Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/IaGPCdtFo7YJnFhk0N9F9EeLT9Q.roa
File:                     IaGPCdtFo7YJnFhk0N9F9EeLT9Q.roa (raw, json)
Hash identifier:          TIaLTE20N+Zb0MJFSwKsXKIcPMWOp3mDxoElESAnpSc=
Subject key identifier:   21:A1:8F:09:DB:45:A3:B6:09:9C:58:64:D0:DF:45:F4:47:8B:4F:D4
Certificate issuer:       /CN=da7d5fca1e469929d4a8b6f57af3cbcdc639a35e
Certificate serial:       01958E9D0429C30B04A2C5022791F95490A7
Authority key identifier: DA:7D:5F:CA:1E:46:99:29:D4:A8:B6:F5:7A:F3:CB:CD:C6:39:A3:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/IaGPCdtFo7YJnFhk0N9F9EeLT9Q.roa
Signing time:             Thu 13 Mar 2025 08:26:49 +0000
ROA not before:           Thu 13 Mar 2025 08:26:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214231
IP address blocks:        2a01:e5c0:8000::/48 maxlen: 48
                          2a01:e5c0:8001::/48 maxlen: 48
                          2a01:e5c0:8002::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8e:9d:04:29:c3:0b:04:a2:c5:02:27:91:f9:54:90:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da7d5fca1e469929d4a8b6f57af3cbcdc639a35e
        Validity
            Not Before: Mar 13 08:26:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21a18f09db45a3b6099c5864d0df45f4478b4fd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:49:4d:c1:6d:a7:fc:d6:9c:ba:11:42:53:aa:
                    5f:ce:96:3f:15:91:5b:46:38:2f:97:e5:cb:a3:48:
                    41:f0:6e:59:02:bc:70:d0:14:8d:0c:7e:22:63:fd:
                    63:c0:78:95:c8:f1:2c:08:82:92:4d:a9:8a:7d:d3:
                    d5:e4:7d:2d:cf:86:79:cd:aa:fa:c0:a7:75:9b:8c:
                    e1:5f:b4:99:25:12:e2:5d:dd:bc:fa:5a:26:87:3d:
                    17:a0:d7:ec:39:a0:9d:f0:26:6b:0a:d0:80:d6:37:
                    e1:3d:78:f7:9c:33:74:27:ad:17:c2:fd:18:80:90:
                    eb:08:75:e3:9e:da:a8:3d:4e:b7:3a:ec:39:6f:7d:
                    5e:0a:48:0e:d7:99:07:27:dd:6f:48:cc:ad:c4:70:
                    d8:6a:79:b2:c7:67:10:5e:58:93:01:73:a1:3f:e8:
                    c1:af:b3:d0:cf:16:11:ba:70:7a:8f:3a:63:1e:af:
                    90:ba:c3:9e:1a:58:19:ca:fb:69:0c:2c:2b:4d:6a:
                    e2:94:00:78:04:de:b4:8b:5d:8d:c0:af:a4:d0:16:
                    d8:45:bd:8c:19:0f:8f:3a:e5:e0:c7:eb:5e:1c:b3:
                    a7:02:c9:d8:7c:8f:15:93:67:f6:9d:e4:a1:3d:7f:
                    64:7c:e6:3a:ea:28:9a:83:0e:57:02:c3:7b:35:3d:
                    61:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A1:8F:09:DB:45:A3:B6:09:9C:58:64:D0:DF:45:F4:47:8B:4F:D4
            X509v3 Authority Key Identifier:
                keyid:DA:7D:5F:CA:1E:46:99:29:D4:A8:B6:F5:7A:F3:CB:CD:C6:39:A3:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/IaGPCdtFo7YJnFhk0N9F9EeLT9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e5c0:8000::-2a01:e5c0:8002:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a7:ab:60:f5:f7:33:7b:89:1d:3d:fc:e8:c9:33:61:73:e5:ff:
         67:8a:bf:2b:8a:40:58:49:18:83:c0:3c:39:24:13:f0:ae:16:
         78:b3:56:ac:2d:9e:ee:04:fc:a9:f2:60:bc:fd:62:82:fc:1a:
         36:27:be:40:f6:b4:6b:89:72:75:ce:b8:60:b5:52:3d:30:22:
         b5:8a:ee:57:80:31:56:f0:96:ce:88:de:db:40:5e:6e:41:b4:
         37:ce:e2:79:49:88:1f:9d:be:4d:e7:8c:a5:5c:df:6a:24:11:
         26:8e:ce:e8:08:37:b8:db:fb:e0:29:2d:23:a4:7d:5b:7d:ef:
         df:66:8d:0f:96:a1:88:57:78:04:b9:72:ee:21:1f:a6:78:74:
         d6:fb:de:01:96:91:1f:da:52:39:d2:35:b7:9c:69:e3:9b:ba:
         a9:04:de:3c:a4:c7:7d:c8:fd:a5:f0:a6:64:b5:b3:26:b5:b2:
         fb:52:2c:73:c4:2c:ba:09:4b:64:f4:9a:d1:dd:ba:04:68:46:
         ee:01:f0:8e:c1:86:04:c7:37:bf:2c:f5:84:9a:2e:8a:d5:c0:
         c5:43:cc:cf:4c:c9:9a:51:19:65:fe:78:6d:37:d7:bf:59:dc:
         1d:91:52:b6:eb:82:af:a4:20:c0:bf:6b:55:ed:9c:48:c3:3e:
         cb:62:4b:e7
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZWOnQQpwwsEosUCJ5H5VJCnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhN2Q1ZmNhMWU0Njk5MjlkNGE4YjZmNTdhZjNjYmNkYzYz
OWEzNWUwHhcNMjUwMzEzMDgyNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWExOGYwOWRiNDVhM2I2MDk5YzU4NjRkMGRmNDVmNDQ3OGI0ZmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzklNwW2n/NacuhFCU6pfzpY/FZFb
Rjgvl+XLo0hB8G5ZArxw0BSNDH4iY/1jwHiVyPEsCIKSTamKfdPV5H0tz4Z5zar6
wKd1m4zhX7SZJRLiXd28+lomhz0XoNfsOaCd8CZrCtCA1jfhPXj3nDN0J60Xwv0Y
gJDrCHXjntqoPU63Ouw5b31eCkgO15kHJ91vSMytxHDYanmyx2cQXliTAXOhP+jB
r7PQzxYRunB6jzpjHq+QusOeGlgZyvtpDCwrTWrilAB4BN60i12NwK+k0BbYRb2M
GQ+POuXgx+teHLOnAsnYfI8Vk2f2neShPX9kfOY66iiagw5XAsN7NT1hPQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFCGhjwnbRaO2CZxYZNDfRfRHi0/UMB8GA1UdIwQY
MBaAFNp9X8oeRpkp1Ki29Xrzy83GOaNeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm4xZnloNUdtU25VcUxiMWV2UEx6Y1k1bzE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8wNjBmMzItYTQ4Yi00NjU3LWE1OGIt
NDFiNzMwMzI3Yzc4LzEvSWFHUENkdEZvN1lKbkZoazBOOUY5RWVMVDlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8wNjBmMzItYTQ4Yi00NjU3LWE1OGItNDFiNzMwMzI3Yzc4
LzEvMm4xZnloNUdtU25VcUxiMWV2UEx6Y1k1bzE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAAjATMBEDBgcqAeXA
gAMHACoB5cCAAjANBgkqhkiG9w0BAQsFAAOCAQEAp6tg9fcze4kdPfzoyTNhc+X/
Z4q/K4pAWEkYg8A8OSQT8K4WeLNWrC2e7gT8qfJgvP1igvwaNie+QPa0a4lydc64
YLVSPTAitYruV4AxVvCWzoje20BebkG0N87ieUmIH52+TeeMpVzfaiQRJo7O6Ag3
uNv74CktI6R9W33v32aND5ahiFd4BLly7iEfpnh01vveAZaRH9pSOdI1t5xp45u6
qQTePKTHfcj9pfCmZLWzJrWy+1Isc8QsuglLZPSa0d26BGhG7gHwjsGGBMc3vyz1
hJouitXAxUPMz0zJmlEZZf54bTfXv1ncHZFStuuCr6QgwL9rVe2cSMM+y2JL5w==
-----END CERTIFICATE-----