Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/aa3wYkdpjQEDieV4Tr1D1UlS-yQ.roa
File:                     aa3wYkdpjQEDieV4Tr1D1UlS-yQ.roa (raw, json)
Hash identifier:          OvNz6w0TsSCTT94cQ7JVYM2YwdlsjARoid2lWLlXj5c=
Subject key identifier:   69:AD:F0:62:47:69:8D:01:03:89:E5:78:4E:BD:43:D5:49:52:FB:24
Certificate issuer:       /CN=5ccdeca171e422c79c938c2732a90d48a8c53c06
Certificate serial:       019426D9CCEB0D1674030F725565279AD080
Authority key identifier: 5C:CD:EC:A1:71:E4:22:C7:9C:93:8C:27:32:A9:0D:48:A8:C5:3C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/aa3wYkdpjQEDieV4Tr1D1UlS-yQ.roa
Signing time:             Thu 02 Jan 2025 11:49:55 +0000
ROA not before:           Thu 02 Jan 2025 11:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24731
IP address blocks:        212.71.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:cc:eb:0d:16:74:03:0f:72:55:65:27:9a:d0:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ccdeca171e422c79c938c2732a90d48a8c53c06
        Validity
            Not Before: Jan  2 11:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69adf06247698d010389e5784ebd43d54952fb24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:63:06:02:29:7e:a8:ab:bc:76:c6:16:b0:ec:
                    c2:9d:23:fc:26:cf:31:0f:91:05:81:19:17:8e:86:
                    de:03:09:b2:6d:38:45:44:83:35:de:de:97:92:3c:
                    26:c4:4e:9b:bb:a5:ac:0f:f0:ee:f9:09:a6:9e:ee:
                    fc:8f:b2:b5:bd:dc:54:f9:9c:29:e3:6b:43:7f:71:
                    d5:49:9b:e8:57:ab:e5:4f:d2:47:41:5e:e6:f6:3c:
                    52:62:7b:82:c4:b6:ce:77:a6:dd:f6:65:1d:67:79:
                    09:0d:30:22:d8:c3:81:3c:14:52:f7:bf:98:c7:df:
                    f2:d5:1d:45:51:6b:51:45:50:30:1a:da:b4:2c:4a:
                    98:5f:49:f1:db:4c:2b:2d:79:19:67:5f:67:ed:38:
                    c3:b1:d0:4c:76:7e:cd:11:c9:03:db:b3:d6:c0:9b:
                    db:af:33:c8:f7:7e:fe:03:5b:ce:68:88:a7:0e:5a:
                    b8:d1:32:58:a9:da:be:ea:d6:45:73:c9:24:db:f1:
                    36:0c:4f:d0:c9:1e:8d:86:d3:7b:7f:0b:49:1c:9c:
                    0e:62:91:49:6c:a5:c6:d2:92:0a:77:c4:21:19:c6:
                    2d:f0:57:05:ba:11:5e:f3:72:74:28:23:33:06:d1:
                    2d:a3:23:ce:7a:ad:41:a5:0f:45:aa:83:19:fa:c2:
                    21:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:AD:F0:62:47:69:8D:01:03:89:E5:78:4E:BD:43:D5:49:52:FB:24
            X509v3 Authority Key Identifier:
                keyid:5C:CD:EC:A1:71:E4:22:C7:9C:93:8C:27:32:A9:0D:48:A8:C5:3C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XM3soXHkIseck4wnMqkNSKjFPAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/aa3wYkdpjQEDieV4Tr1D1UlS-yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/b8f5e6-c951-4ddb-b4f5-a881ec8228b5/1/XM3soXHkIseck4wnMqkNSKjFPAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.71.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:7a:54:0c:e9:ec:da:94:a8:d6:12:58:e4:93:09:d6:9a:8a:
