Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/8ICMXIH8G4STVhG9LTK8XF1huYU.roa
File:                     8ICMXIH8G4STVhG9LTK8XF1huYU.roa (raw, json)
Hash identifier:          sFIpNhCbdCmlf97RdiMILKWsK0y4eXG6qnrYkuB08Vw=
Subject key identifier:   F0:80:8C:5C:81:FC:1B:84:93:56:11:BD:2D:32:BC:5C:5D:61:B9:85
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       019427B61486E6A2F076CEB7570886ED128F
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/8ICMXIH8G4STVhG9LTK8XF1huYU.roa
Signing time:             Thu 02 Jan 2025 15:50:31 +0000
ROA not before:           Thu 02 Jan 2025 15:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209100
IP address blocks:        2a0e:800:ff90::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:14:86:e6:a2:f0:76:ce:b7:57:08:86:ed:12:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 15:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0808c5c81fc1b84935611bd2d32bc5c5d61b985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0d:b3:5c:0b:ca:c8:ee:ff:fe:4a:20:32:5c:
                    92:5f:f1:3e:bc:0b:bf:86:2d:18:33:2a:4e:51:49:
                    34:93:b9:9b:4b:81:ea:37:dd:b1:22:7e:9e:14:e2:
                    31:83:70:71:86:6b:e2:7c:8b:c9:e6:11:91:89:f7:
                    48:bd:6f:fc:3e:b5:08:d8:42:70:fb:ff:e0:bf:42:
                    e6:4b:52:ca:68:93:11:6a:d9:f9:5f:3f:8d:18:f4:
                    80:3c:61:83:de:22:ff:d6:56:c2:e9:3c:f2:61:ca:
                    bc:21:4c:43:29:8f:91:c1:57:5d:ff:34:b9:fa:fa:
                    5b:8b:21:c4:7e:a7:81:97:31:ce:e3:4a:e3:63:31:
                    57:6b:45:8f:7b:a9:55:35:6c:67:d3:b1:c2:53:20:
                    9a:14:21:02:36:30:48:cf:67:46:4a:2f:aa:9e:32:
                    d5:9b:c6:fa:65:1a:73:01:f6:31:ae:81:93:d4:bb:
                    7c:2b:21:8d:fc:b3:1b:8b:dd:5e:b3:d0:ce:fc:46:
                    4e:e8:e1:a5:44:af:fe:ce:b1:58:2d:a9:b4:09:d3:
                    ab:9a:80:cb:c6:bc:dc:c5:73:6a:d5:e5:a1:b7:f5:
                    e3:59:80:66:5e:bd:55:36:45:7f:4d:a9:77:53:5e:
                    cc:11:2f:6d:43:66:cc:bf:a1:85:d5:f7:55:12:f5:
                    4c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:80:8C:5C:81:FC:1B:84:93:56:11:BD:2D:32:BC:5C:5D:61:B9:85
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/8ICMXIH8G4STVhG9LTK8XF1huYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:800:ff90::/47

    Signature Algorithm: sha256WithRSAEncryption
         55:c3:d9:5d:b2:47:69:39:5a:b6:c7:9b:f7:bc:ed:e3:8c:ec:
         8d:8e:ed:3d:d5:46:50:56:37:91:93:c5:02:1d:cb:3f:80:8d:
         56:fd:8c:4a:75:18:b9:bd:29:6a:d1:3a:e1:e0:72:a2:fd:32:
         b5:d1:43:60:a6:44:ad:44:4c:b9:be:6f:90:06:e7:84:7d:b1:
         b9:6d:1b:7b:af:06:c2:35:72:fd:63:d1:49:4a:6e:d7:ea:0a:
         7e:58:1d:d8:10:9f:e3:f8:7f:50:41:40:2b:17:dc:96:d8:34:
         c5:ef:90:b0:df:80:5b:48:65:46:35:8b:05:30:86:97:c4:b7:
         52:5b:7d:14:04:36:e6:35:33:87:35:02:81:d8:33:72:23:57:
         b7:cc:f8:39:e0:2a:8f:fb:ce:f4:4b:d7:2b:6f:88:0f:bd:95:
         b8:d2:77:f6:d9:9b:09:c8:d0:1b:bc:fe:5c:16:81:67:c2:60:
         1f:fd:00:84:b2:39:16:fa:4a:cb:7a:1c:1a:c3:90:a2:ed:96:
         97:af:a0:1c:a2:7e:0d:6d:8b:32:00:c9:9d:d5:29:bb:58:7c:
         81:83:9c:7c:26:0f:60:47:21:a3:49:e5:38:52:d6:bc:04:d8:
         48:ed:ac:de:38:8d:51:bc:54:3a:a4:90:93:a0:26:b2:51:6a:
         0a:b6:5f:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnthSG5qLwds63VwiG7RKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjUwMTAyMTU1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDgwOGM1YzgxZmMxYjg0OTM1NjExYmQyZDMyYmM1YzVkNjFiOTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog2zXAvKyO7//kogMlySX/E+vAu/
hi0YMypOUUk0k7mbS4HqN92xIn6eFOIxg3BxhmvifIvJ5hGRifdIvW/8PrUI2EJw
+//gv0LmS1LKaJMRatn5Xz+NGPSAPGGD3iL/1lbC6TzyYcq8IUxDKY+RwVdd/zS5
+vpbiyHEfqeBlzHO40rjYzFXa0WPe6lVNWxn07HCUyCaFCECNjBIz2dGSi+qnjLV
m8b6ZRpzAfYxroGT1Lt8KyGN/LMbi91es9DO/EZO6OGlRK/+zrFYLam0CdOrmoDL
xrzcxXNq1eWht/XjWYBmXr1VNkV/Tal3U17MES9tQ2bMv6GF1fdVEvVMCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPCAjFyB/BuEk1YRvS0yvFxdYbmFMB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvOElDTVhJSDhHNFNUVmhHOUxUSzhYRjFodVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg4IAP+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBVw9ldskdpOVq2x5v3vO3jjOyNju091UZQVjeR
k8UCHcs/gI1W/YxKdRi5vSlq0Trh4HKi/TK10UNgpkStREy5vm+QBueEfbG5bRt7
rwbCNXL9Y9FJSm7X6gp+WB3YEJ/j+H9QQUArF9yW2DTF75Cw34BbSGVGNYsFMIaX
xLdSW30UBDbmNTOHNQKB2DNyI1e3zPg54CqP+870S9crb4gPvZW40nf22ZsJyNAb
vP5cFoFnwmAf/QCEsjkW+krLehwaw5Ci7ZaXr6Acon4NbYsyAMmd1Sm7WHyBg5x8
Jg9gRyGjSeU4Uta8BNhI7azeOI1RvFQ6pJCToCayUWoKtl+N
-----END CERTIFICATE-----