ac:36:3b:c3:3c:26:2e:e2:00:91:a7:
         97:4b:fa:3f:92:b1:9e:a5:7c:cd:22:15:5d:0c:5e:e6:4e:cc:
         41:f9:5e:08:fd:71:5c:37:17:c8:a7:bb:99:ab:34:a6:38:1e:
         3d:30:af:ad:88:d8:3a:0b:24:7e:9c:7b:b4:5d:ff:99:f0:2d:
         69:60:79:20:2e:f4:9e:24:bc:1f:07:3d:97:a8:b4:7f:3e:e0:
         f3:da:a2:20
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZeKRxO+XLdgHL+FaNX4HqZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDU0MjMyM2MwZTMwNTFjOWM3YmI4ZWQxZDFlOGFjZmQz
ZGI4MzQwHhcNMjUwNjE5MjIyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTA4ODFjYTNhODU3ZjAxNGRlOGU0OWNkMWMzYTAzODQ2NTZlNmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6cJKhPDrKue/Fg+v1mu76ZASfuZ
WszokxDQx0KQ8250yYxdbsypc53eSZHVZiwlrkLGoUYy5Up21Cfi42oFW4JwhfZe
XVu4oxUvWBa0VseJ8CaIM5UxmO4gPsJY/6uWVrdjK5omjwkGalDAtUWvVTUMQqUn
9+vmvWAgfbUZHE+34ub0+cmePw1LFOUKv4+DC7w6UsajWUAs36/fkBIY1D+g1ubt
zEyCsFdIzvhgEJcU4ZTCiNpFarfuBNmypbmrSNovRcXDsw2dJFd0/dTGG/bkuS3Z
tmBZTUSL8t+M7xR0LU4VDzvT+pAcFd012ZKY2Zw4xy+uhFRoN6FDX2GKwQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK4Igco6hX8BTejknNHDoDhGVubMMB8GA1UdIwQY
MBaAFIbVQjI8DjBRyce7jtHR6Kz9Pbg0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRWQ01qd09NRkhKeDd1TzBkSG9yUDA5dURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hN2M3YzEtZmM0Mi00M2EzLTlhZDgt
NzBkYWQ1MWU3M2ZiLzEvcmdpQnlqcUZmd0ZONk9TYzBjT2dPRVpXNXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hN2M3YzEtZmM0Mi00M2EzLTlhZDgtNzBkYWQ1MWU3M2Zi
LzEvaHRWQ01qd09NRkhKeDd1TzBkSG9yUDA5dURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgAOCDAN
BgkqhkiG9w0BAQsFAAOCAQEAaJSuk0hz1kg0PeJaw6kbuWAmJv8qDoBYDN1swPTi
hp9GbEDcl12ZA3W8RG0MUiUKWuolXG/fl91kWpY5IdKxZcxVTZxt9VmQza8Sqi0q
HWJWw20zxmIP6Tou9itxt7L9hBWCTcsEpTiPPAmYbIo459tqW9ilvGwl7RDVZvZW
yMGt7ii0jxOf9UVuy6W32D0/ABmB/zc9QRkiO/sOCqYWGFFCOmH8Oz4ik6w2O8M8
Ji7iAJGnl0v6P5KxnqV8zSIVXQxe5k7MQfleCP1xXDcXyKe7mas0pjgePTCvrYjY
Ogskfpx7tF3/mfAtaWB5IC70niS8Hwc9l6i0fz7g89qiIA==
-----END CERTIFICATE-----