Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/bHWPrUheTISW_XZwqIKxaRaFivE.roa
File:                     bHWPrUheTISW_XZwqIKxaRaFivE.roa (raw, json)
Hash identifier:          ek7H7pyvxLeP4/K0w5pzvcUQRE5xOhHM0k+4ZCxv0OA=
Subject key identifier:   6C:75:8F:AD:48:5E:4C:84:96:FD:76:70:A8:82:B1:69:16:85:8A:F1
Certificate issuer:       /CN=588cabf6f523f26e267db03b524347841aaaa465
Certificate serial:       019426D86B87446AC0419C05335087E72F8D
Authority key identifier: 58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/bHWPrUheTISW_XZwqIKxaRaFivE.roa
Signing time:             Thu 02 Jan 2025 11:48:24 +0000
ROA not before:           Thu 02 Jan 2025 11:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202916
IP address blocks:        2a04:1cc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:6b:87:44:6a:c0:41:9c:05:33:50:87:e7:2f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588cabf6f523f26e267db03b524347841aaaa465
        Validity
            Not Before: Jan  2 11:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c758fad485e4c8496fd7670a882b16916858af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7d:98:10:3d:f4:89:07:c9:3d:17:66:03:3d:
                    9d:0a:0f:47:05:83:22:2b:f5:ed:76:f1:d3:7a:36:
                    7e:c4:d9:eb:b9:fb:25:c7:aa:cc:e4:03:67:e9:71:
                    f6:78:d9:43:08:a7:f3:9c:80:db:65:0b:1d:4e:a2:
                    10:96:d8:bd:63:8d:d8:c0:c5:3e:ad:ff:f4:57:c5:
                    26:fb:ad:00:7b:da:04:5d:3b:a7:f7:58:36:85:d9:
                    df:6c:65:b5:f4:84:77:31:72:f2:10:89:be:6c:08:
                    48:db:f5:93:c5:4f:61:03:8d:6a:09:29:e8:a8:69:
                    96:68:8e:41:1a:ce:fd:6f:bb:6e:c0:c7:4f:f1:36:
                    89:3d:c5:ee:0a:10:d7:2b:21:9a:2d:d2:2e:05:27:
                    f6:c7:76:e1:6c:53:5e:e3:e4:ef:c0:94:59:29:cf:
                    dd:dd:b3:43:39:d6:7d:be:6b:c7:d3:65:95:43:20:
                    89:9a:c7:3f:79:01:55:1a:b5:ab:e1:7c:e0:a1:ad:
                    eb:2c:48:cd:1b:fe:88:97:df:2b:b5:64:9e:c8:19:
                    34:d6:61:b3:af:83:2a:e2:9b:d6:0e:48:92:00:2b:
                    10:7e:6d:db:6c:69:fa:7a:79:71:64:57:3c:b4:4d:
                    a0:b1:37:4b:0d:91:c0:db:0a:7f:0f:6b:4a:9c:8b:
                    2a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:75:8F:AD:48:5E:4C:84:96:FD:76:70:A8:82:B1:69:16:85:8A:F1
            X509v3 Authority Key Identifier:
                keyid:58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/bHWPrUheTISW_XZwqIKxaRaFivE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:be:cf:44:9b:eb:b6:3d:5d:45:b9:dc:bf:de:eb:5c:e4:b2:
         9b:f2:de:17:a8:f9:76:bb:cd:9e:d8:71:58:5f:c6:83:c8:33:
         c2:2b:f5:d6:a8:5f:1e:21:4a:60:a3:6e:45:ad:3f:6e:7d:0d:
         29:27:0a:64:f7:3a:c4:d0:c1:bc:00:f3:ab:63:1a:6a:9e:ce:
         4f:49:38:43:61:a7:17:9a:4e:54:ff:a9:1e:5f:3a:25:2f:d6:
         3d:58:ef:8e:f2:b1:f0:86:93:2a:3b:4d:a3:82:b0:ef:9c:91:
         2a:61:00:05:61:0f:d5:03:45:44:b4:22:53:bf:cc:df:33:e7:
         c2:58:31:4e:d4:32:56:01:0a:03:35:c8:65:8a:e7:87:9c:2c:
         de:c6:30:f4:f8:c1:5f:ec:56:c5:0b:55:33:73:20:fd:98:7c:
         30:8a:b5:8f:16:39:ce:8e:58:e8:64:63:9d:c9:9c:21:51:dd:
         40:a7:81:14:17:ab:9a:93:c9:a7:01:21:bd:e6:64:5e:d4:11:
         93:27:26:f4:21:16:b8:12:c9:5e:97:3b:a9:fb:ec:1e:c8:3a:
         09:5c:ac:ce:be:ce:fa:c2:78:31:0b:e1:5f:79:2c:62:bd:06:
         ed:8e:77:10:19:98:58:76:a1:22:84:75:95:d5:03:7f:ae:a7:
         f9:3e:0d:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQm2GuHRGrAQZwFM1CH5y+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGNhYmY2ZjUyM2YyNmUyNjdkYjAzYjUyNDM0Nzg0MWFh
YWE0NjUwHhcNMjUwMTAyMTE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzc1OGZhZDQ4NWU0Yzg0OTZmZDc2NzBhODgyYjE2OTE2ODU4YWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuH2YED30iQfJPRdmAz2dCg9HBYMi
K/XtdvHTejZ+xNnrufslx6rM5ANn6XH2eNlDCKfznIDbZQsdTqIQlti9Y43YwMU+
rf/0V8Um+60Ae9oEXTun91g2hdnfbGW19IR3MXLyEIm+bAhI2/WTxU9hA41qCSno
qGmWaI5BGs79b7tuwMdP8TaJPcXuChDXKyGaLdIuBSf2x3bhbFNe4+TvwJRZKc/d
3bNDOdZ9vmvH02WVQyCJmsc/eQFVGrWr4Xzgoa3rLEjNG/6Il98rtWSeyBk01mGz
r4Mq4pvWDkiSACsQfm3bbGn6enlxZFc8tE2gsTdLDZHA2wp/D2tKnIsq0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGx1j61IXkyElv12cKiCsWkWhYrxMB8GA1UdIwQY
MBaAFFiMq/b1I/JuJn2wO1JDR4QaqqRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQt
NmFkMzI1MmExNDI3LzEvYkhXUHJVaGVUSVNXX1had3FJS3hhUmFGaXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQtNmFkMzI1MmExNDI3
LzEvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgQcwDAN
BgkqhkiG9w0BAQsFAAOCAQEAFL7PRJvrtj1dRbncv97rXOSym/LeF6j5drvNnthx
WF/Gg8gzwiv11qhfHiFKYKNuRa0/bn0NKScKZPc6xNDBvADzq2Maap7OT0k4Q2Gn
F5pOVP+pHl86JS/WPVjvjvKx8IaTKjtNo4Kw75yRKmEABWEP1QNFRLQiU7/M3zPn
wlgxTtQyVgEKAzXIZYrnh5ws3sYw9PjBX+xWxQtVM3Mg/Zh8MIq1jxY5zo5Y6GRj
ncmcIVHdQKeBFBermpPJpwEhveZkXtQRkycm9CEWuBLJXpc7qfvsHsg6CVyszr7O
+sJ4MQvhX3ksYr0G7Y53EBmYWHahIoR1ldUDf66n+T4NCQ==
-----END CERTIFICATE-----