Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/j7OTX4J28Js-0w5isT2PIZS_18Q.roa
File:                     j7OTX4J28Js-0w5isT2PIZS_18Q.roa (raw, json)
Hash identifier:          frKELQxJcl50qW1No3dGQO6ukFhHZwkNa2ShR84gmOI=
Subject key identifier:   8F:B3:93:5F:82:76:F0:9B:3E:D3:0E:62:B1:3D:8F:21:94:BF:D7:C4
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       0194266B4B650253E664163F5550467B8CAF
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/j7OTX4J28Js-0w5isT2PIZS_18Q.roa
Signing time:             Thu 02 Jan 2025 09:49:13 +0000
ROA not before:           Thu 02 Jan 2025 09:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211481
IP address blocks:        2a12:f8c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:4b:65:02:53:e6:64:16:3f:55:50:46:7b:8c:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Jan  2 09:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fb3935f8276f09b3ed30e62b13d8f2194bfd7c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:aa:89:f5:6e:e2:cf:9d:01:06:44:d9:64:7a:
                    4a:e5:80:84:4c:e4:cb:90:51:dd:0b:e2:cf:fb:d3:
                    6f:4a:a2:1d:cd:b7:64:58:f9:7d:0d:ad:d0:c8:6e:
                    5e:cd:d5:24:f4:96:90:2d:3b:bb:50:18:9b:91:0d:
                    00:e7:c4:f2:de:a3:a4:9c:39:b3:a6:35:8b:98:2c:
                    ce:c7:73:12:05:32:66:a4:54:c5:e3:e7:f5:fc:b8:
                    11:9c:db:02:41:9a:a8:c3:f5:46:c3:0a:65:39:58:
                    36:4b:a0:a1:f9:11:67:1c:dc:53:0b:fd:9b:e4:15:
                    8b:06:69:d5:03:39:52:c2:1a:ec:9c:50:d2:0a:9a:
                    7a:d0:2f:f8:a0:ab:ae:08:9f:51:7b:96:49:8b:9d:
                    47:d4:e9:d5:6c:63:9c:86:ff:78:ba:d5:75:4f:1f:
                    1b:ee:12:5f:b7:da:6a:62:90:8b:ad:40:c9:c0:3d:
                    21:68:93:2e:68:0e:9e:e5:55:a5:c9:8f:f9:54:9d:
                    3e:6a:95:30:4a:a6:3f:56:6b:a2:fa:d8:e8:c6:cf:
                    a1:fe:c3:c9:ce:98:29:38:bf:55:55:29:b1:28:d7:
                    d2:d1:ac:21:52:b0:c6:50:75:67:6e:ec:d3:30:bd:
                    84:13:47:2b:15:57:0f:b8:02:fb:7a:97:94:c7:eb:
                    07:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B3:93:5F:82:76:F0:9B:3E:D3:0E:62:B1:3D:8F:21:94:BF:D7:C4
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/j7OTX4J28Js-0w5isT2PIZS_18Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:b1:b5:4e:69:9d:44:de:86:f1:66:36:b0:a6:0e:e5:42:0b:
         27:f7:e2:8b:c5:a5:2a:40:5a:43:76:33:2f:2c:c6:d4:d9:99:
         96:3b:4f:66:07:0d:cb:91:80:ba:6b:6b:f3:8a:4b:de:ca:71:
         5c:1b:ff:a1:d1:e3:e8:e8:0a:23:8b:e0:b4:59:5b:2b:13:7f:
         4a:3d:6f:a4:ec:ec:1b:64:b5:7f:e4:7f:b0:44:a4:c7:f2:10:
         a3:30:92:f6:ff:87:49:44:37:0d:2c:e7:52:e6:93:55:da:b4:
         49:4a:75:1e:2f:6e:65:11:48:5d:cc:a5:f1:ba:d8:44:b6:1e:
         d1:f4:e6:2e:7e:34:53:91:18:e4:c5:e0:ee:d5:71:0f:15:20:
         a0:ba:2c:2d:f6:42:0d:9a:89:f0:c2:19:de:16:9e:a7:ee:6d:
         fd:00:ad:9d:7f:b9:dd:88:cb:6b:86:e4:61:d2:d6:a7:25:16:
         2a:f1:c8:46:4d:df:d2:3f:5e:a7:b1:24:04:b4:af:4b:9f:84:
         84:fe:3b:e3:06:ff:69:be:8d:91:3f:72:09:2b:a4:6b:26:ae:
         af:48:43:34:24:ac:92:fc:45:a8:f3:18:16:9c:4a:0d:11:bd:
         ef:6d:10:97:a0:c5:ca:f6:c0:33:8f:b0:9b:df:be:cb:52:11:
         39:1a:0f:6b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQma0tlAlPmZBY/VVBGe4yvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjUwMTAyMDk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmIzOTM1ZjgyNzZmMDliM2VkMzBlNjJiMTNkOGYyMTk0YmZkN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKqJ9W7iz50BBkTZZHpK5YCETOTL
kFHdC+LP+9NvSqIdzbdkWPl9Da3QyG5ezdUk9JaQLTu7UBibkQ0A58Ty3qOknDmz
pjWLmCzOx3MSBTJmpFTF4+f1/LgRnNsCQZqow/VGwwplOVg2S6Ch+RFnHNxTC/2b
5BWLBmnVAzlSwhrsnFDSCpp60C/4oKuuCJ9Re5ZJi51H1OnVbGOchv94utV1Tx8b
7hJft9pqYpCLrUDJwD0haJMuaA6e5VWlyY/5VJ0+apUwSqY/Vmui+tjoxs+h/sPJ
zpgpOL9VVSmxKNfS0awhUrDGUHVnbuzTML2EE0crFVcPuAL7epeUx+sH+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFI+zk1+CdvCbPtMOYrE9jyGUv9fEMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvajdPVFg0SjI4SnMtMHc1aXNUMlBJWlNfMThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhL4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAWbG1TmmdRN6G8WY2sKYO5UILJ/fii8WlKkBaQ3Yz
LyzG1NmZljtPZgcNy5GAumtr84pL3spxXBv/odHj6OgKI4vgtFlbKxN/Sj1vpOzs
G2S1f+R/sESkx/IQozCS9v+HSUQ3DSznUuaTVdq0SUp1Hi9uZRFIXcyl8brYRLYe
0fTmLn40U5EY5MXg7tVxDxUgoLosLfZCDZqJ8MIZ3haep+5t/QCtnX+53YjLa4bk
YdLWpyUWKvHIRk3f0j9ep7EkBLSvS5+EhP474wb/ab6NkT9yCSukayaur0hDNCSs
kvxFqPMYFpxKDRG9720Ql6DFyvbAM4+wm9++y1IRORoPaw==
-----END CERTIFICATE-----