Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/zZigjvCd6NcudatYLyfpsyOboFA.roa
File:                     zZigjvCd6NcudatYLyfpsyOboFA.roa (raw, json)
Hash identifier:          vGtEfaZy/GpSD6Vra1IvWRrERF5jpy55majvnW9xdMY=
Subject key identifier:   CD:98:A0:8E:F0:9D:E8:D7:2E:75:AB:58:2F:27:E9:B3:23:9B:A0:50
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       019424B3BD5F7A1C38859A8F83597213ACC3
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/zZigjvCd6NcudatYLyfpsyOboFA.roa
Signing time:             Thu 02 Jan 2025 01:49:06 +0000
ROA not before:           Thu 02 Jan 2025 01:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139238
IP address blocks:        2a09:b280:ccce::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 04:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bd:5f:7a:1c:38:85:9a:8f:83:59:72:13:ac:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd98a08ef09de8d72e75ab582f27e9b3239ba050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:72:41:d7:01:39:ea:c4:6c:26:53:3b:9b:3d:
                    6c:d1:8a:24:24:86:38:25:4a:46:66:28:c2:97:01:
                    07:92:52:59:2f:2b:6f:70:d9:41:30:74:d1:3a:0f:
                    38:7c:62:80:1b:1d:2b:5f:20:6f:be:84:4c:a4:9b:
                    e8:ed:7b:32:43:63:c2:cd:91:57:7d:c3:b8:2b:fa:
                    dd:21:9f:ca:79:d3:03:ec:91:4e:2e:2c:a1:b0:b4:
                    1d:02:6d:c3:b9:6f:c4:5e:70:f7:d7:4e:26:d2:5d:
                    9c:0e:c5:57:05:6f:0e:ac:96:b9:a8:26:19:2d:73:
                    d1:03:cb:c1:95:98:ed:5a:33:71:65:25:6d:90:e6:
                    29:19:f0:1f:71:bb:1f:e4:2f:89:77:2d:3b:28:86:
                    b8:3b:c4:69:0e:53:8f:49:d0:9d:0f:24:bb:14:40:
                    96:55:0a:aa:17:42:ff:ff:40:08:31:09:fb:fc:e1:
                    70:13:a9:30:04:b1:d0:e9:e2:9c:5a:18:a4:9d:9e:
                    45:26:b4:b7:3b:ec:5c:63:2b:e6:df:a7:56:3f:44:
                    5f:1d:22:e0:bf:ea:60:a0:3c:02:91:1a:ff:d2:55:
                    d2:97:ec:ef:a1:59:06:79:85:de:9f:1c:e3:70:3b:
                    66:9e:89:1c:cb:8c:64:fc:0a:b2:15:8c:2f:85:4a:
                    37:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:98:A0:8E:F0:9D:E8:D7:2E:75:AB:58:2F:27:E9:B3:23:9B:A0:50
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/zZigjvCd6NcudatYLyfpsyOboFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:b280:ccce::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:4e:20:2f:4f:5f:39:ac:0f:f8:e3:97:c1:c3:19:3d:aa:b8:
         77:5f:a9:60:73:82:86:5a:79:f9:39:32:e4:90:33:1d:fa:b2:
         c5:27:6b:af:9a:ca:37:ee:21:39:3c:4b:5d:61:af:cf:78:21:
         38:46:8a:97:2f:cf:0c:55:d8:37:c5:f7:5f:09:a6:72:01:b6:
         e1:03:1c:f6:1a:4d:f6:ea:e4:c4:a1:f1:01:af:e2:87:2b:ed:
         65:22:20:ef:c9:76:fe:de:67:6c:63:fe:cc:e5:0b:02:2d:ac:
         97:a0:64:42:4f:e2:19:e8:68:f9:aa:8c:7f:08:7a:98:cd:54:
         0b:be:44:4b:db:4d:4b:f4:79:ee:2b:15:ef:72:4f:de:da:b8:
         44:be:52:06:43:c0:db:f0:66:58:a1:81:c7:cb:fc:0e:0a:dd:
         c9:3b:76:4f:cb:97:9f:a0:52:0c:4d:e5:92:df:34:f1:f4:a4:
         28:6b:d3:42:a4:e8:15:99:02:48:cd:9c:bf:8a:7e:61:fe:8e:
         7d:d3:f2:de:7e:48:13:c7:7a:18:09:35:63:f5:ce:50:23:31:
         47:b7:fd:74:b3:3b:15:72:00:23:e4:0a:84:b4:d0:c5:82:c4:
         7c:2c:66:c4:f2:cf:12:87:ea:e5:18:38:32:57:f0:c1:44:56:
         ec:c9:6c:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks71fehw4hZqPg1lyE6zDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDk4YTA4ZWYwOWRlOGQ3MmU3NWFiNTgyZjI3ZTliMzIzOWJhMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3JB1wE56sRsJlM7mz1s0YokJIY4
JUpGZijClwEHklJZLytvcNlBMHTROg84fGKAGx0rXyBvvoRMpJvo7XsyQ2PCzZFX
fcO4K/rdIZ/KedMD7JFOLiyhsLQdAm3DuW/EXnD3104m0l2cDsVXBW8OrJa5qCYZ
LXPRA8vBlZjtWjNxZSVtkOYpGfAfcbsf5C+Jdy07KIa4O8RpDlOPSdCdDyS7FECW
VQqqF0L//0AIMQn7/OFwE6kwBLHQ6eKcWhiknZ5FJrS3O+xcYyvm36dWP0RfHSLg
v+pgoDwCkRr/0lXSl+zvoVkGeYXenxzjcDtmnokcy4xk/AqyFYwvhUo3ZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM2YoI7wnejXLnWrWC8n6bMjm6BQMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvelppZ2p2Q2Q2TmN1ZGF0WUx5ZnBzeU9ib0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgmygMzO
MA0GCSqGSIb3DQEBCwUAA4IBAQAnTiAvT185rA/445fBwxk9qrh3X6lgc4KGWnn5
OTLkkDMd+rLFJ2uvmso37iE5PEtdYa/PeCE4RoqXL88MVdg3xfdfCaZyAbbhAxz2
Gk326uTEofEBr+KHK+1lIiDvyXb+3mdsY/7M5QsCLayXoGRCT+IZ6Gj5qox/CHqY
zVQLvkRL201L9HnuKxXvck/e2rhEvlIGQ8Db8GZYoYHHy/wOCt3JO3ZPy5efoFIM
TeWS3zTx9KQoa9NCpOgVmQJIzZy/in5h/o590/LefkgTx3oYCTVj9c5QIzFHt/10
szsVcgAj5AqEtNDFgsR8LGbE8s8Sh+rlGDgyV/DBRFbsyWxW
-----END CERTIFICATE-----