Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/zphJ0IbfKePN2J_27ENvEzdmmJA.roa
File:                     zphJ0IbfKePN2J_27ENvEzdmmJA.roa (raw, json)
Hash identifier:          IvEyICGQzLoNSquXxrsCz9iYgnRJ2xhrnMfbex1EUjY=
Subject key identifier:   CE:98:49:D0:86:DF:29:E3:CD:D8:9F:F6:EC:43:6F:13:37:66:98:90
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01968BA4B972CD3EDDA7688CB2D7A9FEA120
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/zphJ0IbfKePN2J_27ENvEzdmmJA.roa
Signing time:             Thu 01 May 2025 11:39:10 +0000
ROA not before:           Thu 01 May 2025 11:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206873
IP address blocks:        2a11:7885::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 08:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8b:a4:b9:72:cd:3e:dd:a7:68:8c:b2:d7:a9:fe:a1:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: May  1 11:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce9849d086df29e3cdd89ff6ec436f1337669890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:5e:35:23:21:1b:76:dd:73:13:97:b9:f5:21:
                    08:c9:5c:a8:8a:6d:13:63:f7:92:4b:73:f6:df:28:
                    79:0a:f4:b8:ad:fd:01:99:af:ef:c0:9a:56:05:16:
                    b1:92:b7:f9:f3:06:27:c9:4d:12:6d:35:e8:44:01:
                    7d:c3:01:ec:07:4c:1e:9b:da:62:95:08:8f:e2:e5:
                    1d:5b:00:fd:65:cc:1b:db:1e:d3:ce:06:24:a1:b7:
                    91:af:5c:83:bd:81:eb:0d:bf:f1:3f:a9:9f:50:8d:
                    f3:e4:59:dd:95:2a:46:20:72:2d:ae:6a:48:83:2a:
                    7e:59:48:7d:3c:eb:0f:3a:aa:fd:94:b6:d7:6d:18:
                    d0:c8:ed:48:d7:6f:1f:ac:61:5d:6a:46:d0:59:ef:
                    71:5e:21:e3:b4:90:dc:77:0d:38:90:2b:4f:a6:91:
                    10:a1:a5:1c:ce:f4:78:0a:e9:bd:04:1d:e2:99:f8:
                    fa:a6:01:13:7a:2c:e4:32:0f:b9:fc:0b:73:be:b7:
                    72:19:38:da:df:8f:d1:09:2a:94:85:e9:d8:8a:31:
                    eb:2a:8d:90:ff:b4:04:3c:ee:53:6e:f5:2c:26:d7:
                    b7:8d:7b:a9:87:0a:29:12:d4:a5:51:de:1d:c2:ec:
                    11:4b:0e:ce:06:ab:65:69:20:60:f4:86:73:21:7d:
                    d0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:98:49:D0:86:DF:29:E3:CD:D8:9F:F6:EC:43:6F:13:37:66:98:90
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/zphJ0IbfKePN2J_27ENvEzdmmJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7885::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:4c:5b:15:a1:aa:76:73:62:60:2a:5e:f7:1c:8a:d8:0b:93:
         39:91:e7:48:aa:a3:9b:d6:d5:88:f6:f2:6c:72:5a:d6:ca:02:
         2a:52:e5:b7:3a:1a:c3:cb:f0:05:b4:00:37:28:0e:cb:21:08:
         4f:6f:31:44:03:5c:07:64:7e:cc:fc:eb:4a:8b:16:3b:36:0a:
         5c:4e:b5:40:b8:39:47:ba:d5:36:ba:da:b3:03:59:a0:6b:5d:
         58:e2:4b:7b:04:73:b2:c8:e5:69:4b:a6:7b:39:b4:d6:4f:99:
         e9:14:32:6d:8d:47:f1:6d:03:81:25:2f:e6:03:b0:69:d2:7f:
         c9:a1:d1:78:8b:f2:b5:bc:32:8f:4d:35:3b:23:56:ca:c4:c5:
         61:92:8e:4b:f7:f3:70:60:1d:a6:18:56:af:90:07:8c:43:bf:
         5e:28:5c:dc:db:07:91:1b:4d:e3:83:e5:c7:2a:1e:86:bc:4f:
         96:f8:db:e9:a2:d4:5e:15:68:74:1a:c5:a5:89:51:7e:e6:ce:
         6c:48:8c:4f:24:fd:ab:2e:c3:17:d7:5d:63:5b:e4:fb:f6:e0:
         6b:1e:0d:84:7f:38:3a:01:61:4c:75:54:9c:fe:44:02:d7:82:
         ac:fb:75:d9:df:6e:e3:b3:45:a5:cc:46:6c:59:1b:cb:5b:3f:
         5c:40:60:94
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaLpLlyzT7dp2iMstep/qEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNTAxMTEzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTk4NDlkMDg2ZGYyOWUzY2RkODlmZjZlYzQzNmYxMzM3NjY5ODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6V41IyEbdt1zE5e59SEIyVyoim0T
Y/eSS3P23yh5CvS4rf0Bma/vwJpWBRaxkrf58wYnyU0SbTXoRAF9wwHsB0wem9pi
lQiP4uUdWwD9Zcwb2x7TzgYkobeRr1yDvYHrDb/xP6mfUI3z5FndlSpGIHItrmpI
gyp+WUh9POsPOqr9lLbXbRjQyO1I128frGFdakbQWe9xXiHjtJDcdw04kCtPppEQ
oaUczvR4Cum9BB3imfj6pgETeizkMg+5/AtzvrdyGTja34/RCSqUhenYijHrKo2Q
/7QEPO5TbvUsJte3jXuphwopEtSlUd4dwuwRSw7OBqtlaSBg9IZzIX3QjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM6YSdCG3ynjzdif9uxDbxM3ZpiQMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvenBoSjBJYmZLZVBOMkpfMjdFTnZFemRtbUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhF4hTAN
BgkqhkiG9w0BAQsFAAOCAQEAXkxbFaGqdnNiYCpe9xyK2AuTOZHnSKqjm9bViPby
bHJa1soCKlLltzoaw8vwBbQANygOyyEIT28xRANcB2R+zPzrSosWOzYKXE61QLg5
R7rVNrraswNZoGtdWOJLewRzssjlaUumezm01k+Z6RQybY1H8W0DgSUv5gOwadJ/
yaHReIvytbwyj001OyNWysTFYZKOS/fzcGAdphhWr5AHjEO/Xihc3NsHkRtN44Pl
xyoehrxPlvjb6aLUXhVodBrFpYlRfubObEiMTyT9qy7DF9ddY1vk+/bgax4NhH84
OgFhTHVUnP5EAteCrPt12d9u47NFpcxGbFkby1s/XEBglA==
-----END CERTIFICATE-----