Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/wC6GvOL96y7ng1OaBtu0ACc0Uv8.roa
File:                     wC6GvOL96y7ng1OaBtu0ACc0Uv8.roa (raw, json)
Hash identifier:          Pb/46jJY/4NqGVEPi/tZl2cVHTdO0P2kZSbGSJnkcFU=
Subject key identifier:   C0:2E:86:BC:E2:FD:EB:2E:E7:83:53:9A:06:DB:B4:00:27:34:52:FF
Certificate issuer:       /CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
Certificate serial:       019424B4044812C52470D15C212A92346A50
Authority key identifier: 00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/wC6GvOL96y7ng1OaBtu0ACc0Uv8.roa
Signing time:             Thu 02 Jan 2025 01:49:24 +0000
ROA not before:           Thu 02 Jan 2025 01:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a04:1f41::/32 maxlen: 48
                          2a04:1f42::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b4:04:48:12:c5:24:70:d1:5c:21:2a:92:34:6a:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=006b06b5d0ff1000e10c4276eea0880af209d7a2
        Validity
            Not Before: Jan  2 01:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c02e86bce2fdeb2ee783539a06dbb400273452ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:33:56:f8:f6:ab:12:30:d2:e8:c9:ce:15:06:
                    37:f9:d9:6a:be:ac:fa:11:ae:7c:1b:2c:d8:23:a4:
                    0b:82:82:51:6d:d6:76:82:57:3f:a0:ac:43:88:54:
                    a6:77:2a:bf:30:cd:79:35:08:d7:c5:bf:4d:af:fe:
                    44:f9:60:5e:74:c8:ff:cf:f0:e1:34:79:2d:a4:c2:
                    a2:0b:ad:58:8a:27:3f:3a:99:50:66:e3:c0:ba:d8:
                    a9:5e:b6:58:9d:df:1b:2e:b2:c3:86:15:b4:3c:0f:
                    14:c7:16:8e:64:b8:76:2d:80:47:7a:02:a5:f7:43:
                    95:0a:ab:ef:c4:3f:0e:9b:af:a2:9e:93:26:03:83:
                    b9:cb:94:f9:bc:22:e5:1d:b9:d9:70:28:80:d8:03:
                    52:d4:05:d6:d9:31:8e:11:ad:9e:1d:c4:47:50:8a:
                    c8:ba:67:4f:3b:b2:0b:bd:b5:6c:59:60:30:a3:52:
                    a3:d2:83:50:4a:bc:90:6f:56:04:40:f6:4c:5f:98:
                    a2:a6:be:d2:49:74:d5:a8:d1:57:84:b7:36:d3:17:
                    56:f1:d8:fd:07:7b:b4:9c:a6:11:fc:40:3c:40:50:
                    cf:28:ca:30:fc:02:83:a8:d4:ab:67:10:83:75:ef:
                    0f:d5:86:2e:fa:fb:ca:b5:16:12:37:d8:05:15:1c:
                    e7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:2E:86:BC:E2:FD:EB:2E:E7:83:53:9A:06:DB:B4:00:27:34:52:FF
            X509v3 Authority Key Identifier:
                keyid:00:6B:06:B5:D0:FF:10:00:E1:0C:42:76:EE:A0:88:0A:F2:09:D7:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AGsGtdD_EADhDEJ27qCICvIJ16I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/wC6GvOL96y7ng1OaBtu0ACc0Uv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/4737c9-e263-44e7-8fed-57c955c9c85d/1/AGsGtdD_EADhDEJ27qCICvIJ16I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1f41::-2a04:1f42:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         0a:3e:5b:8d:de:e2:21:73:f5:77:31:c3:65:b9:12:d4:c4:4c:
         b7:ce:db:a0:0f:f8:34:7f:8a:87:13:55:a7:33:2a:7a:83:b1:
         d6:c8:eb:2f:66:e2:42:99:6f:57:ce:6d:4a:ef:3e:85:b8:62:
         3a:0b:4e:8b:23:79:08:ef:1a:6d:fc:56:02:cd:d2:19:63:6e:
         c8:de:61:fd:af:3b:a4:4f:98:e1:96:8d:05:5c:6a:78:1d:b8:
         3f:f1:b8:3b:16:f2:da:54:3a:67:f4:01:20:8e:a0:7f:14:22:
         4b:24:a7:32:1b:1b:0c:46:69:92:1a:92:0f:af:08:a1:cd:80:
         e4:88:51:be:b9:bf:91:fb:70:8e:71:04:db:a8:2f:18:33:11:
         54:57:56:bb:84:ff:36:d0:93:41:ee:38:a8:41:15:d0:f0:30:
         71:a6:a2:e1:3f:d6:f9:d6:0f:6a:0b:a0:bd:0c:5b:19:d8:b2:
         9a:76:0f:b9:a4:8f:69:0e:72:1f:1a:c9:d5:d5:4f:f3:9b:81:
         3f:3b:36:df:fa:ef:bd:b7:d0:a9:d2:05:94:5b:e1:30:f7:3a:
         90:af:81:7a:2d:c0:d5:f8:2b:88:dd:ca:28:46:80:c9:9e:5e:
         ab:b3:b0:24:17:d7:f6:cc:f8:f0:84:1f:1f:c8:55:a2:11:88:
         85:6b:3f:cf
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQktARIEsUkcNFcISqSNGpQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNmIwNmI1ZDBmZjEwMDBlMTBjNDI3NmVlYTA4ODBhZjIw
OWQ3YTIwHhcNMjUwMTAyMDE0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDJlODZiY2UyZmRlYjJlZTc4MzUzOWEwNmRiYjQwMDI3MzQ1MmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jNW+ParEjDS6MnOFQY3+dlqvqz6
Ea58GyzYI6QLgoJRbdZ2glc/oKxDiFSmdyq/MM15NQjXxb9Nr/5E+WBedMj/z/Dh
NHktpMKiC61Yiic/OplQZuPAutipXrZYnd8bLrLDhhW0PA8UxxaOZLh2LYBHegKl
90OVCqvvxD8Om6+inpMmA4O5y5T5vCLlHbnZcCiA2ANS1AXW2TGOEa2eHcRHUIrI
umdPO7ILvbVsWWAwo1Kj0oNQSryQb1YEQPZMX5iipr7SSXTVqNFXhLc20xdW8dj9
B3u0nKYR/EA8QFDPKMow/AKDqNSrZxCDde8P1YYu+vvKtRYSN9gFFRznrQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFMAuhrzi/esu54NTmgbbtAAnNFL/MB8GA1UdIwQY
MBaAFABrBrXQ/xAA4QxCdu6giAryCdeiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQt
NTdjOTU1YzljODVkLzEvd0M2R3ZPTDk2eTduZzFPYUJ0dTBBQ2MwVXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80NzM3YzktZTI2My00NGU3LThmZWQtNTdjOTU1YzljODVk
LzEvQUdzR3RkRF9FQURoREVKMjdxQ0lDdklKMTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqBB9B
AwUAKgQfQjANBgkqhkiG9w0BAQsFAAOCAQEACj5bjd7iIXP1dzHDZbkS1MRMt87b
oA/4NH+KhxNVpzMqeoOx1sjrL2biQplvV85tSu8+hbhiOgtOiyN5CO8abfxWAs3S
GWNuyN5h/a87pE+Y4ZaNBVxqeB24P/G4Oxby2lQ6Z/QBII6gfxQiSySnMhsbDEZp
khqSD68Ioc2A5IhRvrm/kftwjnEE26gvGDMRVFdWu4T/NtCTQe44qEEV0PAwcaai
4T/W+dYPagugvQxbGdiymnYPuaSPaQ5yHxrJ1dVP85uBPzs23/rvvbfQqdIFlFvh
MPc6kK+Bei3A1fgriN3KKEaAyZ5eq7OwJBfX9sz48IQfH8hVohGIhWs/zw==
-----END CERTIFICATE-----