Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/DqjeFppOy3UOyFkRTNvN856AcK4.roa
File:                     DqjeFppOy3UOyFkRTNvN856AcK4.roa (raw, json)
Hash identifier:          ljmWgDFjcv9a1/n4d/cBwf2/LNBnp164Bc1FkHEVeHY=
Subject key identifier:   0E:A8:DE:16:9A:4E:CB:75:0E:C8:59:11:4C:DB:CD:F3:9E:80:70:AE
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019515A581140BA1DF41498571E5281967AF
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/DqjeFppOy3UOyFkRTNvN856AcK4.roa
Signing time:             Mon 17 Feb 2025 20:42:02 +0000
ROA not before:           Mon 17 Feb 2025 20:42:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213467
IP address blocks:        2a0e:8f02:2020::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:15:a5:81:14:0b:a1:df:41:49:85:71:e5:28:19:67:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Feb 17 20:42:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ea8de169a4ecb750ec859114cdbcdf39e8070ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:9a:f9:aa:5b:e3:81:59:c3:b4:96:88:5a:86:
                    62:86:2f:1b:75:ba:83:40:b5:14:0f:3f:b9:62:c1:
                    40:94:ff:00:b4:95:36:5f:32:f0:dd:42:27:ec:92:
                    a9:ce:f8:02:2d:07:f4:90:0b:b9:f7:ac:63:73:c5:
                    d0:5a:1e:95:fa:7b:c3:2c:e9:b2:16:b5:8c:c8:7a:
                    72:21:bd:9f:5e:cf:32:11:03:d4:66:8d:1e:48:1c:
                    ba:f6:8a:20:fa:27:1e:f5:b0:69:35:39:3d:b4:63:
                    a0:7f:ff:a4:bc:8c:b9:43:80:2f:57:ae:53:fd:4f:
                    ef:e3:69:a0:dd:8d:9e:2a:b2:26:2a:bc:7c:6a:b6:
                    e0:6a:35:a5:95:b0:aa:15:07:9b:23:23:5a:62:98:
                    85:71:16:67:31:e7:78:61:75:4c:5a:5b:32:e8:ad:
                    e2:b5:0d:b4:1a:77:3b:f6:1f:85:57:42:29:41:d0:
                    9f:41:32:23:39:c6:d6:cc:12:b8:f4:7f:e6:f8:45:
                    48:94:24:27:8b:88:57:a8:65:2d:34:7a:a8:2c:7e:
                    09:49:4e:21:84:97:86:f6:a7:6f:3a:b7:1c:4f:44:
                    2f:6c:64:99:47:52:3d:12:17:32:89:4b:a7:6a:3a:
                    21:39:31:3b:0e:db:ba:4d:f3:2b:cf:6e:3e:21:60:
                    4f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A8:DE:16:9A:4E:CB:75:0E:C8:59:11:4C:DB:CD:F3:9E:80:70:AE
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/DqjeFppOy3UOyFkRTNvN856AcK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2020::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:60:ac:17:a0:06:56:d8:74:24:07:15:3b:d6:1a:9c:25:16:
         b6:a6:03:7f:23:d4:33:9c:ad:1d:c9:45:88:aa:cd:ae:07:13:
         de:f5:ea:59:46:e4:de:92:bc:4a:ba:93:ca:68:0c:1b:2d:bc:
         dd:2d:e1:e8:62:fe:c8:3c:e9:fa:0c:14:ab:e0:6c:a4:31:26:
         97:3c:37:af:fb:20:3a:1f:2c:dc:5c:36:dd:eb:d4:2b:d5:3d:
         d1:ae:b5:6d:7a:e9:1f:91:8a:82:a4:39:c1:2b:e9:76:4b:51:
         32:bc:ae:48:23:03:ed:7a:c9:ae:fc:d2:d9:97:c7:7a:98:df:
         1c:fe:78:21:45:a9:87:d0:c5:7e:0c:8a:db:37:6a:ad:43:c4:
         ff:e7:3c:f5:49:22:5c:4b:1c:55:cb:1f:f2:20:df:78:af:9a:
         bb:9b:e7:e7:fa:8d:76:25:ac:ba:3d:f8:78:5d:dd:28:7a:34:
         37:24:11:cb:1b:54:88:3f:18:c4:f3:16:72:92:e1:89:cf:1a:
         97:06:23:58:0d:a5:da:6f:ed:bb:b5:fc:92:52:87:e5:d9:ec:
         98:fd:2f:ca:10:94:ef:f8:69:cf:78:c1:ca:97:47:42:1b:4b:
         11:9a:ce:3c:da:a8:74:99:a2:92:a5:0c:cd:82:ef:f2:dd:31:
         70:10:6d:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZUVpYEUC6HfQUmFceUoGWevMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMjE3MjA0MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWE4ZGUxNjlhNGVjYjc1MGVjODU5MTE0Y2RiY2RmMzllODA3MGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Zr5qlvjgVnDtJaIWoZihi8bdbqD
QLUUDz+5YsFAlP8AtJU2XzLw3UIn7JKpzvgCLQf0kAu596xjc8XQWh6V+nvDLOmy
FrWMyHpyIb2fXs8yEQPUZo0eSBy69oog+ice9bBpNTk9tGOgf/+kvIy5Q4AvV65T
/U/v42mg3Y2eKrImKrx8arbgajWllbCqFQebIyNaYpiFcRZnMed4YXVMWlsy6K3i
tQ20Gnc79h+FV0IpQdCfQTIjOcbWzBK49H/m+EVIlCQni4hXqGUtNHqoLH4JSU4h
hJeG9qdvOrccT0QvbGSZR1I9EhcyiUunajohOTE7Dtu6TfMrz24+IWBPQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA6o3haaTst1DshZEUzbzfOegHCuMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvRHFqZUZwcE95M1VPeUZrUlROdk44NTZBY0s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiAg
MA0GCSqGSIb3DQEBCwUAA4IBAQA+YKwXoAZW2HQkBxU71hqcJRa2pgN/I9QznK0d
yUWIqs2uBxPe9epZRuTekrxKupPKaAwbLbzdLeHoYv7IPOn6DBSr4GykMSaXPDev
+yA6HyzcXDbd69Qr1T3RrrVteukfkYqCpDnBK+l2S1EyvK5IIwPtesmu/NLZl8d6
mN8c/nghRamH0MV+DIrbN2qtQ8T/5zz1SSJcSxxVyx/yIN94r5q7m+fn+o12Jay6
Pfh4Xd0oejQ3JBHLG1SIPxjE8xZykuGJzxqXBiNYDaXab+27tfySUofl2eyY/S/K
EJTv+GnPeMHKl0dCG0sRms482qh0maKSpQzNgu/y3TFwEG2H
-----END CERTIFICATE-----