         04:00:4d:e0:99:04:dc:4b:f7:73:63:d0:74:af:04:0c:97:43:
         43:81:81:4e:07:96:73:35:ed:b3:88:61:5b:0e:42:05:40:0f:
         9a:01:9b:39:59:3c:42:20:4e:f3:cb:40:88:47:7a:6e:36:e0:
         16:ed:f8:34:03:02:56:60:c2:8f:c5:cd:d6:7e:43:d2:af:e8:
         a6:20:66:1f:bd:ae:8b:8a:f0:eb:24:2d:10:d2:54:ce:f7:ee:
         74:c3:8a:4d:10:78:a4:be:64:59:fe:25:fe:e8:f1:23:31:e1:
         7f:9f:54:31:54:3d:0f:3a:90:a2:6d:59:a6:f5:d1:5a:82:98:
         44:91:91:b7:a4:95:ec:ba:24:9e:01:8f:0f:5f:10:67:c4:2c:
         37:72:e6:24:d0:52:c2:8b:50:b6:cc:88:ef:bb:c4:e3:8f:38:
         ea:4f:66:45:f1:33:4e:a3:7a:0b:a1:88:0f:fc:6e:e4:3d:be:
         ba:7c:81:8d:00:66:af:84:88:82:74:de:e1:93:d4:e8:2d:32:
         87:16:e0:e3:95:07:fe:a7:9a:1e:92:58:38:47:f5:53:a4:cd:
         45:5f:75:cf:13:79:27:ba:be:12:c3:e0:e0:24:99:4b:c6:2b:
         17:73:1b:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2czrDRZ0Aw9yVWUnmtCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjY2RlY2ExNzFlNDIyYzc5YzkzOGMyNzMyYTkwZDQ4YThj
NTNjMDYwHhcNMjUwMTAyMTE0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWFkZjA2MjQ3Njk4ZDAxMDM4OWU1Nzg0ZWJkNDNkNTQ5NTJmYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+mMGAil+qKu8dsYWsOzCnSP8Js8x
D5EFgRkXjobeAwmybThFRIM13t6XkjwmxE6bu6WsD/Du+Qmmnu78j7K1vdxU+Zwp
42tDf3HVSZvoV6vlT9JHQV7m9jxSYnuCxLbOd6bd9mUdZ3kJDTAi2MOBPBRS97+Y
x9/y1R1FUWtRRVAwGtq0LEqYX0nx20wrLXkZZ19n7TjDsdBMdn7NEckD27PWwJvb
rzPI937+A1vOaIinDlq40TJYqdq+6tZFc8kk2/E2DE/QyR6NhtN7fwtJHJwOYpFJ
bKXG0pIKd8QhGcYt8FcFuhFe83J0KCMzBtEtoyPOeq1BpQ9FqoMZ+sIhZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmt8GJHaY0BA4nleE69Q9VJUvskMB8GA1UdIwQY
MBaAFFzN7KFx5CLHnJOMJzKpDUioxTwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE0zc29YSGtJc2VjazR3bk1xa05TS2pGUEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9iOGY1ZTYtYzk1MS00ZGRiLWI0ZjUt
YTg4MWVjODIyOGI1LzEvYWEzd1lrZHBqUUVEaWVWNFRyMUQxVWxTLXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9iOGY1ZTYtYzk1MS00ZGRiLWI0ZjUtYTg4MWVjODIyOGI1
LzEvWE0zc29YSGtJc2VjazR3bk1xa05TS2pGUEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EczMA0G
CSqGSIb3DQEBCwUAA4IBAQCCelQM6ezalKjWEljkkwnWmooEAE3gmQTcS/dzY9B0
rwQMl0NDgYFOB5ZzNe2ziGFbDkIFQA+aAZs5WTxCIE7zy0CIR3puNuAW7fg0AwJW
YMKPxc3WfkPSr+imIGYfva6LivDrJC0Q0lTO9+50w4pNEHikvmRZ/iX+6PEjMeF/
n1QxVD0POpCibVmm9dFagphEkZG3pJXsuiSeAY8PXxBnxCw3cuYk0FLCi1C2zIjv
u8TjjzjqT2ZF8TNOo3oLoYgP/G7kPb66fIGNAGavhIiCdN7hk9ToLTKHFuDjlQf+
p5oeklg4R/VTpM1FX3XPE3knur4Sw+DgJJlLxisXcxsZ
-----END CERTIFICATE-----