Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/0TtFz6wVP0jqaQNw01V55drmS3k.roa
File:                     0TtFz6wVP0jqaQNw01V55drmS3k.roa (raw, json)
Hash identifier:          TMVD5m2P0IJi74IF8JJhCFdWfhDxP8MQCO9QQGNNZr4=
Subject key identifier:   D1:3B:45:CF:AC:15:3F:48:EA:69:03:70:D3:55:79:E5:DA:E6:4B:79
Certificate issuer:       /CN=61106d2dff7116f35ab7fa10275a45e383bce523
Certificate serial:       019427B5A1C0A39E42F4C2320BEAA27885DC
Authority key identifier: 61:10:6D:2D:FF:71:16:F3:5A:B7:FA:10:27:5A:45:E3:83:BC:E5:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YRBtLf9xFvNat_oQJ1pF44O85SM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/0TtFz6wVP0jqaQNw01V55drmS3k.roa
Signing time:             Thu 02 Jan 2025 15:50:02 +0000
ROA not before:           Thu 02 Jan 2025 15:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1836
IP address blocks:        2001:67c:1300::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/YRBtLf9xFvNat_oQJ1pF44O85SM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/YRBtLf9xFvNat_oQJ1pF44O85SM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YRBtLf9xFvNat_oQJ1pF44O85SM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:a1:c0:a3:9e:42:f4:c2:32:0b:ea:a2:78:85:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61106d2dff7116f35ab7fa10275a45e383bce523
        Validity
            Not Before: Jan  2 15:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d13b45cfac153f48ea690370d35579e5dae64b79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c5:24:6d:42:38:2b:bf:0e:9f:bd:cb:04:d1:
                    63:bc:00:ff:d6:83:d7:af:7c:92:26:f0:53:80:42:
                    38:7e:b1:6a:f1:7c:94:7a:66:5a:70:2e:67:b9:1b:
                    55:71:6d:cf:45:7c:f3:55:6b:d6:42:53:12:4d:36:
                    cc:da:87:76:9b:bf:3c:b1:d4:b5:ec:1a:d8:4e:ac:
                    a4:2a:f0:9b:92:64:97:55:47:40:97:c2:56:9a:9a:
                    9d:9e:16:02:55:e5:f6:1b:15:09:c4:c1:3e:c3:19:
                    f5:72:f2:60:ac:3f:bd:f6:0e:86:50:71:ff:4b:b1:
                    39:d5:88:db:62:07:f3:81:0d:ef:55:65:84:47:5f:
                    66:e0:4d:88:84:bd:7b:91:2d:30:d2:cd:df:0b:1f:
                    61:d7:1b:be:8f:ef:de:1e:50:5f:33:27:21:cb:7e:
                    1e:f9:46:d5:db:71:f6:63:c2:58:75:28:56:99:b8:
                    6e:84:a9:c4:96:da:30:23:5c:ee:a8:13:e1:d1:87:
                    3b:e4:8e:fa:a4:09:44:e1:e5:86:94:77:42:a9:04:
                    b3:f4:c5:65:5d:04:db:76:a8:c1:62:29:a3:5e:54:
                    78:85:f5:0f:9d:30:0b:65:05:41:36:3b:76:c5:cc:
                    97:d0:1d:2d:aa:e4:3d:8c:af:b8:99:3f:cd:27:2b:
                    50:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:3B:45:CF:AC:15:3F:48:EA:69:03:70:D3:55:79:E5:DA:E6:4B:79
            X509v3 Authority Key Identifier:
