Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/30p15OIB4xzHle9tD78XYhbRDYI.roa
File:                     30p15OIB4xzHle9tD78XYhbRDYI.roa (raw, json)
Hash identifier:          9HVb43mRInURyExw74+VWFanW5TCiRHL7zKkRNQfWwc=
Subject key identifier:   DF:4A:75:E4:E2:01:E3:1C:C7:95:EF:6D:0F:BF:17:62:16:D1:0D:82
Certificate issuer:       /CN=297364f502534e8771a0c6259794c26e26d4bca4
Certificate serial:       01942521CF0E7DAE8A1EE3C0BDFA933901EE
Authority key identifier: 29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/30p15OIB4xzHle9tD78XYhbRDYI.roa
Signing time:             Thu 02 Jan 2025 03:49:20 +0000
ROA not before:           Thu 02 Jan 2025 03:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     328778
IP address blocks:        2a02:f406:fed0::/48 maxlen: 48
                          2a02:f406:ff50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:cf:0e:7d:ae:8a:1e:e3:c0:bd:fa:93:39:01:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297364f502534e8771a0c6259794c26e26d4bca4
        Validity
            Not Before: Jan  2 03:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df4a75e4e201e31cc795ef6d0fbf176216d10d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:7f:fa:7b:0e:f1:84:bd:4f:2e:07:82:9f:76:
                    1a:3d:5f:d5:91:15:73:d8:db:85:d7:a4:ea:e7:ed:
                    e4:e6:ed:01:23:83:2d:3b:83:46:d3:d4:3f:9b:7c:
                    25:81:98:be:e8:35:46:24:f8:97:99:0f:35:a3:f7:
                    b8:52:94:8b:fb:41:5e:85:1a:5e:bc:af:7e:10:0c:
                    0f:dc:51:9b:0c:2a:cb:7b:a5:5f:e9:96:e1:6e:79:
                    33:71:d7:48:02:65:ae:e1:6e:ed:2e:d0:9a:04:77:
                    3b:2b:87:84:5d:45:a4:10:1f:2b:36:9c:01:d3:2b:
                    5c:24:13:a8:43:d2:77:0b:7b:3d:ca:90:78:6b:b6:
                    66:49:30:35:41:e6:b6:1f:63:46:04:c7:14:f6:d2:
                    ab:c3:ae:4a:89:ff:04:6d:b1:3a:b3:dd:6e:71:66:
                    fe:46:41:c3:76:dd:68:74:03:88:4f:48:94:77:bc:
                    5a:e5:12:73:59:97:c5:4a:db:5b:a5:af:2f:bd:c8:
                    70:7a:c9:96:81:8f:d7:1a:80:8f:00:28:9f:66:0c:
                    4b:d6:0c:10:01:90:e3:4d:68:64:6b:db:f7:77:b1:
                    63:f8:d8:24:10:00:22:c7:4f:ee:3a:d6:3e:97:4a:
                    6a:13:73:1c:1b:37:70:65:46:44:fb:de:16:d0:b9:
                    5a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:4A:75:E4:E2:01:E3:1C:C7:95:EF:6D:0F:BF:17:62:16:D1:0D:82
            X509v3 Authority Key Identifier:
                keyid:29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/30p15OIB4xzHle9tD78XYhbRDYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:f406:fed0::/48
                  2a02:f406:ff50::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:24:6e:e2:25:8d:07:e2:9b:c8:90:87:d5:e4:44:ab:50:4b:
         f5:3e:eb:34:50:93:e3:a5:4d:6c:95:ab:e0:d7:84:21:35:1a:
         d2:03:40:ca:4b:f9:9d:bb:9c:21:f5:69:87:14:bc:ec:47:0e:
         1e:7d:b1:6c:33:0f:2b:38:66:cb:17:57:77:3c:f6:c0:7a:92:
         ca:9f:3e:fc:3c:5b:3f:e7:42:48:66:ba:e9:fc:49:35:29:b0:
         24:39:a0:3c:2f:b0:c6:7a:96:c1:a0:24:2b:fe:d4:59:83:ab:
         c5:2b:d9:12:a6:db:8d:3a:5a:60:9e:e4:4b:30:44:c2:fe:02:
         a4:51:fa:01:99:9f:c4:fd:c4:dc:87:fc:80:bf:70:a5:08:0c:
         69:27:93:f7:ce:88:03:48:d6:5a:55:e9:6d:6c:c9:4d:22:fb:
         b3:44:9b:1b:87:32:d8:29:13:a9:e6:0e:c4:eb:35:0e:82:cf:
         4e:dc:72:e3:57:2b:5a:aa:4b:f4:57:b2:5c:86:03:10:b5:d0:
         f9:a1:38:59:15:ed:39:eb:11:67:63:38:61:b9:9c:f2:00:99:
         49:30:07:8e:67:c8:65:27:36:4b:90:55:b3:30:a6:19:18:f9:
         2e:ec:4a:bf:8d:12:6e:71:9c:9e:ba:8e:32:28:67:0a:04:51:
         6a:b8:a6:24
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIc8Ofa6KHuPAvfqTOQHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzM2NGY1MDI1MzRlODc3MWEwYzYyNTk3OTRjMjZlMjZk
NGJjYTQwHhcNMjUwMTAyMDM0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjRhNzVlNGUyMDFlMzFjYzc5NWVmNmQwZmJmMTc2MjE2ZDEwZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3/6ew7xhL1PLgeCn3YaPV/VkRVz
2NuF16Tq5+3k5u0BI4MtO4NG09Q/m3wlgZi+6DVGJPiXmQ81o/e4UpSL+0FehRpe
vK9+EAwP3FGbDCrLe6Vf6ZbhbnkzcddIAmWu4W7tLtCaBHc7K4eEXUWkEB8rNpwB
0ytcJBOoQ9J3C3s9ypB4a7ZmSTA1Qea2H2NGBMcU9tKrw65Kif8EbbE6s91ucWb+
RkHDdt1odAOIT0iUd7xa5RJzWZfFSttbpa8vvchwesmWgY/XGoCPACifZgxL1gwQ
AZDjTWhka9v3d7Fj+NgkEAAix0/uOtY+l0pqE3McGzdwZUZE+94W0LlaHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN9KdeTiAeMcx5XvbQ+/F2IW0Q2CMB8GA1UdIwQY
MBaAFClzZPUCU06HcaDGJZeUwm4m1LykMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUt
MGEwZjNlNzhhNDkzLzEvMzBwMTVPSUI0eHpIbGU5dEQ3OFhZaGJSRFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUtMGEwZjNlNzhhNDkz
LzEvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgL0Bv7Q
AwcAKgL0Bv9QMA0GCSqGSIb3DQEBCwUAA4IBAQAUJG7iJY0H4pvIkIfV5ESrUEv1
Pus0UJPjpU1slavg14QhNRrSA0DKS/mdu5wh9WmHFLzsRw4efbFsMw8rOGbLF1d3
PPbAepLKnz78PFs/50JIZrrp/Ek1KbAkOaA8L7DGepbBoCQr/tRZg6vFK9kSptuN
OlpgnuRLMETC/gKkUfoBmZ/E/cTch/yAv3ClCAxpJ5P3zogDSNZaVeltbMlNIvuz
RJsbhzLYKROp5g7E6zUOgs9O3HLjVytaqkv0V7JchgMQtdD5oThZFe056xFnYzhh
uZzyAJlJMAeOZ8hlJzZLkFWzMKYZGPku7Eq/jRJucZyeuo4yKGcKBFFquKYk
-----END CERTIFICATE-----