Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/DqqP8vVak3ar7mV3NBvzJXEuhL8.roa
File:                     DqqP8vVak3ar7mV3NBvzJXEuhL8.roa (raw, json)
Hash identifier:          EsQios/8AcBK7u+h+ett6xhFimNkhKs6Dy6D6IdZfMc=
Subject key identifier:   0E:AA:8F:F2:F5:5A:93:76:AB:EE:65:77:34:1B:F3:25:71:2E:84:BF
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747E76674DC36A6A8DED242EEA1CD96
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/DqqP8vVak3ar7mV3NBvzJXEuhL8.roa
Signing time:             Thu 02 Jan 2025 13:50:11 +0000
ROA not before:           Thu 02 Jan 2025 13:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210667
IP address blocks:        2a0b:b87:ff14::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e7:66:74:dc:36:a6:a8:de:d2:42:ee:a1:cd:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0eaa8ff2f55a9376abee6577341bf325712e84bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2b:03:99:80:39:41:8a:04:d4:3a:87:c8:5c:
                    20:4f:10:06:27:65:34:7a:5a:64:48:af:98:11:0c:
                    0f:c6:87:c4:d8:42:5e:ec:1e:5f:bd:c8:c6:7a:93:
                    3f:1a:2e:0a:ca:a0:68:3a:ce:1f:a1:6e:50:af:23:
                    d9:35:ac:37:7e:f7:0a:42:05:38:dc:83:d3:cd:6f:
                    42:b3:e3:7c:fa:74:5d:e2:b5:21:a0:3f:df:2a:ca:
                    82:60:85:de:bd:52:d2:89:e8:71:fc:70:9c:f8:87:
                    ce:5d:1c:e7:a9:0d:42:6e:e3:d7:1f:8b:39:00:cc:
                    33:a8:9b:bb:f9:05:3b:ad:75:de:31:75:f4:8e:61:
                    13:11:37:d1:78:97:df:04:a1:64:3b:e5:d7:db:46:
                    2a:f7:0e:0b:b2:9d:e6:a5:68:37:95:d7:8f:b8:99:
                    3d:0f:62:ae:cb:2b:5e:5e:0d:44:7d:c4:3c:26:d3:
                    91:57:15:b7:34:cf:e2:8c:3b:08:f5:de:0f:24:0c:
                    6f:7d:ff:f5:ad:9b:74:0f:38:60:ff:20:91:5b:f2:
                    2a:ff:1f:89:ef:33:c2:cb:5a:f0:00:37:58:a1:4d:
                    bd:6a:c2:67:43:69:ea:02:fb:aa:24:48:b4:e3:2b:
                    89:b0:ce:ab:4c:d7:ba:28:30:64:89:ea:dd:ee:25:
                    d4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:AA:8F:F2:F5:5A:93:76:AB:EE:65:77:34:1B:F3:25:71:2E:84:BF
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/DqqP8vVak3ar7mV3NBvzJXEuhL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ff14::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:88:bf:2f:cc:45:5a:7e:ae:c3:45:e4:1d:66:19:e3:14:25:
         62:2a:4d:b1:f2:7d:c8:95:6d:d0:98:8e:4b:3a:8e:6e:0b:32:
         b6:84:6a:de:76:12:3a:6b:55:80:b7:a4:31:7f:e6:90:97:c0:
         27:64:ec:16:46:8d:5c:93:84:11:53:a0:cb:5b:b2:be:e7:db:
         ee:39:31:ab:15:0e:60:98:bc:a6:2e:26:bc:2d:df:5b:6a:47:
         21:30:b4:cf:d0:cb:00:1e:4b:cf:5d:41:27:25:86:37:2c:25:
         b5:ad:86:81:33:b2:bf:05:bd:81:45:eb:89:dc:7f:87:c9:f6:
         7e:b2:de:44:e4:4c:cb:8b:78:11:16:05:af:d9:c2:f8:2b:e0:
         3d:fd:0e:bf:30:57:88:f1:fd:15:41:2b:c7:2a:f2:e4:ef:cc:
         29:c7:e2:65:d7:fd:d2:ae:6d:71:8b:89:26:39:93:ed:6d:af:
         32:6c:e7:f7:7d:9a:a0:91:a7:19:61:40:f2:c8:33:3f:a0:66:
         7e:63:f0:75:95:45:06:24:db:2d:a6:f2:5d:54:68:9b:71:1c:
         57:22:78:7d:a7:13:e3:a0:c6:06:4a:d1:8a:b5:04:6d:fe:58:
         ee:c1:5f:dc:55:82:95:d8:0f:76:b2:e8:74:84:ea:b5:ee:53:
         4c:f8:ca:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR+dmdNw2pqje0kLuoc2WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWFhOGZmMmY1NWE5Mzc2YWJlZTY1NzczNDFiZjMyNTcxMmU4NGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjisDmYA5QYoE1DqHyFwgTxAGJ2U0
elpkSK+YEQwPxofE2EJe7B5fvcjGepM/Gi4KyqBoOs4foW5QryPZNaw3fvcKQgU4
3IPTzW9Cs+N8+nRd4rUhoD/fKsqCYIXevVLSiehx/HCc+IfOXRznqQ1CbuPXH4s5
AMwzqJu7+QU7rXXeMXX0jmETETfReJffBKFkO+XX20Yq9w4Lsp3mpWg3ldePuJk9
D2KuyyteXg1EfcQ8JtORVxW3NM/ijDsI9d4PJAxvff/1rZt0Dzhg/yCRW/Iq/x+J
7zPCy1rwADdYoU29asJnQ2nqAvuqJEi04yuJsM6rTNe6KDBkierd7iXUiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA6qj/L1WpN2q+5ldzQb8yVxLoS/MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvRHFxUDh2VmFrM2FyN21WM05CdnpKWEV1aEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/8U
MA0GCSqGSIb3DQEBCwUAA4IBAQDJiL8vzEVafq7DReQdZhnjFCViKk2x8n3IlW3Q
mI5LOo5uCzK2hGredhI6a1WAt6Qxf+aQl8AnZOwWRo1ck4QRU6DLW7K+59vuOTGr
FQ5gmLymLia8Ld9bakchMLTP0MsAHkvPXUEnJYY3LCW1rYaBM7K/Bb2BReuJ3H+H
yfZ+st5E5EzLi3gRFgWv2cL4K+A9/Q6/MFeI8f0VQSvHKvLk78wpx+Jl1/3Srm1x
i4kmOZPtba8ybOf3fZqgkacZYUDyyDM/oGZ+Y/B1lUUGJNstpvJdVGibcRxXInh9
pxPjoMYGStGKtQRt/ljuwV/cVYKV2A92suh0hOq17lNM+Mq/
-----END CERTIFICATE-----