                keyid:61:10:6D:2D:FF:71:16:F3:5A:B7:FA:10:27:5A:45:E3:83:BC:E5:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YRBtLf9xFvNat_oQJ1pF44O85SM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/0TtFz6wVP0jqaQNw01V55drmS3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/a16ea5-3867-4406-9f2a-a4944e9625c0/1/YRBtLf9xFvNat_oQJ1pF44O85SM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1300::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:a8:8a:b8:c8:0d:82:87:5a:eb:4c:5c:1f:49:05:19:4d:65:
         ca:3d:da:66:07:d4:e3:e7:02:3f:06:4c:6a:e9:5c:8a:7b:bb:
         36:a0:1d:96:93:4b:b9:c9:96:6a:a7:8b:c1:e6:f6:e7:e7:c4:
         c4:9d:49:49:d4:69:95:66:e8:a4:bd:d9:72:a5:25:0e:cb:48:
         88:d3:38:a3:18:e1:fd:90:09:e8:68:62:51:39:21:bf:ac:1e:
         b0:6d:13:40:8c:73:2c:dd:bc:cb:27:c9:c7:02:90:57:0b:78:
         36:54:45:f0:13:7a:f6:de:13:7b:34:51:8d:b8:0f:5f:de:c4:
         07:d3:ea:75:9a:bc:7b:43:37:af:46:3d:77:b7:7b:6d:7a:3d:
         3c:8c:7e:94:be:5f:81:fd:e3:1c:8e:e6:fb:e3:66:81:1a:ee:
         85:d6:4e:08:f6:7e:8f:4f:b1:14:d4:be:84:51:98:22:9e:d9:
         d9:f6:54:bf:f4:91:e2:3e:4c:37:65:8e:0e:5a:be:16:2f:f6:
         6a:da:c1:82:54:3c:4b:1c:44:49:f4:76:da:9a:51:b9:3e:60:
         46:11:6d:c4:06:8c:47:ff:c0:71:c9:e5:b4:2c:f7:a3:87:6e:
         54:49:b5:f2:0a:18:17:f0:b5:21:c5:e9:02:3c:8d:ad:af:6e:
         90:8f:9b:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntaHAo55C9MIyC+qieIXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMTA2ZDJkZmY3MTE2ZjM1YWI3ZmExMDI3NWE0NWUzODNi
Y2U1MjMwHhcNMjUwMTAyMTU1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTNiNDVjZmFjMTUzZjQ4ZWE2OTAzNzBkMzU1NzllNWRhZTY0Yjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8UkbUI4K78On73LBNFjvAD/1oPX
r3ySJvBTgEI4frFq8XyUemZacC5nuRtVcW3PRXzzVWvWQlMSTTbM2od2m788sdS1
7BrYTqykKvCbkmSXVUdAl8JWmpqdnhYCVeX2GxUJxME+wxn1cvJgrD+99g6GUHH/
S7E51YjbYgfzgQ3vVWWER19m4E2IhL17kS0w0s3fCx9h1xu+j+/eHlBfMychy34e
+UbV23H2Y8JYdShWmbhuhKnEltowI1zuqBPh0Yc75I76pAlE4eWGlHdCqQSz9MVl
XQTbdqjBYimjXlR4hfUPnTALZQVBNjt2xcyX0B0tquQ9jK+4mT/NJytQ/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNE7Rc+sFT9I6mkDcNNVeeXa5kt5MB8GA1UdIwQY
MBaAFGEQbS3/cRbzWrf6ECdaReODvOUjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVJCdExmOXhGdk5hdF9vUUoxcEY0NE84NVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hMTZlYTUtMzg2Ny00NDA2LTlmMmEt
YTQ5NDRlOTYyNWMwLzEvMFR0Rno2d1ZQMGpxYVFOdzAxVjU1ZHJtUzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hMTZlYTUtMzg2Ny00NDA2LTlmMmEtYTQ5NDRlOTYyNWMw
LzEvWVJCdExmOXhGdk5hdF9vUUoxcEY0NE84NVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBMA
MA0GCSqGSIb3DQEBCwUAA4IBAQB2qIq4yA2Ch1rrTFwfSQUZTWXKPdpmB9Tj5wI/
Bkxq6VyKe7s2oB2Wk0u5yZZqp4vB5vbn58TEnUlJ1GmVZuikvdlypSUOy0iI0zij
GOH9kAnoaGJROSG/rB6wbRNAjHMs3bzLJ8nHApBXC3g2VEXwE3r23hN7NFGNuA9f
3sQH0+p1mrx7QzevRj13t3ttej08jH6Uvl+B/eMcjub742aBGu6F1k4I9n6PT7EU
1L6EUZgintnZ9lS/9JHiPkw3ZY4OWr4WL/Zq2sGCVDxLHERJ9HbamlG5PmBGEW3E
BoxH/8BxyeW0LPejh25USbXyChgX8LUhxekCPI2tr26Qj5sG
-----END CERTIFICATE-----