Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/evsBxqfpyH3zHvt0KdEDbPjJt40.roa
File:                     evsBxqfpyH3zHvt0KdEDbPjJt40.roa (raw, json)
Hash identifier:          vsA8eWY0hm6KpE4+4Kq5HkaUgEZIYMzjLRq48DP4yG4=
Subject key identifier:   7A:FB:01:C6:A7:E9:C8:7D:F3:1E:FB:74:29:D1:03:6C:F8:C9:B7:8D
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       0194228E0CB8BECB455C82FCDCDC24114BDE
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/evsBxqfpyH3zHvt0KdEDbPjJt40.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215295
IP address blocks:        2a01:ffc7::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0c:b8:be:cb:45:5c:82:fc:dc:dc:24:11:4b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7afb01c6a7e9c87df31efb7429d1036cf8c9b78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:fc:8f:f3:97:17:be:c4:a3:66:9c:2d:27:b8:
                    36:cf:81:d7:0a:79:8e:d5:a0:c8:52:04:ef:c7:52:
                    c2:40:ec:ce:51:8f:35:11:6e:f5:23:3c:3f:30:82:
                    01:3d:1c:2b:0c:65:a4:fb:dc:a7:d6:08:ab:ed:dd:
                    82:9d:d9:a9:39:36:a5:ec:e4:ed:20:2c:b2:a1:66:
                    bb:d2:cd:14:33:68:2c:3d:4c:22:b6:da:58:4c:36:
                    37:8d:7a:65:27:00:7b:ba:c2:f3:d3:bb:35:24:02:
                    9d:fb:61:bb:af:4a:17:bd:b0:62:9b:93:09:23:bd:
                    6d:80:b5:0c:4b:be:d3:2c:e8:ab:04:78:be:f6:59:
                    43:ea:9a:3c:d5:84:be:11:4a:e6:73:e9:ed:af:e4:
                    88:ec:01:e5:14:fd:13:a7:a8:8b:83:5d:5d:b9:dc:
                    75:cf:2d:cc:68:78:22:79:9f:82:a2:7b:d8:0b:a4:
                    3c:3c:12:d4:8d:72:87:e9:85:70:c4:d2:3a:52:89:
                    bd:b3:3f:7f:f1:18:c0:41:2a:1d:6a:99:ac:9c:94:
                    7c:93:0e:b8:e0:af:25:40:ce:fc:f4:0b:a5:8f:d3:
                    a3:a2:7f:66:2b:e2:ce:68:51:73:64:75:ae:e4:71:
                    76:02:4e:a0:69:d5:2b:42:03:a3:0f:63:61:b6:2b:
                    a4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:FB:01:C6:A7:E9:C8:7D:F3:1E:FB:74:29:D1:03:6C:F8:C9:B7:8D
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/evsBxqfpyH3zHvt0KdEDbPjJt40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc7::/40

    Signature Algorithm: sha256WithRSAEncryption
         0e:3d:5a:53:19:87:df:42:0c:80:18:06:88:ab:99:b9:fd:ee:
         08:c6:6b:cb:01:2c:c1:7e:05:fe:85:9f:59:4d:5d:3d:2e:8c:
         d3:2b:15:d7:d7:c2:77:58:6e:58:c8:94:23:05:f1:3a:3a:52:
         08:32:f1:e5:df:b9:33:83:38:0f:19:04:87:ac:0f:3a:5f:7c:
         1d:61:15:17:eb:fb:52:79:12:a3:ad:8a:eb:6c:42:b4:f5:e8:
         77:c3:ce:17:7a:9d:d4:b5:78:68:e3:f5:c5:99:90:9f:1b:10:
         ff:ef:80:6e:28:28:79:ec:fc:f0:04:9b:4c:f6:7b:e0:cc:1b:
         5a:aa:07:d0:99:c1:ff:da:2b:7c:36:b5:e3:7b:bf:70:4a:9d:
         37:c2:27:9e:13:1c:2f:ef:09:e0:f6:c2:62:88:7f:c3:4b:08:
         51:aa:18:ad:9e:2b:63:59:00:8f:0b:b3:f6:d9:45:b2:d6:10:
         13:40:4f:1f:dc:89:d3:e5:69:b8:1d:b9:aa:0b:f9:c4:81:3b:
         e9:a7:2d:87:14:a4:ed:1e:fb:9e:b6:fe:b4:35:85:99:84:9b:
         3d:13:68:e5:f8:fa:f7:c8:6c:4e:35:df:63:21:7b:93:94:32:
         5f:8b:88:42:9a:df:00:a1:01:26:62:88:5d:a9:8b:02:d2:62:
         bf:13:c2:9c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQijgy4vstFXIL83NwkEUveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWZiMDFjNmE3ZTljODdkZjMxZWZiNzQyOWQxMDM2Y2Y4YzliNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+/yP85cXvsSjZpwtJ7g2z4HXCnmO
1aDIUgTvx1LCQOzOUY81EW71Izw/MIIBPRwrDGWk+9yn1gir7d2CndmpOTal7OTt
ICyyoWa70s0UM2gsPUwittpYTDY3jXplJwB7usLz07s1JAKd+2G7r0oXvbBim5MJ
I71tgLUMS77TLOirBHi+9llD6po81YS+EUrmc+ntr+SI7AHlFP0Tp6iLg11dudx1
zy3MaHgieZ+ConvYC6Q8PBLUjXKH6YVwxNI6Uom9sz9/8RjAQSodapmsnJR8kw64
4K8lQM789Aulj9Ojon9mK+LOaFFzZHWu5HF2Ak6gadUrQgOjD2NhtiukpQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHr7Acan6ch98x77dCnRA2z4ybeNMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvZXZzQnhxZnB5SDN6SHZ0MEtkRURiUGpKdDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgH/xwAw
DQYJKoZIhvcNAQELBQADggEBAA49WlMZh99CDIAYBoirmbn97gjGa8sBLMF+Bf6F
n1lNXT0ujNMrFdfXwndYbljIlCMF8To6Uggy8eXfuTODOA8ZBIesDzpffB1hFRfr
+1J5EqOtiutsQrT16HfDzhd6ndS1eGjj9cWZkJ8bEP/vgG4oKHns/PAEm0z2e+DM
G1qqB9CZwf/aK3w2teN7v3BKnTfCJ54THC/vCeD2wmKIf8NLCFGqGK2eK2NZAI8L
s/bZRbLWEBNATx/cidPlabgduaoL+cSBO+mnLYcUpO0e+562/rQ1hZmEmz0TaOX4
+vfIbE4132Mhe5OUMl+LiEKa3wChASZiiF2piwLSYr8Twpw=
-----END CERTIFICATE-----