Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/cbd9d1-84a4-451d-9214-0906da1b23a6/1/o0U8osvjVfiUePXARN4QCTizNIY.roa
File:                     o0U8osvjVfiUePXARN4QCTizNIY.roa (raw, json)
Hash identifier:          ya55CYA+rU6mfw44B9MOjIiEFlx2IM7GsmvEpJ7vX+M=
Subject key identifier:   A3:45:3C:A2:CB:E3:55:F8:94:78:F5:C0:44:DE:10:09:38:B3:34:86
Certificate issuer:       /CN=59fa7027661ac8c4a77ff2abd59686af99f15928
Certificate serial:       01982CA71AE3254B381893B82A14FC8CD163
Authority key identifier: 59:FA:70:27:66:1A:C8:C4:A7:7F:F2:AB:D5:96:86:AF:99:F1:59:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WfpwJ2YayMSnf_Kr1ZaGr5nxWSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/cbd9d1-84a4-451d-9214-0906da1b23a6/1/o0U8osvjVfiUePXARN4QCTizNIY.roa
Signing time:             Mon 21 Jul 2025 11:03:25 +0000
ROA not before:           Mon 21 Jul 2025 11:03:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214486
IP address blocks:        2001:67c:1804::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/cbd9d1-84a4-451d-9214-0906da1b23a6/1/WfpwJ2YayMSnf_Kr1ZaGr5nxWSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/cbd9d1-84a4-451d-9214-0906da1b23a6/1/WfpwJ2YayMSnf_Kr1ZaGr5nxWSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WfpwJ2YayMSnf_Kr1ZaGr5nxWSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:a7:1a:e3:25:4b:38:18:93:b8:2a:14:fc:8c:d1:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59fa7027661ac8c4a77ff2abd59686af99f15928
        Validity
            Not Before: Jul 21 11:03:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3453ca2cbe355f89478f5c044de100938b33486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2a:ba:d5:d8:1f:41:8c:8d:09:da:8c:d2:ad:
                    39:1f:49:27:1a:dd:1d:d1:f9:a0:f2:8e:2f:ac:af:
                    df:4d:94:26:9d:ff:1a:8e:5d:2e:08:23:98:f1:1a:
                    78:52:d3:05:88:1f:81:ad:c9:9e:f5:97:8f:ab:e0:
                    82:8b:20:70:c9:69:66:5a:24:74:25:17:93:9d:c9:
                    e8:f8:55:6f:89:39:a3:2d:27:21:cf:2f:3d:af:50:
                    e8:86:40:30:85:38:4a:1f:1f:94:7e:b5:e9:38:57:
                    4f:dd:41:62:c1:13:bb:d8:1f:2d:ae:cf:85:fe:68:
                    06:0d:cf:73:24:8e:04:d5:9f:91:f4:b7:2b:1b:b9:
                    ee:c1:93:75:56:85:a0:11:68:3a:b5:d1:85:46:b8:
                    64:c5:3b:1c:a3:78:1d:5e:65:ff:cd:b4:eb:f8:76:
                    b1:06:06:65:85:6a:ab:bd:e7:d1:9c:d0:dc:99:9f:
                    15:2e:ce:e3:71:b1:a1:40:d1:7b:e3:04:e4:4b:9c:
                    e4:40:19:3b:f4:e3:33:6f:63:bc:b5:50:0a:fe:d2:
                    ec:2c:22:ca:fd:09:24:f2:3b:0b:48:fd:7c:6c:a3:
                    f4:1e:80:a9:3e:db:b8:4c:44:5b:28:1c:bd:ca:14:
                    0c:5d:6c:53:6d:a1:20:72:93:16:b1:75:29:85:c9:
                    9c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:45:3C:A2:CB:E3:55:F8:94:78:F5:C0:44:DE:10:09:38:B3:34:86
            X509v3 Authority Key Identifier:
