Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ySpicQatPy5iHCLP1veD0rDhvRU.roa
File:                     ySpicQatPy5iHCLP1veD0rDhvRU.roa (raw, json)
Hash identifier:          y3lstPEKv9L5HhDFlk02HVUCo0C3eJ06Z+uYgaJZhhY=
Subject key identifier:   C9:2A:62:71:06:AD:3F:2E:62:1C:22:CF:D6:F7:83:D2:B0:E1:BD:15
Certificate issuer:       /CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
Certificate serial:       019537CDB4EC8C0409DE46425F74E95E063D
Authority key identifier: 66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ySpicQatPy5iHCLP1veD0rDhvRU.roa
Signing time:             Mon 24 Feb 2025 11:53:02 +0000
ROA not before:           Mon 24 Feb 2025 11:53:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        2001:678:c40::/48 maxlen: 48
                          2a14:a900:fffe::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 14:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:37:cd:b4:ec:8c:04:09:de:46:42:5f:74:e9:5e:06:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
        Validity
            Not Before: Feb 24 11:53:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c92a627106ad3f2e621c22cfd6f783d2b0e1bd15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a1:3e:d1:17:30:32:fb:14:03:ef:d8:99:38:
                    20:5e:c2:4c:57:cb:48:b1:64:a3:06:62:8d:48:cd:
                    3f:7a:4c:17:ed:50:af:ab:b7:90:0a:da:56:d0:bf:
                    66:47:e0:b3:b0:4b:4d:d3:94:55:0f:0f:99:fa:f4:
                    2a:4b:45:8d:71:87:6a:2e:be:1c:2b:59:e6:84:75:
                    a0:c5:db:6f:19:ea:df:bd:c1:e9:99:26:7d:4e:a5:
                    9e:fc:b2:4b:01:ca:ed:20:db:7b:38:6d:5c:50:e6:
                    44:6d:c9:d1:29:1f:2b:ee:6f:3d:ea:64:88:46:02:
                    d6:bd:ef:21:3b:e6:93:03:a5:90:36:e3:5d:51:b0:
                    ac:92:c3:05:3e:b5:ee:d4:d7:9e:29:a2:ea:d9:9d:
                    b1:e1:33:0b:cd:6d:dc:bd:b8:ba:d6:c7:58:3e:2b:
                    6f:0a:5f:48:81:f9:2b:86:70:38:a2:c1:af:a4:67:
                    43:35:3b:5c:bd:f1:7c:aa:e5:ee:96:cc:b3:d1:88:
                    92:39:17:c2:5f:df:0e:cb:64:10:b6:49:b2:59:70:
                    bb:fc:31:a9:a0:1a:94:55:84:41:70:b6:dd:aa:a9:
                    f4:78:4d:30:08:2b:f4:f4:9b:7f:bb:ee:c6:52:d2:
                    ac:c2:f1:ea:12:86:0c:c7:dc:a7:a7:5c:0f:3e:1a:
                    9f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:2A:62:71:06:AD:3F:2E:62:1C:22:CF:D6:F7:83:D2:B0:E1:BD:15
            X509v3 Authority Key Identifier:
                keyid:66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ySpicQatPy5iHCLP1veD0rDhvRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c40::/48
                  2a14:a900:fffe::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:75:82:66:c0:93:bc:05:94:6b:7a:f8:cc:6b:98:41:9a:d2:
         63:a4:fd:90:66:93:3c:60:4c:a6:5e:42:5f:32:88:35:b7:05:
         b8:7f:3b:8f:c1:c6:8e:5a:de:03:9d:98:52:75:e5:2f:03:bd:
         c0:a8:3c:75:00:f2:a5:cf:bd:5d:c1:16:ba:ff:d4:46:b6:c7:
         a8:41:61:3f:ab:2e:fe:73:b7:1a:e1:e8:2f:b9:33:38:e1:44:
         49:e2:8f:f0:18:15:2f:ef:61:94:2d:30:d2:4e:01:80:bb:9c:
         38:df:36:5e:31:fe:bb:76:da:4c:c9:8d:1a:c9:af:2d:af:56:
         92:11:8b:4c:6b:ce:bb:aa:a5:cc:81:dd:f9:2d:92:1c:60:61:
         f8:99:f9:48:4a:b4:d0:e4:a3:18:45:b9:af:05:92:13:c8:5f:
         4d:3b:3e:86:af:ce:5c:60:4e:08:49:03:dd:60:85:07:42:13:
         4a:71:cf:74:81:68:3f:52:6e:a1:99:64:f2:11:1f:60:5a:e1:
         9d:ff:0e:84:cb:cc:31:63:41:52:b2:28:56:76:dc:d4:bc:d1:
         1d:6b:f3:77:71:91:64:89:ef:e3:41:08:f6:ea:4f:fb:0f:fd:
         e0:f1:63:4c:e1:d4:27:91:a5:63:ee:ec:41:e0:53:a8:3f:60:
         e0:c9:84:4b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZU3zbTsjAQJ3kZCX3TpXgY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2M2EyNDQ4MGYwNGQxMzE4YmYxYTcwZGFiZmZhNGIyN2Vm
MzJkYTIwHhcNMjUwMjI0MTE1MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTJhNjI3MTA2YWQzZjJlNjIxYzIyY2ZkNmY3ODNkMmIwZTFiZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaE+0RcwMvsUA+/YmTggXsJMV8tI
sWSjBmKNSM0/ekwX7VCvq7eQCtpW0L9mR+CzsEtN05RVDw+Z+vQqS0WNcYdqLr4c
K1nmhHWgxdtvGerfvcHpmSZ9TqWe/LJLAcrtINt7OG1cUOZEbcnRKR8r7m896mSI
RgLWve8hO+aTA6WQNuNdUbCsksMFPrXu1NeeKaLq2Z2x4TMLzW3cvbi61sdYPitv
Cl9IgfkrhnA4osGvpGdDNTtcvfF8quXulsyz0YiSORfCX98Oy2QQtkmyWXC7/DGp
oBqUVYRBcLbdqqn0eE0wCCv09Jt/u+7GUtKswvHqEoYMx9ynp1wPPhqfuwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMkqYnEGrT8uYhwiz9b3g9Kw4b0VMB8GA1UdIwQY
MBaAFGY6JEgPBNExi/GnDav/pLJ+8y2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDkt
Nzc1ZjVmNzRkNTgxLzEveVNwaWNRYXRQeTVpSENMUDF2ZUQwckRodlJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDktNzc1ZjVmNzRkNTgx
LzEvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAxA
AwcAKhSpAP/+MA0GCSqGSIb3DQEBCwUAA4IBAQCGdYJmwJO8BZRrevjMa5hBmtJj
pP2QZpM8YEymXkJfMog1twW4fzuPwcaOWt4DnZhSdeUvA73AqDx1APKlz71dwRa6
/9RGtseoQWE/qy7+c7ca4egvuTM44URJ4o/wGBUv72GULTDSTgGAu5w43zZeMf67
dtpMyY0aya8tr1aSEYtMa867qqXMgd35LZIcYGH4mflISrTQ5KMYRbmvBZITyF9N
Oz6Gr85cYE4ISQPdYIUHQhNKcc90gWg/Um6hmWTyER9gWuGd/w6Ey8wxY0FSsihW
dtzUvNEda/N3cZFkie/jQQj26k/7D/3g8WNM4dQnkaVj7uxB4FOoP2DgyYRL
-----END CERTIFICATE-----