Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/HW3yz8X7qxTo7UfeqkWq12X_8DY.roa
File:                     HW3yz8X7qxTo7UfeqkWq12X_8DY.roa (raw, json)
Hash identifier:          Sg386YREgnkLIDryYsuZ5WxU45X+cAEuTL3x1T+HdFI=
Subject key identifier:   1D:6D:F2:CF:C5:FB:AB:14:E8:ED:47:DE:AA:45:AA:D7:65:FF:F0:36
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       0194266B1D5A137F526FB2B95FF4C51BDD4B
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/HW3yz8X7qxTo7UfeqkWq12X_8DY.roa
Signing time:             Thu 02 Jan 2025 09:49:01 +0000
ROA not before:           Thu 02 Jan 2025 09:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202313
IP address blocks:        2a0d:1a40:fa0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:1d:5a:13:7f:52:6f:b2:b9:5f:f4:c5:1b:dd:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  2 09:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d6df2cfc5fbab14e8ed47deaa45aad765fff036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:de:80:be:75:19:f3:70:13:f8:47:b0:2a:a0:
                    36:2c:c0:d7:fe:cb:31:34:4b:f2:88:4c:97:4a:09:
                    6b:34:1c:b7:a6:32:d9:90:2c:53:c1:e8:bc:fd:49:
                    4c:53:00:3c:b2:41:6f:1a:ed:b6:8d:eb:ec:f0:3b:
                    69:72:48:55:c7:6d:a4:d2:e6:7b:30:9e:6d:72:f6:
                    17:d7:39:4e:3e:2e:e4:30:5a:0d:eb:84:cb:e5:31:
                    14:31:76:52:f4:99:b9:64:7c:d0:33:35:9b:cc:52:
                    38:78:12:02:91:81:e0:b8:66:36:c1:ea:30:11:96:
                    ba:75:1b:0b:48:a1:7f:de:95:a0:9d:e0:fe:1d:04:
                    95:3a:2c:3e:af:40:96:36:73:31:3b:3b:0b:99:bc:
                    80:8d:c6:77:55:ee:f0:25:fe:9e:1e:58:61:89:85:
                    72:53:7c:f4:1b:b8:a7:52:05:63:73:3e:98:66:6b:
                    dd:dc:d9:87:69:16:0a:0a:20:0d:49:00:c4:52:2b:
                    0e:33:ad:74:6c:db:7d:7d:70:e4:e5:2f:77:ae:c9:
                    bf:4b:e4:54:dd:fe:b7:20:70:7b:2d:c8:41:1d:32:
                    b4:cf:b3:3c:fa:62:f7:5b:08:d0:60:e0:5a:ee:e8:
                    6d:56:f1:bc:de:59:32:9c:8b:66:05:cb:93:d4:f8:
                    b6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:6D:F2:CF:C5:FB:AB:14:E8:ED:47:DE:AA:45:AA:D7:65:FF:F0:36
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/HW3yz8X7qxTo7UfeqkWq12X_8DY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1a40:fa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:8d:38:e2:b6:cc:46:3e:f5:84:70:80:d9:e2:de:97:1a:65:
         d2:c3:74:f9:45:78:df:21:d3:6d:70:e7:bd:a8:20:fe:7d:32:
         29:bc:95:d4:2f:b9:99:85:87:3a:98:a4:4b:63:c9:13:6d:fb:
         72:c7:f1:8f:c6:2d:07:2d:70:7b:8c:73:0c:01:fb:0e:e4:73:
         69:6d:1a:d3:36:0e:89:69:8c:98:31:1d:81:1d:07:ad:13:73:
         03:fc:31:b8:12:c6:5f:23:41:cd:2b:06:15:50:af:35:f3:06:
         72:a7:38:99:dd:f5:96:bd:ac:fd:9e:b6:8c:ab:67:d6:ed:0e:
         8c:4a:df:33:03:e0:d1:9f:7d:4b:ef:30:60:33:89:1b:9c:bd:
         45:b1:7b:1d:70:b6:de:cc:95:70:cb:02:8d:c2:e2:d3:95:55:
         9f:bf:5b:4e:a6:85:ce:ef:be:f9:f9:78:94:07:57:44:4f:10:
         3f:ef:37:cb:67:8c:3f:e4:4c:70:b6:ca:73:95:55:1e:27:78:
         42:c8:0a:79:1e:cf:56:21:f7:90:ca:be:ce:ae:e2:62:01:2b:
         d1:c6:cc:f0:96:f3:d5:ae:4f:85:8d:09:38:64:89:24:66:6e:
         aa:cf:6d:0d:23:47:9b:34:a1:1b:76:48:b7:64:a3:72:71:8f:
         bf:2f:4b:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQmax1aE39Sb7K5X/TFG91LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjUwMTAyMDk0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDZkZjJjZmM1ZmJhYjE0ZThlZDQ3ZGVhYTQ1YWFkNzY1ZmZmMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd6AvnUZ83AT+EewKqA2LMDX/ssx
NEvyiEyXSglrNBy3pjLZkCxTwei8/UlMUwA8skFvGu22jevs8DtpckhVx22k0uZ7
MJ5tcvYX1zlOPi7kMFoN64TL5TEUMXZS9Jm5ZHzQMzWbzFI4eBICkYHguGY2weow
EZa6dRsLSKF/3pWgneD+HQSVOiw+r0CWNnMxOzsLmbyAjcZ3Ve7wJf6eHlhhiYVy
U3z0G7inUgVjcz6YZmvd3NmHaRYKCiANSQDEUisOM610bNt9fXDk5S93rsm/S+RU
3f63IHB7LchBHTK0z7M8+mL3WwjQYOBa7uhtVvG83lkynItmBcuT1Pi2qwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB1t8s/F+6sU6O1H3qpFqtdl//A2MB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvSFczeXo4WDdxeFRvN1VmZXFrV3ExMlhfOERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0aQA+g
MA0GCSqGSIb3DQEBCwUAA4IBAQAijTjitsxGPvWEcIDZ4t6XGmXSw3T5RXjfIdNt
cOe9qCD+fTIpvJXUL7mZhYc6mKRLY8kTbftyx/GPxi0HLXB7jHMMAfsO5HNpbRrT
Ng6JaYyYMR2BHQetE3MD/DG4EsZfI0HNKwYVUK818wZypziZ3fWWvaz9nraMq2fW
7Q6MSt8zA+DRn31L7zBgM4kbnL1FsXsdcLbezJVwywKNwuLTlVWfv1tOpoXO7775
+XiUB1dETxA/7zfLZ4w/5ExwtspzlVUeJ3hCyAp5Hs9WIfeQyr7OruJiASvRxszw
lvPVrk+FjQk4ZIkkZm6qz20NI0ebNKEbdki3ZKNycY+/L0tU
-----END CERTIFICATE-----