                keyid:59:FA:70:27:66:1A:C8:C4:A7:7F:F2:AB:D5:96:86:AF:99:F1:59:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WfpwJ2YayMSnf_Kr1ZaGr5nxWSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/cbd9d1-84a4-451d-9214-0906da1b23a6/1/o0U8osvjVfiUePXARN4QCTizNIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/cbd9d1-84a4-451d-9214-0906da1b23a6/1/WfpwJ2YayMSnf_Kr1ZaGr5nxWSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1804::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:74:35:ab:f0:55:0a:6a:4c:37:a6:5f:ba:fa:01:98:ed:21:
         e8:f8:0d:34:6b:1e:b6:93:9d:08:77:06:0b:08:b1:de:1d:16:
         57:ee:7a:cf:ac:03:40:19:d1:22:25:18:35:a5:f2:0e:40:81:
         29:c2:18:35:66:f5:6a:80:7a:9d:77:fd:36:78:27:e7:9c:39:
         7e:d9:09:e3:e7:86:e4:37:77:23:6a:ad:c0:b6:d1:12:c0:4c:
         c5:80:90:81:16:ae:cf:51:fc:cb:22:b1:e7:22:8f:6b:ed:d1:
         1a:1b:8b:31:84:d7:1e:c8:fa:fb:df:61:30:68:dd:0e:0d:e5:
         ee:de:21:a0:f8:47:42:40:69:1d:df:fe:c1:be:de:c1:3a:19:
         de:39:0f:9f:99:8e:5e:78:e3:10:a8:85:55:cb:ef:d1:5f:84:
         32:be:97:16:bd:70:72:8b:56:f4:82:91:c7:64:ee:ab:c3:62:
         5b:b3:91:f9:5e:4c:37:d2:23:ce:1a:48:88:b3:18:18:a7:16:
         da:14:da:b9:a2:5e:00:27:46:f0:4e:65:f5:5e:a9:28:26:61:
         9c:a3:b1:48:9b:26:0a:64:24:dc:8d:33:38:71:b5:51:89:3f:
         b9:45:5b:79:51:02:48:d8:4a:41:d6:c4:a5:37:cc:8f:88:b2:
         1b:2b:aa:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgspxrjJUs4GJO4KhT8jNFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZmE3MDI3NjYxYWM4YzRhNzdmZjJhYmQ1OTY4NmFmOTlm
MTU5MjgwHhcNMjUwNzIxMTEwMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzQ1M2NhMmNiZTM1NWY4OTQ3OGY1YzA0NGRlMTAwOTM4YjMzNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyq61dgfQYyNCdqM0q05H0knGt0d
0fmg8o4vrK/fTZQmnf8ajl0uCCOY8Rp4UtMFiB+Brcme9ZePq+CCiyBwyWlmWiR0
JReTncno+FVviTmjLSchzy89r1DohkAwhThKHx+UfrXpOFdP3UFiwRO72B8trs+F
/mgGDc9zJI4E1Z+R9LcrG7nuwZN1VoWgEWg6tdGFRrhkxTsco3gdXmX/zbTr+Hax
BgZlhWqrvefRnNDcmZ8VLs7jcbGhQNF74wTkS5zkQBk79OMzb2O8tVAK/tLsLCLK
/Qkk8jsLSP18bKP0HoCpPtu4TERbKBy9yhQMXWxTbaEgcpMWsXUphcmciQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKNFPKLL41X4lHj1wETeEAk4szSGMB8GA1UdIwQY
MBaAFFn6cCdmGsjEp3/yq9WWhq+Z8VkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2Zwd0oyWWF5TVNuZl9LcjFaYUdyNW54V1NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9jYmQ5ZDEtODRhNC00NTFkLTkyMTQt
MDkwNmRhMWIyM2E2LzEvbzBVOG9zdmpWZmlVZVBYQVJONFFDVGl6TklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9jYmQ5ZDEtODRhNC00NTFkLTkyMTQtMDkwNmRhMWIyM2E2
LzEvV2Zwd0oyWWF5TVNuZl9LcjFaYUdyNW54V1NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBgE
MA0GCSqGSIb3DQEBCwUAA4IBAQBtdDWr8FUKakw3pl+6+gGY7SHo+A00ax62k50I
dwYLCLHeHRZX7nrPrANAGdEiJRg1pfIOQIEpwhg1ZvVqgHqdd/02eCfnnDl+2Qnj
54bkN3cjaq3AttESwEzFgJCBFq7PUfzLIrHnIo9r7dEaG4sxhNceyPr732EwaN0O
DeXu3iGg+EdCQGkd3/7Bvt7BOhneOQ+fmY5eeOMQqIVVy+/RX4QyvpcWvXByi1b0
gpHHZO6rw2Jbs5H5Xkw30iPOGkiIsxgYpxbaFNq5ol4AJ0bwTmX1XqkoJmGco7FI
myYKZCTcjTM4cbVRiT+5RVt5UQJI2EpB1sSlN8yPiLIbK6op
-----END CERTIFICATE-----