Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/1Hc2xFSXXcJKNwa405Fj3_hDKSA.roa
File:                     1Hc2xFSXXcJKNwa405Fj3_hDKSA.roa (raw, json)
Hash identifier:          w37TZNzx2LyJoBt8yxG/TPR6Wn5kb/77Kd+gVANfH9Y=
Subject key identifier:   D4:77:36:C4:54:97:5D:C2:4A:37:06:B8:D3:91:63:DF:F8:43:29:20
Certificate issuer:       /CN=97bcbee44f4cef091985e546a6854f9ccb2ada8a
Certificate serial:       019420D5D23CD2F989638D01D865A3FDE9C2
Authority key identifier: 97:BC:BE:E4:4F:4C:EF:09:19:85:E5:46:A6:85:4F:9C:CB:2A:DA:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/1Hc2xFSXXcJKNwa405Fj3_hDKSA.roa
Signing time:             Wed 01 Jan 2025 07:47:51 +0000
ROA not before:           Wed 01 Jan 2025 07:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41179
IP address blocks:        2a05:a944::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 13:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d2:3c:d2:f9:89:63:8d:01:d8:65:a3:fd:e9:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97bcbee44f4cef091985e546a6854f9ccb2ada8a
        Validity
            Not Before: Jan  1 07:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d47736c454975dc24a3706b8d39163dff8432920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0f:bd:dc:3f:c2:8b:6c:94:61:ad:ae:8e:a9:
                    ef:5e:f6:43:cb:05:46:24:92:2f:94:f7:b0:5d:56:
                    c8:a5:e6:d6:c4:82:a5:86:3c:bf:39:3a:67:7f:f1:
                    21:5d:66:cf:00:74:5b:57:5f:5e:e8:ac:18:f6:9d:
                    ff:e6:ea:cd:c7:89:0f:b9:ca:f3:c9:fc:b2:58:2e:
                    44:0d:29:86:66:3c:ea:6b:aa:9a:23:3e:66:38:9c:
                    60:e2:b5:d2:64:e0:bd:c2:b5:f2:96:8c:93:38:8c:
                    6e:60:c3:79:c7:9f:9d:86:32:30:a7:eb:46:d1:1c:
                    02:a5:cd:ef:d6:c0:9d:3c:06:7f:81:99:04:3d:0d:
                    07:67:37:de:92:54:1b:30:34:b3:e7:83:19:86:ae:
                    0f:34:28:73:3a:9b:f0:24:94:1d:35:52:40:1a:0f:
                    ea:91:df:86:ee:a8:20:37:a3:19:92:55:69:5c:75:
                    33:a6:fb:78:b8:0f:f6:9b:dd:bf:2d:a1:8c:0a:8b:
                    fb:cc:35:49:b6:a2:0e:d4:8c:29:50:93:8c:62:b5:
                    58:9e:46:c0:da:55:8e:32:fd:c6:16:bb:45:50:a5:
                    1e:40:c6:0c:21:ff:ae:71:4a:9c:a5:dd:5e:b2:c4:
                    d5:f9:c4:01:4a:53:8e:16:6f:0e:f4:5b:12:2b:84:
                    06:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:77:36:C4:54:97:5D:C2:4A:37:06:B8:D3:91:63:DF:F8:43:29:20
            X509v3 Authority Key Identifier:
                keyid:97:BC:BE:E4:4F:4C:EF:09:19:85:E5:46:A6:85:4F:9C:CB:2A:DA:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/1Hc2xFSXXcJKNwa405Fj3_hDKSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:a944::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:50:3b:0a:7e:b8:0a:fe:ad:a5:05:54:a2:4c:3f:d7:7d:96:
         e2:48:17:b9:45:ea:88:f1:ef:3e:bc:05:d0:11:09:d3:5c:25:
         7e:2b:d6:df:12:0b:d5:e8:32:e7:e2:50:1c:0c:67:5e:a0:4f:
         f3:cc:29:cd:a4:b7:99:0f:e6:24:56:e1:74:e7:1f:4a:d4:92:
         e7:88:99:f6:e0:3d:ec:af:43:e2:df:d8:77:dc:b5:56:39:1d:
         36:60:88:dd:59:15:c4:55:b8:dd:cf:d9:33:2a:05:70:bc:0e:
         af:b5:54:ee:c8:ec:d8:f9:08:6a:53:69:92:5d:dc:a6:ec:6b:
         b8:f2:31:34:d2:3a:87:ba:98:38:ab:58:5e:0a:14:10:11:d0:
         16:65:81:db:a6:0f:3e:28:93:f4:ae:e0:b8:3b:28:78:ba:3f:
         73:7c:71:b5:45:88:be:03:88:f3:4a:45:d5:a9:5c:a8:be:ee:
         c5:72:06:ef:3b:45:06:ce:b5:44:94:12:5e:4d:48:ac:9d:7e:
         47:d0:ca:bc:11:63:8b:6e:94:d9:f5:7a:47:27:e4:fe:e3:cb:
         2d:09:ac:ea:bc:92:d7:70:dd:3d:21:fa:2c:d1:71:65:85:80:
         cf:93:37:57:15:c6:a2:51:5c:b7:2e:f7:50:45:9a:1b:9f:40:
         06:05:52:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1dI80vmJY40B2GWj/enCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YmNiZWU0NGY0Y2VmMDkxOTg1ZTU0NmE2ODU0ZjljY2Iy
YWRhOGEwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDc3MzZjNDU0OTc1ZGMyNGEzNzA2YjhkMzkxNjNkZmY4NDMyOTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQ+93D/Ci2yUYa2ujqnvXvZDywVG
JJIvlPewXVbIpebWxIKlhjy/OTpnf/EhXWbPAHRbV19e6KwY9p3/5urNx4kPucrz
yfyyWC5EDSmGZjzqa6qaIz5mOJxg4rXSZOC9wrXyloyTOIxuYMN5x5+dhjIwp+tG
0RwCpc3v1sCdPAZ/gZkEPQ0HZzfeklQbMDSz54MZhq4PNChzOpvwJJQdNVJAGg/q
kd+G7qggN6MZklVpXHUzpvt4uA/2m92/LaGMCov7zDVJtqIO1IwpUJOMYrVYnkbA
2lWOMv3GFrtFUKUeQMYMIf+ucUqcpd1essTV+cQBSlOOFm8O9FsSK4QG8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNR3NsRUl13CSjcGuNORY9/4QykgMB8GA1UdIwQY
MBaAFJe8vuRPTO8JGYXlRqaFT5zLKtqKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDd5LTVFOU03d2taaGVWR3BvVlBuTXNxMm9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8wYjJlZWYtNzVlOS00M2IyLTkwODgt
ODMwM2FkMTM3MWRkLzEvMUhjMnhGU1hYY0pLTndhNDA1RmozX2hES1NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8wYjJlZWYtNzVlOS00M2IyLTkwODgtODMwM2FkMTM3MWRk
LzEvbDd5LTVFOU03d2taaGVWR3BvVlBuTXNxMm9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWpRAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA6UDsKfrgK/q2lBVSiTD/XfZbiSBe5ReqI8e8+
vAXQEQnTXCV+K9bfEgvV6DLn4lAcDGdeoE/zzCnNpLeZD+YkVuF05x9K1JLniJn2
4D3sr0Pi39h33LVWOR02YIjdWRXEVbjdz9kzKgVwvA6vtVTuyOzY+QhqU2mSXdym
7Gu48jE00jqHupg4q1heChQQEdAWZYHbpg8+KJP0ruC4Oyh4uj9zfHG1RYi+A4jz
SkXVqVyovu7FcgbvO0UGzrVElBJeTUisnX5H0Mq8EWOLbpTZ9XpHJ+T+48stCazq
vJLXcN09Ifos0XFlhYDPkzdXFcaiUVy3LvdQRZobn0AGBVJ3
-----END CERTIFICATE-----