Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/5M4zCnvvjSxCYBlFbnwQpZ9UlkM.roa
File:                     5M4zCnvvjSxCYBlFbnwQpZ9UlkM.roa (raw, json)
Hash identifier:          CTFwCkXzu4XeQNbM7r22BlzBrhJGIUU61enUxp3Rq3Y=
Subject key identifier:   E4:CE:33:0A:7B:EF:8D:2C:42:60:19:45:6E:7C:10:A5:9F:54:96:43
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       019422FAF7BD626AAB4278539C6D662C390C
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/5M4zCnvvjSxCYBlFbnwQpZ9UlkM.roa
Signing time:             Wed 01 Jan 2025 17:47:40 +0000
ROA not before:           Wed 01 Jan 2025 17:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43126
IP address blocks:        2a0f:607:1060::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:f7:bd:62:6a:ab:42:78:53:9c:6d:66:2c:39:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 17:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4ce330a7bef8d2c426019456e7c10a59f549643
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c8:24:8e:45:fd:68:13:8d:0a:b4:f4:5e:63:
                    a1:4c:92:f1:bd:cc:3c:c5:d5:69:c9:a1:7a:2c:25:
                    0e:a7:f2:86:ff:07:cf:58:65:66:15:02:03:9e:d2:
                    8e:07:97:ff:04:cf:23:19:86:9b:b8:22:8a:b7:a8:
                    6d:33:60:ba:cd:ee:03:d3:0a:da:e8:3b:fa:53:be:
                    05:9e:39:12:36:eb:dc:b1:91:7d:bc:9d:7d:b2:20:
                    78:f8:76:ef:d0:bb:56:68:6d:d5:62:40:5f:bd:3e:
                    51:f5:40:aa:0f:4c:31:ae:c0:e7:e4:db:bc:01:8c:
                    49:87:ea:7e:cc:96:72:19:88:08:dd:f5:65:78:1b:
                    bd:83:bc:99:9b:24:15:71:a2:56:f9:a0:71:d6:4b:
                    05:55:f4:95:e8:24:c8:cd:40:b8:2d:e7:50:71:fe:
                    54:51:33:93:68:ca:5d:6f:30:58:72:04:6b:f2:37:
                    5e:e8:e0:bd:2f:15:9b:70:b7:08:84:2f:cf:78:cb:
                    93:31:97:78:41:96:ed:83:bc:f5:50:96:c6:14:7e:
                    a6:f1:18:8b:4b:e3:19:0f:63:0d:84:ab:f6:67:b4:
                    bd:87:b7:0f:85:3c:73:4d:55:1d:76:42:cf:7d:8f:
                    fd:af:64:2b:a0:92:51:36:53:4b:18:12:a3:4c:f4:
                    2e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:CE:33:0A:7B:EF:8D:2C:42:60:19:45:6E:7C:10:A5:9F:54:96:43
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/5M4zCnvvjSxCYBlFbnwQpZ9UlkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1060::/44

    Signature Algorithm: sha256WithRSAEncryption
         9d:ee:98:69:8f:c2:a8:42:08:94:a3:e5:c2:29:8e:55:0a:d2:
         87:dc:d0:ee:cc:be:5b:71:9a:a6:4e:f8:c3:38:9d:7d:a8:b0:
         6e:b9:db:f2:f5:2e:94:9d:02:1e:bb:0c:bf:fb:76:df:91:72:
         6b:e4:83:69:e3:cf:12:67:54:7e:fc:10:a7:92:81:5a:5d:65:
         bd:db:c9:4e:97:2f:3e:d3:88:fe:39:8f:0c:6e:2e:17:c4:d3:
         93:a5:95:67:20:f5:10:88:3f:1e:79:c7:57:88:80:15:39:eb:
         bf:91:b1:5b:10:03:6e:90:d7:9e:84:39:52:7b:3a:93:33:b4:
         d0:b1:e7:0f:50:6e:2d:bb:02:a5:48:00:63:43:d6:65:ad:ab:
         ec:26:21:f4:78:40:3c:5f:e8:9c:fc:49:19:8c:29:ba:bd:50:
         d7:66:74:1e:94:68:aa:76:10:3f:26:34:47:8c:17:8b:c9:41:
         e0:f3:4c:8a:31:3d:94:1f:c8:49:36:09:cc:0d:d2:a1:6d:24:
         f6:7f:52:96:45:d8:bf:02:71:bf:5f:18:c1:1c:03:d7:8b:69:
         db:14:a2:af:46:0d:58:b9:98:c8:c6:3d:08:e4:c6:e7:f6:0d:
         31:20:47:a6:70:ab:5b:6a:f6:87:49:36:d6:e4:4e:24:df:50:
         f3:b7:bb:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+ve9YmqrQnhTnG1mLDkMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjUwMTAxMTc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGNlMzMwYTdiZWY4ZDJjNDI2MDE5NDU2ZTdjMTBhNTlmNTQ5NjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMgkjkX9aBONCrT0XmOhTJLxvcw8
xdVpyaF6LCUOp/KG/wfPWGVmFQIDntKOB5f/BM8jGYabuCKKt6htM2C6ze4D0wra
6Dv6U74FnjkSNuvcsZF9vJ19siB4+Hbv0LtWaG3VYkBfvT5R9UCqD0wxrsDn5Nu8
AYxJh+p+zJZyGYgI3fVleBu9g7yZmyQVcaJW+aBx1ksFVfSV6CTIzUC4LedQcf5U
UTOTaMpdbzBYcgRr8jde6OC9LxWbcLcIhC/PeMuTMZd4QZbtg7z1UJbGFH6m8RiL
S+MZD2MNhKv2Z7S9h7cPhTxzTVUddkLPfY/9r2QroJJRNlNLGBKjTPQu2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOTOMwp7740sQmAZRW58EKWfVJZDMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvNU00ekNudnZqU3hDWUJsRmJud1FwWjlVbGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxBg
MA0GCSqGSIb3DQEBCwUAA4IBAQCd7phpj8KoQgiUo+XCKY5VCtKH3NDuzL5bcZqm
TvjDOJ19qLBuudvy9S6UnQIeuwy/+3bfkXJr5INp488SZ1R+/BCnkoFaXWW928lO
ly8+04j+OY8Mbi4XxNOTpZVnIPUQiD8eecdXiIAVOeu/kbFbEANukNeehDlSezqT
M7TQsecPUG4tuwKlSABjQ9ZlravsJiH0eEA8X+ic/EkZjCm6vVDXZnQelGiqdhA/
JjRHjBeLyUHg80yKMT2UH8hJNgnMDdKhbST2f1KWRdi/AnG/XxjBHAPXi2nbFKKv
Rg1YuZjIxj0I5Mbn9g0xIEemcKtbavaHSTbW5E4k31Dzt7sL
-----END CERTIFICATE-----