Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/j8Z9luk9TH9XzdeKRdbx_0lXU_Q.roa
File:                     j8Z9luk9TH9XzdeKRdbx_0lXU_Q.roa (raw, json)
Hash identifier:          SQ7pmoz5e7GX+kpjw+HCwdCwB08Ca3taMT0X/4L2FsQ=
Subject key identifier:   8F:C6:7D:96:E9:3D:4C:7F:57:CD:D7:8A:45:D6:F1:FF:49:57:53:F4
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       019427B61397F7D8EB45057F71B47CECF4C9
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/j8Z9luk9TH9XzdeKRdbx_0lXU_Q.roa
Signing time:             Thu 02 Jan 2025 15:50:31 +0000
ROA not before:           Thu 02 Jan 2025 15:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208328
IP address blocks:        2a0e:800:fff0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:13:97:f7:d8:eb:45:05:7f:71:b4:7c:ec:f4:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 15:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fc67d96e93d4c7f57cdd78a45d6f1ff495753f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:95:65:84:c0:02:c4:53:5b:5f:4e:1a:2a:f4:
                    d8:ed:ea:74:c8:59:e9:ee:6a:6d:1d:e3:a1:38:f4:
                    05:31:f1:75:3c:b8:97:93:6e:d6:72:7a:72:97:cd:
                    7c:12:41:ed:99:4b:90:20:3c:7c:a8:1e:12:db:4e:
                    a3:cc:6a:8d:47:eb:af:69:1e:5e:7b:6e:23:79:ba:
                    b3:08:e2:a7:bf:1e:ce:45:dc:2c:37:5a:7f:dd:66:
                    1a:de:77:42:ca:61:81:cc:57:ec:6e:9f:35:df:d4:
                    27:32:0a:ce:5f:97:90:6e:4f:aa:f3:44:7b:f2:0f:
                    f2:a6:56:62:d6:31:c0:0d:6f:b8:15:96:b3:bd:f4:
                    65:a6:f8:90:51:61:59:98:6f:aa:e4:5e:04:59:0f:
                    a9:59:3f:c7:f5:7c:ff:e3:cb:b9:e7:eb:13:ce:64:
                    a4:51:de:79:d0:be:cb:ab:46:5c:be:a4:e2:cd:52:
                    1c:b9:57:66:24:8a:9a:70:88:51:42:3b:5d:87:26:
                    8f:6a:57:46:a9:11:63:fe:cb:e5:e6:30:3c:23:73:
                    7b:cb:ed:5a:db:a4:0d:28:52:1e:7b:d8:c7:3f:fc:
                    5b:81:3f:f5:c0:a4:b4:93:bb:35:1f:ff:23:28:98:
                    3a:8a:c0:2c:de:d6:b0:2b:f0:2f:d0:86:a9:da:81:
                    78:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:C6:7D:96:E9:3D:4C:7F:57:CD:D7:8A:45:D6:F1:FF:49:57:53:F4
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/j8Z9luk9TH9XzdeKRdbx_0lXU_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:800:fff0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:eb:ce:ef:c7:83:e4:44:c1:5a:11:83:d1:6b:a4:03:24:8b:
         81:6a:cd:fa:c9:39:94:4c:42:f6:38:a8:28:f9:b9:fc:60:37:
         93:ff:ad:b5:0e:ae:0a:61:b3:ac:0d:5f:a9:00:e3:a8:7d:a7:
         4b:7f:4a:c5:bd:7a:81:6b:46:81:aa:24:79:98:29:3e:93:97:
         4e:95:41:a2:13:39:8b:97:f6:c8:74:69:24:3b:ca:d2:c2:f6:
         81:50:b2:de:0a:bc:ab:98:2b:90:38:81:f6:4f:0b:49:80:f1:
         ff:c9:17:3b:ac:57:da:fc:bf:4a:d4:2e:16:a4:72:50:cb:cb:
         f0:cb:ef:9a:67:47:70:60:47:55:bc:fe:31:ab:34:7f:90:db:
         e6:6d:79:6f:8a:c8:b8:68:eb:25:57:b2:6a:ac:29:2a:95:7f:
         6f:33:31:ec:b1:8b:85:93:cd:b3:99:ae:fb:79:f3:d8:8f:67:
         07:f3:86:42:ff:fa:e0:0d:90:11:9c:ae:fc:86:9a:f7:29:f6:
         a3:de:63:73:d2:5d:04:ec:36:9b:db:89:b2:aa:ae:db:d1:f0:
         9c:e8:3d:a2:92:f5:c9:fc:7f:6c:d5:78:ac:58:af:2f:2f:86:
         37:f2:27:87:58:0a:2e:8f:1f:1c:b2:09:3d:a0:dc:70:c5:8b:
         e0:f2:07:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnthOX99jrRQV/cbR87PTJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjUwMTAyMTU1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmM2N2Q5NmU5M2Q0YzdmNTdjZGQ3OGE0NWQ2ZjFmZjQ5NTc1M2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZVlhMACxFNbX04aKvTY7ep0yFnp
7mptHeOhOPQFMfF1PLiXk27Wcnpyl818EkHtmUuQIDx8qB4S206jzGqNR+uvaR5e
e24jebqzCOKnvx7ORdwsN1p/3WYa3ndCymGBzFfsbp8139QnMgrOX5eQbk+q80R7
8g/yplZi1jHADW+4FZazvfRlpviQUWFZmG+q5F4EWQ+pWT/H9Xz/48u55+sTzmSk
Ud550L7Lq0ZcvqTizVIcuVdmJIqacIhRQjtdhyaPaldGqRFj/svl5jA8I3N7y+1a
26QNKFIee9jHP/xbgT/1wKS0k7s1H/8jKJg6isAs3tawK/Av0Iap2oF4mQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI/GfZbpPUx/V83XikXW8f9JV1P0MB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvajhaOWx1azlUSDlYemRlS1JkYnhfMGxYVV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4IAP/w
MA0GCSqGSIb3DQEBCwUAA4IBAQBP687vx4PkRMFaEYPRa6QDJIuBas36yTmUTEL2
OKgo+bn8YDeT/621Dq4KYbOsDV+pAOOofadLf0rFvXqBa0aBqiR5mCk+k5dOlUGi
EzmLl/bIdGkkO8rSwvaBULLeCryrmCuQOIH2TwtJgPH/yRc7rFfa/L9K1C4WpHJQ
y8vwy++aZ0dwYEdVvP4xqzR/kNvmbXlvisi4aOslV7JqrCkqlX9vMzHssYuFk82z
ma77efPYj2cH84ZC//rgDZARnK78hpr3Kfaj3mNz0l0E7Dab24myqq7b0fCc6D2i
kvXJ/H9s1XisWK8vL4Y38ieHWAoujx8csgk9oNxwxYvg8gcZ
-----END CERTIFICATE-----