Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ivGp1lTJKKeF7MGWvmOHiYJKMhI.roa
File:                     ivGp1lTJKKeF7MGWvmOHiYJKMhI.roa (raw, json)
Hash identifier:          pWgKOZSm1fgrN0nSm1Cc2TXLcrKEpFYRtCyIIr75Ckw=
Subject key identifier:   8A:F1:A9:D6:54:C9:28:A7:85:EC:C1:96:BE:63:87:89:82:4A:32:12
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422203B0086A6696CB7A390B69E2500AD
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ivGp1lTJKKeF7MGWvmOHiYJKMhI.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211521
IP address blocks:        2a0e:8f02:f024::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3b:00:86:a6:69:6c:b7:a3:90:b6:9e:25:00:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8af1a9d654c928a785ecc196be638789824a3212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:61:80:ff:59:16:0e:16:65:74:b5:3f:ef:9f:
                    ee:5a:d9:d7:9f:68:1a:67:0e:58:ce:b1:bf:63:fe:
                    07:2d:84:c3:a6:fe:51:4f:11:30:a3:23:c2:1c:17:
                    a7:b4:dc:f9:fd:fb:3e:19:9e:d2:fe:39:95:a7:61:
                    fe:80:a9:7e:d5:5b:6d:03:2b:a5:c7:bc:03:9b:66:
                    1f:7a:54:2d:69:d7:e8:ef:4c:d6:69:41:bf:a8:29:
                    8f:8a:dc:a4:cc:97:f7:5c:ab:0a:f9:7e:06:11:18:
                    35:52:f3:77:43:d2:02:c6:17:47:ba:c4:04:36:59:
                    ce:86:2a:98:12:46:e5:e5:91:d0:01:92:a3:f0:fc:
                    d0:fb:27:6a:09:05:d5:f0:36:2c:0b:67:47:91:b7:
                    c3:10:03:1f:6b:52:ed:a8:35:d4:40:6c:98:03:e9:
                    2a:2f:3a:ad:0c:29:f4:ca:1b:b1:cf:a7:86:e7:d5:
                    b7:cf:ed:81:33:1c:93:5c:aa:d5:a6:81:a6:15:14:
                    19:8c:7d:8c:7d:93:2c:2d:57:38:1d:bc:64:9d:20:
                    80:d0:e6:2c:95:b4:d3:48:a3:74:ea:ca:d4:bf:3e:
                    ae:ed:29:88:16:2d:98:46:1b:a0:58:5d:a8:b5:fa:
                    a3:8a:76:55:d7:40:27:57:aa:83:97:9a:7f:2d:67:
                    38:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F1:A9:D6:54:C9:28:A7:85:EC:C1:96:BE:63:87:89:82:4A:32:12
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ivGp1lTJKKeF7MGWvmOHiYJKMhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f024::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:ea:d3:41:b3:e5:f8:fe:c2:58:1d:1e:2f:9c:a2:3d:80:e9:
         27:52:39:df:8f:0a:29:f3:4b:e0:78:94:d5:c5:75:08:ce:1e:
         76:ff:51:e6:a4:6e:e7:4d:db:a9:6b:33:ac:79:c3:fa:59:ff:
         f6:68:79:a3:ef:db:e2:92:3e:55:85:b8:63:16:e3:af:e7:15:
         6b:85:d3:f6:f1:f4:32:86:a4:77:32:ce:35:2d:5a:81:5a:39:
         6a:e5:3f:e9:cd:d5:66:a9:fe:27:ae:1a:41:9c:8b:e6:89:ae:
         62:8a:cb:80:18:d3:61:09:a9:24:84:b0:73:03:91:85:cb:29:
         d3:b2:f1:ad:eb:95:25:3b:c3:f8:98:fc:0a:d4:ca:a5:a7:76:
         81:56:76:a9:6a:ea:ef:26:41:eb:7e:94:00:a3:e5:9e:7d:61:
         a6:a3:d3:05:8e:09:c0:dd:94:a3:24:34:ba:ae:40:0d:74:38:
         60:40:0d:1c:92:7b:1b:d8:d5:24:04:1a:df:92:b4:da:d2:bf:
         d2:2d:72:9d:ba:64:e1:2d:19:83:b9:1e:5d:ed:6c:bb:10:b7:
         14:e5:ef:84:19:84:e9:a2:0d:bd:5c:80:b0:97:14:6d:18:f9:
         a0:91:eb:db:59:04:69:26:45:f5:a1:e0:07:b2:b0:d5:8b:22:
         2a:e3:d3:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIDsAhqZpbLejkLaeJQCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWYxYTlkNjU0YzkyOGE3ODVlY2MxOTZiZTYzODc4OTgyNGEzMjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWGA/1kWDhZldLU/75/uWtnXn2ga
Zw5YzrG/Y/4HLYTDpv5RTxEwoyPCHBentNz5/fs+GZ7S/jmVp2H+gKl+1VttAyul
x7wDm2YfelQtadfo70zWaUG/qCmPitykzJf3XKsK+X4GERg1UvN3Q9ICxhdHusQE
NlnOhiqYEkbl5ZHQAZKj8PzQ+ydqCQXV8DYsC2dHkbfDEAMfa1LtqDXUQGyYA+kq
LzqtDCn0yhuxz6eG59W3z+2BMxyTXKrVpoGmFRQZjH2MfZMsLVc4HbxknSCA0OYs
lbTTSKN06srUvz6u7SmIFi2YRhugWF2otfqjinZV10AnV6qDl5p/LWc4ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIrxqdZUySinhezBlr5jh4mCSjISMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvaXZHcDFsVEpLS2VGN01HV3ZtT0hpWUpLTWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAk
MA0GCSqGSIb3DQEBCwUAA4IBAQBM6tNBs+X4/sJYHR4vnKI9gOknUjnfjwop80vg
eJTVxXUIzh52/1HmpG7nTdupazOsecP6Wf/2aHmj79vikj5VhbhjFuOv5xVrhdP2
8fQyhqR3Ms41LVqBWjlq5T/pzdVmqf4nrhpBnIvmia5iisuAGNNhCakkhLBzA5GF
yynTsvGt65UlO8P4mPwK1Mqlp3aBVnapaurvJkHrfpQAo+WefWGmo9MFjgnA3ZSj
JDS6rkANdDhgQA0cknsb2NUkBBrfkrTa0r/SLXKdumThLRmDuR5d7Wy7ELcU5e+E
GYTpog29XICwlxRtGPmgkevbWQRpJkX1oeAHsrDViyIq49N5
-----END CERTIFICATE-----