Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/Vwp4sUHwufYyD-bPptLzOvd6WdQ.roa
File:                     Vwp4sUHwufYyD-bPptLzOvd6WdQ.roa (raw, json)
Hash identifier:          YWIoCXXcHFga0/3pa1NcRYE9BSy/d2UDiqjf+NsI2BE=
Subject key identifier:   57:0A:78:B1:41:F0:B9:F6:32:0F:E6:CF:A6:D2:F3:3A:F7:7A:59:D4
Certificate issuer:       /CN=a378118db05e4c93e76fa1f1c95679c705beb208
Certificate serial:       01942444AAE0EFC059E894D6370EC70F6942
Authority key identifier: A3:78:11:8D:B0:5E:4C:93:E7:6F:A1:F1:C9:56:79:C7:05:BE:B2:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/Vwp4sUHwufYyD-bPptLzOvd6WdQ.roa
Signing time:             Wed 01 Jan 2025 23:47:47 +0000
ROA not before:           Wed 01 Jan 2025 23:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15542
IP address blocks:        2001:67c:2ef0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:aa:e0:ef:c0:59:e8:94:d6:37:0e:c7:0f:69:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a378118db05e4c93e76fa1f1c95679c705beb208
        Validity
            Not Before: Jan  1 23:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=570a78b141f0b9f6320fe6cfa6d2f33af77a59d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c5:ee:81:45:a9:fb:eb:4c:27:5c:25:0e:ce:
                    ed:d7:27:84:fe:22:14:68:18:59:a5:35:0b:ef:3c:
                    34:b5:97:bf:2c:9f:1a:17:ba:45:d0:4a:93:b2:1c:
                    8a:3a:4d:61:06:70:b2:a5:20:ca:df:3e:88:45:ae:
                    42:2d:62:7a:cc:f5:58:eb:e1:bd:86:46:cb:8c:0c:
                    56:9c:39:35:c4:60:91:7a:73:52:7e:e3:93:94:91:
                    9d:52:23:3b:96:43:19:25:bc:f9:c0:75:44:c4:ac:
                    73:38:32:35:5c:30:ac:66:17:da:3b:f1:fd:0c:fd:
                    4c:09:ed:5d:f7:7f:ac:85:5b:72:82:e4:8f:af:14:
                    f8:fc:c7:e2:20:9b:43:47:ba:66:23:de:57:27:1d:
                    1f:74:c8:70:cf:97:08:8d:7c:05:f1:ac:57:34:b9:
                    81:b7:51:89:0b:4d:55:14:64:a8:29:1c:39:b9:ab:
                    c5:fc:ba:8a:a3:a5:03:a0:49:dc:5c:87:28:a1:a0:
                    c3:f3:8d:67:a2:8d:8e:3a:34:00:35:05:8b:f6:d9:
                    ad:c7:57:6e:c7:90:4a:b6:28:51:d1:0c:4a:37:92:
                    32:4c:68:5d:e7:bd:24:de:99:f0:e8:5e:94:f2:88:
                    79:cd:ed:37:ad:b1:c7:ee:4a:37:97:42:f6:27:7e:
                    d3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:0A:78:B1:41:F0:B9:F6:32:0F:E6:CF:A6:D2:F3:3A:F7:7A:59:D4
            X509v3 Authority Key Identifier:
                keyid:A3:78:11:8D:B0:5E:4C:93:E7:6F:A1:F1:C9:56:79:C7:05:BE:B2:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/Vwp4sUHwufYyD-bPptLzOvd6WdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ef0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:8f:44:7a:e6:84:55:d9:af:8e:80:11:6b:a2:65:05:e2:2b:
