Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/ecFUW2z0XsJzdPaPmfmi1NbravY.roa
File:                     ecFUW2z0XsJzdPaPmfmi1NbravY.roa (raw, json)
Hash identifier:          B/1KiGYT9I28lQbSFekF4v776yFSZOm/z2BZeazx7uo=
Subject key identifier:   79:C1:54:5B:6C:F4:5E:C2:73:74:F6:8F:99:F9:A2:D4:D6:EB:6A:F6
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       019426D9DBB7803E6FC38A00F996D9B402BE
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/ecFUW2z0XsJzdPaPmfmi1NbravY.roa
Signing time:             Thu 02 Jan 2025 11:49:59 +0000
ROA not before:           Thu 02 Jan 2025 11:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     141039
IP address blocks:        2a13:240:4100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 07:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:db:b7:80:3e:6f:c3:8a:00:f9:96:d9:b4:02:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Jan  2 11:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79c1545b6cf45ec27374f68f99f9a2d4d6eb6af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:23:54:8a:ba:0d:91:b9:d0:95:97:2f:6d:93:
                    72:0d:82:b1:af:8a:26:7a:58:e3:4a:51:af:01:9c:
                    bb:cf:6e:2e:ed:5e:3d:67:6a:f9:05:ad:a9:1b:76:
                    32:ff:47:11:bc:91:8c:0a:6b:38:d1:2e:82:f2:a5:
                    5b:11:6c:6d:de:51:6a:d8:0f:4e:05:9e:dc:e3:be:
                    88:ca:42:c3:0e:68:26:41:04:91:ba:36:4b:e0:a6:
                    b9:9c:64:17:a9:41:c8:de:bd:42:ba:c5:35:54:e5:
                    2c:39:44:b2:c1:93:d7:e8:f8:ff:ea:b6:75:29:fa:
                    a7:61:4a:30:d6:14:82:ee:c9:02:7d:a8:24:7c:2e:
                    d4:65:f4:2f:c6:6c:e0:bb:27:c6:47:ad:00:eb:3b:
                    73:f3:f9:b3:87:72:86:ac:b3:f1:3b:4f:1b:db:ba:
                    c0:c6:80:79:5c:27:7b:68:f4:d1:3f:83:34:a0:de:
                    7b:85:db:56:ef:ac:b2:5a:55:32:40:c8:8b:7f:dc:
                    86:34:82:14:97:c6:39:42:30:cf:9c:b0:14:4b:19:
                    06:c7:49:a1:24:85:06:8e:a4:a3:81:45:3d:4f:e8:
                    00:fe:d1:3f:02:ac:e5:63:c3:96:f0:ea:50:8b:c3:
                    20:97:76:62:2c:9e:cd:d0:41:b0:03:b2:36:2f:e5:
                    0e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C1:54:5B:6C:F4:5E:C2:73:74:F6:8F:99:F9:A2:D4:D6:EB:6A:F6
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/ecFUW2z0XsJzdPaPmfmi1NbravY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:240:4100::/40

    Signature Algorithm: sha256WithRSAEncryption
         83:e5:d3:0f:7b:fd:3a:16:10:fd:77:b5:00:cb:d9:86:27:38:
         bd:7f:ef:16:ca:89:8c:34:5d:b2:c1:d5:28:d8:f7:f0:2a:5b:
         f3:ad:55:1f:65:95:48:d6:99:de:fb:d3:6e:1b:bb:77:2e:de:
         71:b9:d6:9d:7b:91:f6:53:79:f3:f4:ff:e2:ae:37:bc:0f:1a:
         69:2d:d4:bb:23:53:14:49:2d:02:9c:6d:e1:a7:ed:f5:9d:ae:
         94:5e:fe:b4:82:e1:38:79:33:32:23:96:4e:2f:9d:6e:70:6a:
         f4:aa:82:d9:a6:7b:20:48:35:5a:c6:da:52:b5:4d:73:d9:82:
         e4:d3:aa:29:96:b2:fc:a1:54:b9:9a:c1:b5:50:9a:d2:2b:c3:
         24:f6:a8:f4:b7:a8:e1:7c:c3:1f:68:98:30:84:61:5e:92:5a:
         49:e6:33:ae:62:60:59:82:de:cd:3d:61:c2:3f:55:08:fa:82:
         8f:04:f3:7f:3a:ae:f6:14:b3:79:19:60:aa:23:ca:65:63:f9:
         6f:d7:02:81:d1:d6:98:de:fc:a1:0d:ba:2e:9c:45:cd:81:fd:
         cb:59:ae:f3:23:49:1f:b4:12:85:90:22:d5:e1:48:8c:a6:08:
         d4:e7:c1:be:47:47:46:8a:ed:df:5d:99:47:e0:22:ca:13:73:
         60:2e:b5:f6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQm2du3gD5vw4oA+ZbZtAK+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjUwMTAyMTE0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWMxNTQ1YjZjZjQ1ZWMyNzM3NGY2OGY5OWY5YTJkNGQ2ZWI2YWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyNUiroNkbnQlZcvbZNyDYKxr4om
eljjSlGvAZy7z24u7V49Z2r5Ba2pG3Yy/0cRvJGMCms40S6C8qVbEWxt3lFq2A9O
BZ7c476IykLDDmgmQQSRujZL4Ka5nGQXqUHI3r1CusU1VOUsOUSywZPX6Pj/6rZ1
KfqnYUow1hSC7skCfagkfC7UZfQvxmzguyfGR60A6ztz8/mzh3KGrLPxO08b27rA
xoB5XCd7aPTRP4M0oN57hdtW76yyWlUyQMiLf9yGNIIUl8Y5QjDPnLAUSxkGx0mh
JIUGjqSjgUU9T+gA/tE/AqzlY8OW8OpQi8Mgl3ZiLJ7N0EGwA7I2L+UOJwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHnBVFts9F7Cc3T2j5n5otTW62r2MB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvZWNGVVcyejBYc0p6ZFBhUG1mbWkxTmJyYXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhMCQEEw
DQYJKoZIhvcNAQELBQADggEBAIPl0w97/ToWEP13tQDL2YYnOL1/7xbKiYw0XbLB
1SjY9/AqW/OtVR9llUjWmd77024bu3cu3nG51p17kfZTefP0/+KuN7wPGmkt1Lsj
UxRJLQKcbeGn7fWdrpRe/rSC4Th5MzIjlk4vnW5wavSqgtmmeyBINVrG2lK1TXPZ
guTTqimWsvyhVLmawbVQmtIrwyT2qPS3qOF8wx9omDCEYV6SWknmM65iYFmC3s09
YcI/VQj6go8E8386rvYUs3kZYKojymVj+W/XAoHR1pje/KENui6cRc2B/ctZrvMj
SR+0EoWQItXhSIymCNTnwb5HR0aK7d9dmUfgIsoTc2AutfY=
-----END CERTIFICATE-----