Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/_-qLuY0dJaZaSWjtWCqfvkINW98.roa
File:                     _-qLuY0dJaZaSWjtWCqfvkINW98.roa (raw, json)
Hash identifier:          wQKawmTp+JnLi1nfzjxaxc0y+Fv2NQma/wD/xIsptVw=
Subject key identifier:   FF:EA:8B:B9:8D:1D:25:A6:5A:49:68:ED:58:2A:9F:BE:42:0D:5B:DF
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       01942521E742B7150C341FC5292B4AE45D2A
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/_-qLuY0dJaZaSWjtWCqfvkINW98.roa
Signing time:             Thu 02 Jan 2025 03:49:26 +0000
ROA not before:           Thu 02 Jan 2025 03:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210645
IP address blocks:        2a0a:280:1900::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 10:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e7:42:b7:15:0c:34:1f:c5:29:2b:4a:e4:5d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 03:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffea8bb98d1d25a65a4968ed582a9fbe420d5bdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:12:23:95:0b:68:3f:0f:a1:0a:57:59:fa:29:
                    fa:f7:d2:86:ea:9d:57:31:c1:d8:3f:fb:10:03:e2:
                    91:1c:97:4c:90:c8:44:6d:38:d0:64:00:1d:f3:bc:
                    b2:73:a2:96:e9:e8:92:0b:3f:d5:1d:df:4b:a7:5d:
                    f6:95:98:c7:1b:de:50:1b:a0:f6:a7:61:ff:51:ff:
                    07:f5:fe:f4:4e:ab:d9:3b:44:64:23:db:43:39:7a:
                    ca:92:05:ce:ff:86:4a:03:1c:8f:0d:a9:e3:f9:9c:
                    2d:1b:50:cc:19:fc:79:90:a3:f0:39:0d:b8:54:42:
                    e2:46:55:ac:22:1a:5f:73:ea:ad:92:e4:ad:ff:76:
                    b6:50:90:8e:91:88:76:56:d6:eb:04:21:bc:13:9e:
                    19:b8:02:8a:52:e2:f7:67:91:35:4f:d0:53:59:30:
                    bf:78:fc:0c:7d:a6:2c:22:24:e7:0c:a6:5c:80:cc:
                    d7:be:c9:59:ce:85:01:02:c8:29:6e:a2:98:3e:47:
                    da:13:67:1a:8d:1f:15:7a:9e:26:7e:92:0f:9f:b1:
                    85:0d:be:3b:0a:6f:45:79:3f:04:b8:1f:f7:46:39:
                    1f:e5:89:ff:1e:8a:c9:97:f1:47:23:b2:c4:48:bd:
                    d9:df:f1:b5:11:4e:56:1b:2e:e2:0d:2b:57:3a:34:
                    b2:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:EA:8B:B9:8D:1D:25:A6:5A:49:68:ED:58:2A:9F:BE:42:0D:5B:DF
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/_-qLuY0dJaZaSWjtWCqfvkINW98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1900::/40

    Signature Algorithm: sha256WithRSAEncryption
         a4:34:3c:9e:f0:1d:56:bd:5d:61:34:e7:c8:4a:6d:6b:f5:29:
         73:04:f6:48:66:7d:c1:7a:c9:dd:ae:b2:54:c8:4f:c9:3d:73:
         96:ee:a9:b7:08:b0:c7:32:3f:b8:4f:fd:7d:6b:af:51:0c:63:
         dc:58:46:24:7e:8b:c3:7b:c4:f8:0a:e5:66:1a:22:85:6b:c1:
         1e:4b:bd:ce:d1:0c:ba:cb:69:e5:fc:61:f3:02:95:f9:58:da:
         fb:45:6c:7a:92:75:57:d6:84:33:b3:1d:ef:55:15:08:71:c7:
         37:f8:5a:b9:60:93:4d:62:c7:0d:9b:27:32:3f:a6:02:75:28:
         77:f8:fc:7f:d6:12:ca:9a:a2:00:0d:da:04:c8:d1:d0:c9:bc:
         97:d2:4e:8d:1f:83:f5:42:be:53:23:e0:04:ac:55:d5:73:a5:
         37:15:18:ab:e3:9b:8a:aa:8f:5e:fd:12:15:2a:bb:0d:ef:2f:
         80:4e:ce:d3:4d:3d:7c:a2:df:6b:9e:1c:d0:b1:92:d9:da:4d:
         71:e0:b3:e2:56:14:8f:74:0d:7e:b6:4b:55:d5:e5:e8:ef:68:
         95:79:da:4a:5f:83:f4:58:a0:b7:b5:84:bb:22:fc:25:59:c5:
         22:b1:e3:e8:14:e4:d4:a0:5b:5a:d0:f6:fc:76:27:0d:a8:6b:
         40:f3:0d:92
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIedCtxUMNB/FKStK5F0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjUwMTAyMDM0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmVhOGJiOThkMWQyNWE2NWE0OTY4ZWQ1ODJhOWZiZTQyMGQ1YmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhIjlQtoPw+hCldZ+in699KG6p1X
McHYP/sQA+KRHJdMkMhEbTjQZAAd87yyc6KW6eiSCz/VHd9Lp132lZjHG95QG6D2
p2H/Uf8H9f70TqvZO0RkI9tDOXrKkgXO/4ZKAxyPDanj+ZwtG1DMGfx5kKPwOQ24
VELiRlWsIhpfc+qtkuSt/3a2UJCOkYh2VtbrBCG8E54ZuAKKUuL3Z5E1T9BTWTC/
ePwMfaYsIiTnDKZcgMzXvslZzoUBAsgpbqKYPkfaE2cajR8Vep4mfpIPn7GFDb47
Cm9FeT8EuB/3Rjkf5Yn/HorJl/FHI7LESL3Z3/G1EU5WGy7iDStXOjSyvQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFP/qi7mNHSWmWklo7Vgqn75CDVvfMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvXy1xTHVZMGRKYVphU1dqdFdDcWZ2a0lOVzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBkw
DQYJKoZIhvcNAQELBQADggEBAKQ0PJ7wHVa9XWE058hKbWv1KXME9khmfcF6yd2u
slTIT8k9c5buqbcIsMcyP7hP/X1rr1EMY9xYRiR+i8N7xPgK5WYaIoVrwR5Lvc7R
DLrLaeX8YfMClflY2vtFbHqSdVfWhDOzHe9VFQhxxzf4Wrlgk01ixw2bJzI/pgJ1
KHf4/H/WEsqaogAN2gTI0dDJvJfSTo0fg/VCvlMj4ASsVdVzpTcVGKvjm4qqj179
EhUquw3vL4BOztNNPXyi32ueHNCxktnaTXHgs+JWFI90DX62S1XV5ejvaJV52kpf
g/RYoLe1hLsi/CVZxSKx4+gU5NSgW1rQ9vx2Jw2oa0DzDZI=
-----END CERTIFICATE-----