         52:ed:d8:60:78:81:19:c2:fa:3a:e3:77:f6:d5:d0:1a:c6:86:
         49:ab:3b:da:ec:be:d9:af:13:c2:ae:b1:4e:36:9f:7f:e7:c6:
         4f:7a:c8:43:d2:2b:3c:7c:a7:5c:f1:c2:71:d6:6d:16:ee:a6:
         ee:4c:d2:98:26:b7:ea:9e:da:98:16:cb:1c:47:52:24:de:23:
         44:06:5c:0f:93:6a:e8:0d:e7:d0:59:3f:d1:5e:73:cd:df:53:
         ff:01:9f:04:53:af:31:af:5f:32:16:d8:3c:1c:08:c9:45:b2:
         98:31:84:d1:74:4b:d3:e1:ff:73:46:6d:ba:b2:63:55:ae:fc:
         0e:83:69:b5:ee:19:0f:aa:37:5d:ab:4d:57:8c:03:6c:b3:5f:
         17:79:b9:71:2d:33:74:1b:27:92:dd:23:e1:ff:d6:a8:f9:5f:
         1f:12:da:a3:96:6b:25:1f:64:3c:7e:07:11:9d:66:0f:3a:9c:
         74:c1:c0:c7:bd:22:9e:41:38:be:ee:d5:06:e8:25:23:6d:8a:
         c4:85:53:8b:98:06:36:83:6c:52:39:f6:9f:7f:0d:51:63:42:
         9c:a4:92:8c:fd:74:ab:ac:ab:72:8a:e8:dd:55:b7:9b:1f:98:
         23:93:4f:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRKrg78BZ6JTWNw7HD2lCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzgxMThkYjA1ZTRjOTNlNzZmYTFmMWM5NTY3OWM3MDVi
ZWIyMDgwHhcNMjUwMTAxMjM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzBhNzhiMTQxZjBiOWY2MzIwZmU2Y2ZhNmQyZjMzYWY3N2E1OWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8XugUWp++tMJ1wlDs7t1yeE/iIU
aBhZpTUL7zw0tZe/LJ8aF7pF0EqTshyKOk1hBnCypSDK3z6IRa5CLWJ6zPVY6+G9
hkbLjAxWnDk1xGCRenNSfuOTlJGdUiM7lkMZJbz5wHVExKxzODI1XDCsZhfaO/H9
DP1MCe1d93+shVtyguSPrxT4/MfiIJtDR7pmI95XJx0fdMhwz5cIjXwF8axXNLmB
t1GJC01VFGSoKRw5uavF/LqKo6UDoEncXIcooaDD841noo2OOjQANQWL9tmtx1du
x5BKtihR0QxKN5IyTGhd570k3pnw6F6U8oh5ze03rbHH7ko3l0L2J37TbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFcKeLFB8Ln2Mg/mz6bS8zr3elnUMB8GA1UdIwQY
MBaAFKN4EY2wXkyT52+h8clWeccFvrIIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNnUmpiQmVUSlBuYjZIeHlWWjV4d1ctc2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wZjM1NWEtM2EwYS00NmVjLWIwN2Yt
ODY2NjA3YWYyZmE1LzEvVndwNHNVSHd1Zll5RC1iUHB0THpPdmQ2V2RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wZjM1NWEtM2EwYS00NmVjLWIwN2YtODY2NjA3YWYyZmE1
LzEvbzNnUmpiQmVUSlBuYjZIeHlWWjV4d1ctc2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC7w
MA0GCSqGSIb3DQEBCwUAA4IBAQCmj0R65oRV2a+OgBFromUF4itS7dhgeIEZwvo6
43f21dAaxoZJqzva7L7ZrxPCrrFONp9/58ZPeshD0is8fKdc8cJx1m0W7qbuTNKY
JrfqntqYFsscR1Ik3iNEBlwPk2roDefQWT/RXnPN31P/AZ8EU68xr18yFtg8HAjJ
RbKYMYTRdEvT4f9zRm26smNVrvwOg2m17hkPqjddq01XjANss18XeblxLTN0GyeS
3SPh/9ao+V8fEtqjlmslH2Q8fgcRnWYPOpx0wcDHvSKeQTi+7tUG6CUjbYrEhVOL
mAY2g2xSOfaffw1RY0KcpJKM/XSrrKtyiujdVbebH5gjk08m
-----END CERTIFICATE-----