Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/jKJZGttVpd2zbPn5oh1yZ1pxZRk.roa
File:                     jKJZGttVpd2zbPn5oh1yZ1pxZRk.roa (raw, json)
Hash identifier:          /ybO8+Gcl/0Baoo97KPi0aH4uqVdzayZm5LOJa3MJ/I=
Subject key identifier:   8C:A2:59:1A:DB:55:A5:DD:B3:6C:F9:F9:A2:1D:72:67:5A:71:65:19
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369F80A069A12C292E1B87EB62FA3D6
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/jKJZGttVpd2zbPn5oh1yZ1pxZRk.roa
Signing time:             Wed 01 Jan 2025 19:48:54 +0000
ROA not before:           Wed 01 Jan 2025 19:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210971
IP address blocks:        2a0d:6f80:5129::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f8:0a:06:9a:12:c2:92:e1:b8:7e:b6:2f:a3:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ca2591adb55a5ddb36cf9f9a21d72675a716519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1f:f1:b5:73:d8:29:21:8f:26:7e:02:8f:17:
                    47:37:2b:e8:43:c1:19:4a:b0:06:83:1b:9f:2f:8f:
                    c2:f6:c8:71:ce:1c:56:84:62:61:d6:65:c1:b9:67:
                    f3:f2:18:bc:8b:71:02:4b:10:fa:94:da:07:59:99:
                    a5:29:f5:ef:6d:e8:5b:a5:76:84:54:a2:af:6c:85:
                    50:d5:b5:f9:92:23:d4:a8:81:13:54:81:37:ab:71:
                    24:34:ec:09:60:f5:63:37:ee:67:f8:d5:96:fa:9c:
                    2f:41:5d:83:d8:4c:9c:c1:be:8f:a5:cd:04:d5:d7:
                    ed:cc:b7:4e:1e:a1:15:62:ed:b3:86:e4:71:d3:a1:
                    37:0f:08:e4:46:90:d1:2f:aa:ea:50:6b:bb:b2:b1:
                    36:fb:0b:b7:20:fb:c5:5f:d2:2d:85:c7:86:50:95:
                    73:23:4e:a4:dc:94:66:ab:10:8b:b3:06:a8:73:a6:
                    4f:e6:96:2f:a7:e0:f9:d7:9d:21:f7:62:f0:0d:1a:
                    6a:a4:37:b2:b9:a8:e0:3d:eb:bd:cc:52:80:5a:fb:
                    1a:21:ea:b2:ba:77:0e:32:99:86:97:fc:44:4f:cd:
                    e4:21:4e:2f:23:0b:45:42:a8:22:96:90:6b:88:d6:
                    aa:15:7b:cc:05:47:c5:29:33:92:88:a1:db:8d:ee:
                    46:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A2:59:1A:DB:55:A5:DD:B3:6C:F9:F9:A2:1D:72:67:5A:71:65:19
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/jKJZGttVpd2zbPn5oh1yZ1pxZRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:5129::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:ec:0a:e3:38:07:e3:f8:c4:16:fb:3f:66:c0:d6:8c:0e:08:
         f0:0a:af:e8:d6:f9:c7:dc:e1:ee:21:66:53:9c:46:fd:1c:2c:
         4a:31:8d:1b:2e:ae:4f:18:ee:6f:4d:07:4b:7b:1f:42:c3:b1:
         27:5c:45:88:f0:e2:97:db:e5:6c:15:d7:7f:e2:9e:a8:42:86:
         26:46:33:db:c5:b7:80:42:ab:14:95:49:da:99:c9:d1:3d:8d:
         ca:18:9d:c7:6d:e5:8e:10:38:be:ec:cc:0b:91:db:57:3c:2f:
         3c:b1:1d:4d:48:28:c7:8e:5e:0c:0f:92:c5:b9:47:db:9a:91:
         3c:bd:da:5b:a0:5f:c6:bc:c9:0d:96:01:35:71:14:ec:b0:dc:
         5d:b9:07:7d:0b:66:f7:02:21:d3:cb:03:8f:aa:8f:a1:bf:7f:
         45:08:ea:b4:b9:80:3a:bd:13:e7:13:c0:a3:a7:04:38:c9:8d:
         c6:c1:8d:21:90:9f:f7:d7:07:b5:66:3f:6b:c8:ee:f3:40:26:
         a2:2e:e7:d8:de:6e:81:f0:a3:6e:b5:b5:cc:81:dd:02:c8:fb:
         15:c4:3a:03:a8:a6:55:0b:5a:bd:84:42:7d:e5:14:d8:a3:7d:
         90:00:09:85:45:80:61:a1:92:71:78:a1:38:e4:1e:64:fd:78:
         f9:61:dd:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafgKBpoSwpLhuH62L6PWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2EyNTkxYWRiNTVhNWRkYjM2Y2Y5ZjlhMjFkNzI2NzVhNzE2NTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAth/xtXPYKSGPJn4CjxdHNyvoQ8EZ
SrAGgxufL4/C9shxzhxWhGJh1mXBuWfz8hi8i3ECSxD6lNoHWZmlKfXvbehbpXaE
VKKvbIVQ1bX5kiPUqIETVIE3q3EkNOwJYPVjN+5n+NWW+pwvQV2D2Eycwb6Ppc0E
1dftzLdOHqEVYu2zhuRx06E3DwjkRpDRL6rqUGu7srE2+wu3IPvFX9IthceGUJVz
I06k3JRmqxCLswaoc6ZP5pYvp+D5150h92LwDRpqpDeyuajgPeu9zFKAWvsaIeqy
uncOMpmGl/xET83kIU4vIwtFQqgilpBriNaqFXvMBUfFKTOSiKHbje5GVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIyiWRrbVaXds2z5+aIdcmdacWUZMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvaktKWkd0dFZwZDJ6YlBuNW9oMXlaMXB4WlJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgFEp
MA0GCSqGSIb3DQEBCwUAA4IBAQDJ7ArjOAfj+MQW+z9mwNaMDgjwCq/o1vnH3OHu
IWZTnEb9HCxKMY0bLq5PGO5vTQdLex9Cw7EnXEWI8OKX2+VsFdd/4p6oQoYmRjPb
xbeAQqsUlUnamcnRPY3KGJ3HbeWOEDi+7MwLkdtXPC88sR1NSCjHjl4MD5LFuUfb
mpE8vdpboF/GvMkNlgE1cRTssNxduQd9C2b3AiHTywOPqo+hv39FCOq0uYA6vRPn
E8CjpwQ4yY3GwY0hkJ/31we1Zj9ryO7zQCaiLufY3m6B8KNutbXMgd0CyPsVxDoD
qKZVC1q9hEJ95RTYo32QAAmFRYBhoZJxeKE45B5k/Xj5Yd3M
-----END CERTIFICATE-----