Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/8g-49_qQ3fcAAr8ogKNyJYRIsqM.roa
File:                     8g-49_qQ3fcAAr8ogKNyJYRIsqM.roa (raw, json)
Hash identifier:          YUM8nQydrUaGiZYWfH9e5CkG/0ZnMAVKiwEv7wrrmyU=
Subject key identifier:   F2:0F:B8:F7:FA:90:DD:F7:00:02:BF:28:80:A3:72:25:84:48:B2:A3
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       0194228E0C06D7B122A70984D62359EE0D5A
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/8g-49_qQ3fcAAr8ogKNyJYRIsqM.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212514
IP address blocks:        2a01:ffc0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0c:06:d7:b1:22:a7:09:84:d6:23:59:ee:0d:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f20fb8f7fa90ddf70002bf2880a372258448b2a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6a:04:5a:53:29:ac:f5:83:e9:09:8c:21:87:
                    22:1e:6c:17:c7:5f:e7:19:5a:9e:57:68:ff:82:c7:
                    f9:bf:f0:3d:0e:e1:f5:c3:87:72:4a:9c:ed:27:e6:
                    25:a4:4e:7d:82:43:6d:b5:e0:e8:95:6c:a8:99:02:
                    8b:4a:26:2b:98:af:33:02:fa:77:f9:2d:10:d4:0a:
                    31:45:3d:26:aa:27:de:22:e2:55:fd:7f:d6:5a:0d:
                    4a:fb:d3:b2:a9:2c:6e:37:37:e8:b2:43:69:ed:77:
                    5c:3e:0c:09:7b:ee:25:ea:08:c6:dc:19:a4:6f:d6:
                    9e:a5:b0:6b:1e:14:dd:70:04:37:5f:27:bc:19:ed:
                    95:0e:ed:45:33:10:81:2d:12:eb:e2:55:1c:66:c6:
                    1b:06:e2:7b:7a:68:ab:66:5f:75:45:7f:82:01:0f:
                    2b:fa:69:8d:8d:04:6d:66:3b:b9:6f:c3:5f:91:4e:
                    69:23:03:81:91:39:d6:0d:68:87:e1:a4:71:bb:4d:
                    f1:e2:f0:66:28:46:d9:8b:42:c5:86:ac:b0:e9:6f:
                    87:02:35:44:4a:1b:a4:b5:33:7b:88:e3:c9:c2:03:
                    90:c9:99:72:9c:cb:ad:7d:f4:0a:e8:69:20:8b:13:
                    b3:e1:97:0a:b6:b4:88:10:7b:ac:1e:eb:76:84:7e:
                    35:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:0F:B8:F7:FA:90:DD:F7:00:02:BF:28:80:A3:72:25:84:48:B2:A3
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/8g-49_qQ3fcAAr8ogKNyJYRIsqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:73:2d:59:60:44:df:ec:4b:3c:a1:b0:1a:3f:4c:ee:2d:63:
         c2:47:06:96:76:3c:93:2d:9a:1c:05:92:d1:f6:53:b9:f9:d6:
         d8:e4:1a:9c:75:64:b1:ce:34:ff:21:6d:4d:81:b7:91:44:1f:
         67:c6:b1:b8:fd:aa:e4:23:ad:ff:1f:fa:79:14:b6:7f:15:2a:
         56:f2:d0:58:1c:86:3c:09:59:53:46:8e:cf:5f:d2:d3:57:60:
         56:78:f3:da:9d:88:1e:37:2e:c7:7a:e1:a0:00:56:b3:35:cf:
         45:22:75:55:98:e1:ac:f9:e6:8c:28:47:0b:4b:d0:31:3a:55:
         a5:5b:3c:d0:fa:da:0f:dc:69:41:03:6e:79:a0:e1:37:f2:66:
         72:e1:f9:5a:00:b7:3a:e4:03:f7:29:f7:fa:4a:f6:cc:4b:c4:
         fb:e2:48:db:36:c7:68:1e:7a:aa:ef:06:7a:a0:4f:7d:38:2e:
         de:3c:ea:bc:9f:6d:22:31:44:f6:04:24:9d:78:30:92:24:23:
         37:4c:ca:c9:2d:f3:75:56:12:b7:ba:a2:36:c0:a8:6c:14:68:
         ec:4d:40:15:b9:db:c4:fe:ec:5a:d3:ae:fe:59:a2:44:02:75:
         36:9d:30:2f:fc:07:e7:00:03:ab:2b:a3:d6:21:9b:cf:b5:59:
         83:78:e4:03
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijgwG17EipwmE1iNZ7g1aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjBmYjhmN2ZhOTBkZGY3MDAwMmJmMjg4MGEzNzIyNTg0NDhiMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWoEWlMprPWD6QmMIYciHmwXx1/n
GVqeV2j/gsf5v/A9DuH1w4dySpztJ+YlpE59gkNtteDolWyomQKLSiYrmK8zAvp3
+S0Q1AoxRT0mqifeIuJV/X/WWg1K+9OyqSxuNzfoskNp7XdcPgwJe+4l6gjG3Bmk
b9aepbBrHhTdcAQ3Xye8Ge2VDu1FMxCBLRLr4lUcZsYbBuJ7emirZl91RX+CAQ8r
+mmNjQRtZju5b8NfkU5pIwOBkTnWDWiH4aRxu03x4vBmKEbZi0LFhqyw6W+HAjVE
ShuktTN7iOPJwgOQyZlynMutffQK6GkgixOz4ZcKtrSIEHusHut2hH41fQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPIPuPf6kN33AAK/KICjciWESLKjMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvOGctNDlfcVEzZmNBQXI4b2dLTnlKWVJJc3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgH/wDAN
BgkqhkiG9w0BAQsFAAOCAQEAYXMtWWBE3+xLPKGwGj9M7i1jwkcGlnY8ky2aHAWS
0fZTufnW2OQanHVksc40/yFtTYG3kUQfZ8axuP2q5COt/x/6eRS2fxUqVvLQWByG
PAlZU0aOz1/S01dgVnjz2p2IHjcux3rhoABWszXPRSJ1VZjhrPnmjChHC0vQMTpV
pVs80PraD9xpQQNueaDhN/JmcuH5WgC3OuQD9yn3+kr2zEvE++JI2zbHaB56qu8G
eqBPfTgu3jzqvJ9tIjFE9gQknXgwkiQjN0zKyS3zdVYSt7qiNsCobBRo7E1AFbnb
xP7sWtOu/lmiRAJ1Np0wL/wH5wADqyuj1iGbz7VZg3jkAw==
-----END CERTIFICATE-----