Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/TzAZRuULh_R2j8cFfFSiTr8ALoc.roa
File:                     TzAZRuULh_R2j8cFfFSiTr8ALoc.roa (raw, json)
Hash identifier:          YDe2TI6q3PLrmVRoTq18tQnontCTPHbCj/ZWYcAzodc=
Subject key identifier:   4F:30:19:46:E5:0B:87:F4:76:8F:C7:05:7C:54:A2:4E:BF:00:2E:87
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422202BB0BFA448BCD2A951B6AC4BCB9F
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/TzAZRuULh_R2j8cFfFSiTr8ALoc.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200240
IP address blocks:        2a0e:8f02:f052::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2b:b0:bf:a4:48:bc:d2:a9:51:b6:ac:4b:cb:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f301946e50b87f4768fc7057c54a24ebf002e87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:81:e1:fe:3f:71:9b:dc:61:f5:e7:ea:c8:fb:
                    de:bd:76:89:ac:5c:cc:fa:e9:84:1b:da:70:db:96:
                    99:4f:37:08:33:8f:31:f2:fc:8c:50:74:90:d9:d8:
                    2d:63:ec:a5:5b:cd:b9:66:44:4f:ab:f8:7b:3a:fc:
                    00:67:3e:e2:d8:00:ca:0e:9e:0e:11:f4:00:cc:c7:
                    2a:5c:49:99:ce:49:5e:c1:5a:74:38:e7:04:e3:1b:
                    ac:2e:cb:b6:fc:e5:58:9a:6c:7c:59:c1:2b:1d:12:
                    68:43:11:e0:15:e7:0b:47:e7:0a:6f:d9:0e:53:86:
                    1d:bf:00:16:f3:da:a2:95:d3:df:8f:f1:da:e8:83:
                    67:5b:37:76:bf:e1:c9:1c:ce:c1:dd:55:42:25:6c:
                    40:ca:08:95:01:8d:a6:a1:34:fe:aa:98:0c:1a:6e:
                    c2:55:75:8a:84:fe:bd:52:91:91:6f:44:a8:6a:e8:
                    01:09:7e:c4:15:fe:60:f2:38:33:c6:da:26:4f:43:
                    b5:89:a1:a6:ca:a6:cd:d8:d8:bf:f9:e6:e7:53:cf:
                    b8:af:55:86:43:00:18:cc:6f:09:6b:61:d8:3f:5f:
                    6f:e2:de:dd:9e:f5:f3:c6:61:99:45:e9:71:a5:8c:
                    08:4d:90:ca:29:51:1f:4f:7e:3f:c3:4e:57:54:54:
                    82:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:30:19:46:E5:0B:87:F4:76:8F:C7:05:7C:54:A2:4E:BF:00:2E:87
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/TzAZRuULh_R2j8cFfFSiTr8ALoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f052::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:23:bd:87:43:32:6d:26:29:65:b3:b6:74:5a:89:6e:45:56:
         d2:75:eb:c5:b1:df:c5:ca:da:a3:16:a5:40:0f:5c:21:3f:60:
         a8:78:79:38:b0:e5:cd:ee:e1:e7:75:e1:bd:ba:ca:ee:35:8b:
         48:ad:37:59:d1:28:b3:07:e0:4e:02:98:f3:f7:8e:fc:db:53:
         43:24:a4:2f:8e:fe:c4:d8:d5:67:8a:7e:9c:83:d6:75:df:6a:
         5c:5d:63:e6:37:de:c3:46:a8:0e:c4:b1:e1:8a:39:45:dc:bf:
         2f:75:d0:2d:eb:35:fa:7a:8c:74:ae:5c:ea:51:d0:46:e2:b2:
         2b:17:f1:26:c9:96:16:72:96:31:44:1e:1a:40:f0:84:64:11:
         bc:88:27:13:91:9a:8b:74:62:a7:c2:50:56:29:53:d8:f8:44:
         df:11:30:53:44:88:d9:6f:5c:99:66:64:d2:98:3a:f4:9b:5d:
         6a:3b:2c:e1:fb:77:b8:18:b5:b6:92:b4:f9:d2:c4:9b:8f:a5:
         6b:03:ee:29:c9:c2:86:49:55:10:67:e0:ca:45:c0:b6:ec:9f:
         95:55:83:bd:0f:16:61:a8:71:97:6a:33:31:e5:34:75:02:e3:
         20:56:c9:94:f6:e6:1a:19:a6:16:22:ae:28:db:8a:83:da:00:
         a0:f2:31:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiICuwv6RIvNKpUbasS8ufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjMwMTk0NmU1MGI4N2Y0NzY4ZmM3MDU3YzU0YTI0ZWJmMDAyZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIHh/j9xm9xh9efqyPvevXaJrFzM
+umEG9pw25aZTzcIM48x8vyMUHSQ2dgtY+ylW825ZkRPq/h7OvwAZz7i2ADKDp4O
EfQAzMcqXEmZzklewVp0OOcE4xusLsu2/OVYmmx8WcErHRJoQxHgFecLR+cKb9kO
U4YdvwAW89qildPfj/Ha6INnWzd2v+HJHM7B3VVCJWxAygiVAY2moTT+qpgMGm7C
VXWKhP69UpGRb0SoaugBCX7EFf5g8jgzxtomT0O1iaGmyqbN2Ni/+ebnU8+4r1WG
QwAYzG8Ja2HYP19v4t7dnvXzxmGZRelxpYwITZDKKVEfT34/w05XVFSC8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE8wGUblC4f0do/HBXxUok6/AC6HMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvVHpBWlJ1VUxoX1IyajhjRmZGU2lUcjhBTG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBS
MA0GCSqGSIb3DQEBCwUAA4IBAQAtI72HQzJtJills7Z0WoluRVbSdevFsd/Fytqj
FqVAD1whP2CoeHk4sOXN7uHndeG9usruNYtIrTdZ0SizB+BOApjz947821NDJKQv
jv7E2NVnin6cg9Z132pcXWPmN97DRqgOxLHhijlF3L8vddAt6zX6eox0rlzqUdBG
4rIrF/EmyZYWcpYxRB4aQPCEZBG8iCcTkZqLdGKnwlBWKVPY+ETfETBTRIjZb1yZ
ZmTSmDr0m11qOyzh+3e4GLW2krT50sSbj6VrA+4pycKGSVUQZ+DKRcC27J+VVYO9
DxZhqHGXajMx5TR1AuMgVsmU9uYaGaYWIq4o24qD2gCg8jGM
-----END CERTIFICATE-----