Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/XbAr8SQIAw9hIDRxrHkJyM2E7rw.roa
File:                     XbAr8SQIAw9hIDRxrHkJyM2E7rw.roa (raw, json)
Hash identifier:          iroHWOjzxgxeueAoX0u+v44fa72Ny7x8CM3XkM2eFPE=
Subject key identifier:   5D:B0:2B:F1:24:08:03:0F:61:20:34:71:AC:79:09:C8:CD:84:EE:BC
Certificate issuer:       /CN=d57c7db04e78c221f3df2a2af082b518d962a8f0
Certificate serial:       0194266BC1CFA7F038E2186F63BD601C8F20
Authority key identifier: D5:7C:7D:B0:4E:78:C2:21:F3:DF:2A:2A:F0:82:B5:18:D9:62:A8:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/XbAr8SQIAw9hIDRxrHkJyM2E7rw.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36040
IP address blocks:        2a0f:f4c1:2::/48 maxlen: 48
                          2a0f:f4c1:2::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c1:cf:a7:f0:38:e2:18:6f:63:bd:60:1c:8f:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d57c7db04e78c221f3df2a2af082b518d962a8f0
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5db02bf12408030f61203471ac7909c8cd84eebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:96:b5:b4:88:ad:02:37:e5:4c:36:17:ad:e2:
                    53:ac:60:54:81:ba:54:fa:4a:1b:5d:d2:c5:3f:82:
                    ca:eb:b4:93:c9:51:b4:63:32:bc:3a:13:31:54:61:
                    f4:ea:94:4c:74:36:7b:87:84:39:d4:4e:06:ff:bd:
                    35:bb:d8:55:a1:30:93:81:07:05:c0:9b:69:66:6b:
                    f8:ac:8d:e3:76:3c:9c:b8:c2:6f:f2:87:3d:09:41:
                    d0:76:92:40:30:a9:ef:2b:64:ef:68:9b:03:d8:24:
                    2e:77:23:f0:68:a4:7f:0f:17:5c:09:a5:8a:97:2b:
                    d2:9e:1a:8f:9d:a9:31:bc:a4:af:ef:b2:00:c8:f2:
                    7a:1d:fe:8a:a8:f9:38:b2:65:49:65:83:2e:03:34:
                    b8:3e:df:ff:fc:4a:97:1c:48:12:84:59:0f:95:05:
                    d9:b8:23:58:78:64:4e:dd:d9:c5:54:80:ad:71:1f:
                    7f:de:83:86:3a:29:8e:c0:62:a5:bd:7d:c5:18:62:
                    11:50:d2:d5:51:39:c1:00:05:84:69:8d:d5:eb:66:
                    a0:5f:f2:79:72:21:11:9b:15:26:06:9a:4d:a5:19:
                    c7:4b:db:d7:dc:13:42:8d:ca:78:5f:fc:b4:41:be:
                    d2:99:29:78:a9:19:c4:9d:89:5c:1a:af:d7:8d:b7:
                    b5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B0:2B:F1:24:08:03:0F:61:20:34:71:AC:79:09:C8:CD:84:EE:BC
            X509v3 Authority Key Identifier:
                keyid:D5:7C:7D:B0:4E:78:C2:21:F3:DF:2A:2A:F0:82:B5:18:D9:62:A8:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/XbAr8SQIAw9hIDRxrHkJyM2E7rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:f4c1:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:f1:66:f1:5c:b1:96:c8:24:8e:88:0c:28:f3:91:49:45:f0:
         df:85:f5:34:1b:55:61:9c:59:a5:27:df:f1:ed:ee:b5:05:24:
         e4:14:2e:c0:64:c6:37:f4:7e:f2:47:2d:a9:a5:a3:54:45:2c:
         b6:35:ae:55:92:cc:cf:bd:42:b3:42:8f:61:7a:98:1d:76:e6:
         58:a1:fe:b6:9c:82:52:5b:4e:04:50:83:97:50:ef:90:f4:ac:
         6d:3b:3c:2a:0c:35:84:7f:66:b7:1e:9b:de:df:85:33:40:bd:
         e4:22:b8:11:f2:77:79:f5:45:21:d0:b0:e0:a7:f5:17:a2:6e:
         4d:9b:bb:b5:d9:44:b9:2e:3f:52:2b:9e:02:d9:04:4c:33:21:
         79:d8:1f:4f:4f:3f:a8:d1:44:1d:d2:eb:04:cd:29:48:73:ed:
         10:75:56:d1:0b:eb:4f:e2:b8:77:f4:21:f7:f2:e5:c7:72:f9:
         64:f9:21:22:91:ca:fe:d7:d2:20:48:32:9f:67:df:0f:69:98:
         2d:5c:de:c1:bf:24:59:75:43:db:8c:b8:6c:86:c0:aa:b7:c4:
         b0:5b:db:2c:b2:ab:39:a9:47:92:6d:e4:da:e1:2f:b3:79:32:
         dd:fc:99:5e:ce:2c:ff:b7:46:89:cb:3b:75:d5:bc:d7:0b:77:
         93:6d:d4:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma8HPp/A44hhvY71gHI8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1N2M3ZGIwNGU3OGMyMjFmM2RmMmEyYWYwODJiNTE4ZDk2
MmE4ZjAwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGIwMmJmMTI0MDgwMzBmNjEyMDM0NzFhYzc5MDljOGNkODRlZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZa1tIitAjflTDYXreJTrGBUgbpU
+kobXdLFP4LK67STyVG0YzK8OhMxVGH06pRMdDZ7h4Q51E4G/701u9hVoTCTgQcF
wJtpZmv4rI3jdjycuMJv8oc9CUHQdpJAMKnvK2TvaJsD2CQudyPwaKR/DxdcCaWK
lyvSnhqPnakxvKSv77IAyPJ6Hf6KqPk4smVJZYMuAzS4Pt///EqXHEgShFkPlQXZ
uCNYeGRO3dnFVICtcR9/3oOGOimOwGKlvX3FGGIRUNLVUTnBAAWEaY3V62agX/J5
ciERmxUmBppNpRnHS9vX3BNCjcp4X/y0Qb7SmSl4qRnEnYlcGq/Xjbe19wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF2wK/EkCAMPYSA0cax5CcjNhO68MB8GA1UdIwQY
MBaAFNV8fbBOeMIh898qKvCCtRjZYqjwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVh4OXNFNTR3aUh6M3lvcThJSzFHTmxpcVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8xOGQwNTktM2NiMi00NmJmLWE1ODgt
ZmU5NWE5YWYzYWRjLzEvWGJBcjhTUUlBdzloSURSeHJIa0p5TTJFN3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8xOGQwNTktM2NiMi00NmJmLWE1ODgtZmU5NWE5YWYzYWRj
LzEvMVh4OXNFNTR3aUh6M3lvcThJSzFHTmxpcVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/0wQAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBf8WbxXLGWyCSOiAwo85FJRfDfhfU0G1VhnFml
J9/x7e61BSTkFC7AZMY39H7yRy2ppaNURSy2Na5VkszPvUKzQo9hepgdduZYof62
nIJSW04EUIOXUO+Q9KxtOzwqDDWEf2a3Hpve34UzQL3kIrgR8nd59UUh0LDgp/UX
om5Nm7u12US5Lj9SK54C2QRMMyF52B9PTz+o0UQd0usEzSlIc+0QdVbRC+tP4rh3
9CH38uXHcvlk+SEikcr+19IgSDKfZ98PaZgtXN7BvyRZdUPbjLhshsCqt8SwW9ss
sqs5qUeSbeTa4S+zeTLd/Jleziz/t0aJyzt11bzXC3eTbdSB
-----END CERTIFICATE-----