Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/TfT6AZyh9UGWuKPzLXDw4XK7Cjc.roa
File:                     TfT6AZyh9UGWuKPzLXDw4XK7Cjc.roa (raw, json)
Hash identifier:          4OX2vbS8uyBAPoRn5NlTz3A25sxN9Wre4w3pzzWneG0=
Subject key identifier:   4D:F4:FA:01:9C:A1:F5:41:96:B8:A3:F3:2D:70:F0:E1:72:BB:0A:37
Certificate issuer:       /CN=41d14f28f98d3bdcc45e19226f1f56170e312abf
Certificate serial:       019424B31D89C5A672218DF5119114298676
Authority key identifier: 41:D1:4F:28:F9:8D:3B:DC:C4:5E:19:22:6F:1F:56:17:0E:31:2A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QdFPKPmNO9zEXhkibx9WFw4xKr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/TfT6AZyh9UGWuKPzLXDw4XK7Cjc.roa
Signing time:             Thu 02 Jan 2025 01:48:25 +0000
ROA not before:           Thu 02 Jan 2025 01:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200924
IP address blocks:        2001:67c:2a10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/QdFPKPmNO9zEXhkibx9WFw4xKr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/QdFPKPmNO9zEXhkibx9WFw4xKr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QdFPKPmNO9zEXhkibx9WFw4xKr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:1d:89:c5:a6:72:21:8d:f5:11:91:14:29:86:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41d14f28f98d3bdcc45e19226f1f56170e312abf
        Validity
            Not Before: Jan  2 01:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4df4fa019ca1f54196b8a3f32d70f0e172bb0a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:69:26:02:d6:6c:e3:d4:63:13:b3:86:74:cd:
                    e9:24:3e:3f:20:78:16:5a:1b:01:04:78:d5:05:67:
                    d2:0d:30:17:0f:e0:dd:77:b5:7a:e6:38:83:7a:33:
                    d4:33:21:e1:c0:3f:5f:44:04:56:66:46:df:35:22:
                    f7:f9:9c:eb:11:54:15:63:50:55:11:3c:11:ec:da:
                    e2:90:0c:4f:20:b7:c8:ba:1f:da:85:c6:86:47:07:
                    bb:db:e9:0d:6f:cb:6e:ca:c0:37:e5:76:0d:84:29:
                    f7:c3:63:62:04:8b:f0:f1:3b:73:7e:2d:b9:a2:42:
                    e2:26:bf:d5:b4:00:ea:9f:31:25:58:8d:62:f3:5f:
                    0f:4b:2a:0a:a0:5a:95:10:5b:f8:ed:d6:6c:f4:d7:
                    f8:d5:6f:ce:2b:48:6a:3b:39:0b:1a:25:85:5d:75:
                    b5:be:a1:ec:9b:71:99:9b:c0:6d:3e:2f:d5:9a:e5:
                    d2:b9:e9:94:4f:d6:2d:45:38:91:fe:7b:bb:3a:9a:
                    98:b6:ec:58:46:fa:18:1a:2e:cc:b2:36:82:3b:0c:
                    56:7a:ef:6b:45:cd:dc:95:2f:2d:15:6b:f0:de:6a:
                    0b:a1:52:e4:da:7a:1b:69:e3:d7:f5:04:c8:e8:df:
                    70:ed:cf:14:d0:9d:51:da:d0:3e:b5:0a:0f:54:8f:
                    6b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F4:FA:01:9C:A1:F5:41:96:B8:A3:F3:2D:70:F0:E1:72:BB:0A:37
            X509v3 Authority Key Identifier:
                keyid:41:D1:4F:28:F9:8D:3B:DC:C4:5E:19:22:6F:1F:56:17:0E:31:2A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QdFPKPmNO9zEXhkibx9WFw4xKr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/TfT6AZyh9UGWuKPzLXDw4XK7Cjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a074e2-66ea-43cc-94a7-b380453267f9/1/QdFPKPmNO9zEXhkibx9WFw4xKr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:c5:30:66:d8:b8:bc:d2:89:4e:e1:52:ca:b0:44:d5:55:f7:
         4b:f8:83:df:eb:47:a4:67:c5:61:3f:35:81:4c:19:a4:c9:9a:
         8d:5b:e9:d8:8d:ba:05:7b:ef:d6:c8:cc:a4:ba:61:44:80:b3:
         92:aa:2f:d8:6b:e6:e6:ef:2c:81:c1:b3:00:e4:d2:61:9c:11:
         a6:63:31:8b:bc:25:70:4f:9d:b8:cb:01:05:89:72:13:fe:34:
         52:99:08:21:94:79:9b:0e:5b:29:eb:d0:24:bc:a6:3b:b0:6e:
         cf:73:55:4e:ee:fb:3d:d4:66:ed:d6:96:1f:5e:25:32:b3:5c:
         fa:55:47:f0:65:8c:7d:19:a8:73:78:af:39:75:39:88:74:4c:
         52:39:8a:4c:ef:04:f2:69:d2:92:b6:76:e6:30:df:29:9d:f8:
         1c:a8:ae:bd:e2:25:da:cd:c6:00:3f:92:3f:71:32:cd:dc:aa:
         f9:57:9c:70:c6:9f:61:da:75:6b:eb:b3:b1:39:cb:f2:06:cb:
         b3:14:cc:ff:23:fa:52:d3:46:a9:f1:db:06:b7:99:d7:53:9a:
         35:4d:72:10:a8:92:2e:27:d0:d1:e7:4a:7d:ba:34:13:5e:90:
         b3:53:72:6b:93:a5:21:01:4a:7e:73:dc:c8:c6:12:f4:25:5b:
         6f:61:93:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQksx2JxaZyIY31EZEUKYZ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZDE0ZjI4Zjk4ZDNiZGNjNDVlMTkyMjZmMWY1NjE3MGUz
MTJhYmYwHhcNMjUwMTAyMDE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGY0ZmEwMTljYTFmNTQxOTZiOGEzZjMyZDcwZjBlMTcyYmIwYTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmkmAtZs49RjE7OGdM3pJD4/IHgW
WhsBBHjVBWfSDTAXD+Ddd7V65jiDejPUMyHhwD9fRARWZkbfNSL3+ZzrEVQVY1BV
ETwR7NrikAxPILfIuh/ahcaGRwe72+kNb8tuysA35XYNhCn3w2NiBIvw8Ttzfi25
okLiJr/VtADqnzElWI1i818PSyoKoFqVEFv47dZs9Nf41W/OK0hqOzkLGiWFXXW1
vqHsm3GZm8BtPi/VmuXSuemUT9YtRTiR/nu7OpqYtuxYRvoYGi7MsjaCOwxWeu9r
Rc3clS8tFWvw3moLoVLk2nobaePX9QTI6N9w7c8U0J1R2tA+tQoPVI9rcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE30+gGcofVBlrij8y1w8OFyuwo3MB8GA1UdIwQY
MBaAFEHRTyj5jTvcxF4ZIm8fVhcOMSq/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWRGUEtQbU5POXpFWGhraWJ4OVdGdzR4S3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9hMDc0ZTItNjZlYS00M2NjLTk0YTct
YjM4MDQ1MzI2N2Y5LzEvVGZUNkFaeWg5VUdXdUtQekxYRHc0WEs3Q2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9hMDc0ZTItNjZlYS00M2NjLTk0YTctYjM4MDQ1MzI2N2Y5
LzEvUWRGUEtQbU5POXpFWGhraWJ4OVdGdzR4S3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCaxTBm2Li80olO4VLKsETVVfdL+IPf60ekZ8Vh
PzWBTBmkyZqNW+nYjboFe+/WyMykumFEgLOSqi/Ya+bm7yyBwbMA5NJhnBGmYzGL
vCVwT524ywEFiXIT/jRSmQghlHmbDlsp69AkvKY7sG7Pc1VO7vs91Gbt1pYfXiUy
s1z6VUfwZYx9GahzeK85dTmIdExSOYpM7wTyadKStnbmMN8pnfgcqK694iXazcYA
P5I/cTLN3Kr5V5xwxp9h2nVr67OxOcvyBsuzFMz/I/pS00ap8dsGt5nXU5o1TXIQ
qJIuJ9DR50p9ujQTXpCzU3Jrk6UhAUp+c9zIxhL0JVtvYZPl
-----END CERTIFICATE-----