Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/JP20HQEng-usG2Tg4OvQmMsT8lE.roa
File:                     JP20HQEng-usG2Tg4OvQmMsT8lE.roa (raw, json)
Hash identifier:          3rAazc1ah93oj3YYeUuAqyDzX9FMmIEaFnXDdVjLfD0=
Subject key identifier:   24:FD:B4:1D:01:27:83:EB:AC:1B:64:E0:E0:EB:D0:98:CB:13:F2:51
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       01997303EDEF0B5DFADFC3A74821CD1C0E39
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/JP20HQEng-usG2Tg4OvQmMsT8lE.roa
Signing time:             Mon 22 Sep 2025 20:01:01 +0000
ROA not before:           Mon 22 Sep 2025 20:01:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205866
IP address blocks:        2a11:4640::/29 maxlen: 29
                          2a11:e540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:73:03:ed:ef:0b:5d:fa:df:c3:a7:48:21:cd:1c:0e:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Sep 22 20:01:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24fdb41d012783ebac1b64e0e0ebd098cb13f251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4f:c0:72:79:54:50:53:35:d5:4a:b2:b3:0e:
                    3c:48:5d:7b:3f:4c:59:be:ae:ab:f0:9f:3b:df:3b:
                    f1:93:09:46:62:56:ef:a6:15:ae:33:fd:b4:85:3e:
                    4b:58:29:4e:24:92:09:8f:f6:7c:c2:c6:ab:10:c3:
                    9e:2c:ca:de:bc:d1:f6:75:f6:46:f9:7d:3b:1c:ab:
                    1c:df:90:4a:42:5c:43:87:a3:fe:2b:28:c5:da:bf:
                    72:77:0e:e3:73:5f:2d:08:52:c9:09:eb:48:0c:67:
                    fb:53:00:bf:d0:b0:ac:6c:2b:60:5d:05:0f:59:b5:
                    f3:07:d1:47:8e:a5:cd:b3:cc:84:5a:ed:3d:d2:ee:
                    73:79:ed:5c:9b:36:e9:29:b0:a1:8d:7d:bc:32:fa:
                    d8:74:92:7f:de:d0:92:e1:37:06:ed:e6:11:17:86:
                    19:32:58:45:22:6a:c0:c5:71:c6:d4:b0:af:db:9a:
                    4c:06:cb:49:00:b2:cc:e3:bc:fa:0f:47:c0:ea:46:
                    7e:e5:39:cc:27:56:55:32:f9:92:a2:92:f8:d4:44:
                    6c:d1:69:3e:c4:d4:78:8f:52:d4:aa:a4:b0:f6:72:
                    f1:2f:23:bb:9f:8a:27:f7:d6:8d:71:39:5e:93:cf:
                    ae:9f:2b:23:94:0a:44:81:e2:04:fd:81:8d:f3:fe:
                    c0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:FD:B4:1D:01:27:83:EB:AC:1B:64:E0:E0:EB:D0:98:CB:13:F2:51
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/JP20HQEng-usG2Tg4OvQmMsT8lE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4640::/29
                  2a11:e540::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:51:a8:e4:30:f8:4e:e2:f9:cf:48:2b:4b:fb:a4:a6:79:6f:
         4f:5a:29:87:2d:31:7f:85:f7:60:4b:64:c9:c5:21:a3:37:e4:
         96:8a:8d:0a:d9:af:0a:49:e1:3e:dd:40:f9:f5:c1:ff:d3:11:
         14:7e:ca:b6:7e:e3:4e:97:cc:f4:b7:ab:07:61:91:8a:47:be:
         4d:e1:4b:bc:cc:de:63:d7:87:76:c8:8a:f2:12:61:19:6b:40:
         56:69:b6:1d:7a:da:a6:78:d9:c5:34:9b:34:30:ed:c6:94:4d:
         89:ed:d6:67:3b:55:41:0d:3b:f7:cc:b1:e8:5c:3a:55:55:1c:
         e1:b5:eb:e7:67:b8:0c:a4:c4:c4:26:18:5d:5d:23:df:51:80:
         33:23:88:45:c3:53:a6:c5:a3:ba:bb:b0:2f:2a:1d:d8:b3:0f:
         54:2b:73:4b:75:0b:ab:f2:14:43:58:5a:7d:2f:13:94:04:86:
         08:f1:81:9d:5c:bb:ea:c9:23:48:36:2b:be:59:45:d0:d7:c5:
         69:4f:cd:80:d8:7a:c9:5a:78:b4:7b:14:3f:d8:cc:cd:bc:f2:
         fa:ba:70:ec:d4:35:bc:2a:f1:99:fb:ce:4f:dc:26:d4:65:da:
         6a:ae:e4:fe:5c:b6:b4:18:1a:b2:30:07:a9:65:67:64:94:b3:
         8f:f0:14:e0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZlzA+3vC13638OnSCHNHA45MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwOTIyMjAwMTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGZkYjQxZDAxMjc4M2ViYWMxYjY0ZTBlMGViZDA5OGNiMTNmMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlU/AcnlUUFM11Uqysw48SF17P0xZ
vq6r8J873zvxkwlGYlbvphWuM/20hT5LWClOJJIJj/Z8wsarEMOeLMrevNH2dfZG
+X07HKsc35BKQlxDh6P+KyjF2r9ydw7jc18tCFLJCetIDGf7UwC/0LCsbCtgXQUP
WbXzB9FHjqXNs8yEWu090u5zee1cmzbpKbChjX28MvrYdJJ/3tCS4TcG7eYRF4YZ
MlhFImrAxXHG1LCv25pMBstJALLM47z6D0fA6kZ+5TnMJ1ZVMvmSopL41ERs0Wk+
xNR4j1LUqqSw9nLxLyO7n4on99aNcTlek8+unysjlApEgeIE/YGN8/7AmQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCT9tB0BJ4PrrBtk4ODr0JjLE/JRMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvSlAyMEhRRW5nLXVzRzJUZzRPdlFtTXNUOGxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhFGQAMF
AyoR5UAwDQYJKoZIhvcNAQELBQADggEBAENRqOQw+E7i+c9IK0v7pKZ5b09aKYct
MX+F92BLZMnFIaM35JaKjQrZrwpJ4T7dQPn1wf/TERR+yrZ+406XzPS3qwdhkYpH
vk3hS7zM3mPXh3bIivISYRlrQFZpth162qZ42cU0mzQw7caUTYnt1mc7VUENO/fM
sehcOlVVHOG16+dnuAykxMQmGF1dI99RgDMjiEXDU6bFo7q7sC8qHdizD1Qrc0t1
C6vyFENYWn0vE5QEhgjxgZ1cu+rJI0g2K75ZRdDXxWlPzYDYeslaeLR7FD/YzM28
8vq6cOzUNbwq8Zn7zk/cJtRl2mqu5P5ctrQYGrIwB6llZ2SUs4/wFOA=
-----END CERTIFICATE-----