Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/nD9TvIV2KvnQACaPYs7Wm8EgtDA.roa
File:                     nD9TvIV2KvnQACaPYs7Wm8EgtDA.roa (raw, json)
Hash identifier:          THFWp7a90bUxvxB1FiEMu0ah0KDdXKIjfKhH2GELzq4=
Subject key identifier:   9C:3F:53:BC:85:76:2A:F9:D0:00:26:8F:62:CE:D6:9B:C1:20:B4:30
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422204E2131BB5F17333440D426E11DA5
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/nD9TvIV2KvnQACaPYs7Wm8EgtDA.roa
Signing time:             Wed 01 Jan 2025 13:48:50 +0000
ROA not before:           Wed 01 Jan 2025 13:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214564
IP address blocks:        2a0e:8f02:20a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:4e:21:31:bb:5f:17:33:34:40:d4:26:e1:1d:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c3f53bc85762af9d000268f62ced69bc120b430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b6:7f:d8:66:ca:5c:62:ee:3e:fb:f0:80:27:
                    24:6b:88:4c:a5:d9:3c:4b:f3:e7:bc:e7:6f:67:7e:
                    50:05:7f:5f:84:9e:eb:e6:a7:21:07:66:65:7d:7f:
                    75:a6:a7:21:cf:85:3f:40:c5:96:67:3e:98:22:e2:
                    78:88:ea:09:58:67:6e:fe:9e:14:91:e7:5d:46:b7:
                    3d:72:07:b5:9e:c1:8b:13:ad:e9:73:d2:49:b2:92:
                    85:d9:ae:63:c7:7f:ad:ba:30:7a:fa:8a:de:2e:42:
                    7e:d0:ff:54:e7:54:0f:51:4a:5a:b2:34:d5:d0:0f:
                    cc:ee:6f:6e:47:9d:be:65:0b:41:53:16:7d:5e:34:
                    fa:61:92:c8:5d:b5:ab:cc:dd:30:77:5e:02:f9:92:
                    2d:98:30:ff:56:c8:2e:65:a4:ef:19:bc:cb:00:16:
                    8c:37:7c:81:8f:fa:7c:a9:25:e4:62:0d:32:07:53:
                    dd:fc:ad:8b:14:c0:e7:8b:c5:66:d1:b1:07:66:f5:
                    ea:1d:bb:44:29:6c:69:19:6e:eb:6e:c3:c3:04:d7:
                    01:54:af:5d:17:d5:ea:ad:13:ba:42:3b:32:85:f3:
                    4c:2a:d0:d6:da:58:2f:bf:b4:80:4a:2b:ce:17:69:
                    f1:8a:cb:fa:f4:ae:ca:5f:d4:3c:ef:f3:ac:09:67:
                    ae:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:3F:53:BC:85:76:2A:F9:D0:00:26:8F:62:CE:D6:9B:C1:20:B4:30
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/nD9TvIV2KvnQACaPYs7Wm8EgtDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:20a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:05:c3:b5:be:59:dd:76:98:94:52:e1:9e:bb:37:95:59:ba:
         d9:83:47:62:34:8d:cd:14:16:b0:14:a0:ce:b8:06:88:a1:55:
         de:e3:92:63:9e:68:2e:fc:a0:e8:da:54:7f:51:2f:9e:81:5d:
         80:f5:d8:58:f7:54:bc:db:9b:54:62:1d:3f:03:63:4e:6b:89:
         05:9e:b8:25:25:3f:9c:db:f7:2e:72:e1:3b:32:e8:60:a9:f6:
         19:93:53:03:32:fa:2e:ab:94:3e:70:e3:87:44:63:90:61:6f:
         fd:bc:f3:f6:6b:59:f6:c9:25:29:7d:95:ee:96:97:9a:e5:dd:
         57:e6:ff:98:a9:ab:c8:fd:b3:fc:62:23:bb:97:1b:2a:19:ba:
         b9:02:a3:df:80:ae:c4:49:33:fa:b5:38:8a:ae:e1:65:e0:e6:
         55:e5:5e:82:2c:ba:2b:1e:fd:c3:d6:36:47:e8:fe:1e:e2:a1:
         d0:29:32:35:08:78:cc:57:ad:03:6f:84:7d:aa:3e:e2:45:c7:
         3c:db:54:48:81:18:04:b7:9e:51:e5:7b:ff:52:5d:ff:5a:8d:
         84:3d:69:0a:25:7e:f0:85:81:67:ab:3a:69:ba:25:d2:84:32:
         a4:1e:16:c6:04:7b:fb:f0:99:7f:0e:d0:91:b2:d0:e8:b1:4e:
         e8:ba:63:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIE4hMbtfFzM0QNQm4R2lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzNmNTNiYzg1NzYyYWY5ZDAwMDI2OGY2MmNlZDY5YmMxMjBiNDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorZ/2GbKXGLuPvvwgCcka4hMpdk8
S/PnvOdvZ35QBX9fhJ7r5qchB2ZlfX91pqchz4U/QMWWZz6YIuJ4iOoJWGdu/p4U
keddRrc9cge1nsGLE63pc9JJspKF2a5jx3+tujB6+oreLkJ+0P9U51QPUUpasjTV
0A/M7m9uR52+ZQtBUxZ9XjT6YZLIXbWrzN0wd14C+ZItmDD/VsguZaTvGbzLABaM
N3yBj/p8qSXkYg0yB1Pd/K2LFMDni8Vm0bEHZvXqHbtEKWxpGW7rbsPDBNcBVK9d
F9XqrRO6QjsyhfNMKtDW2lgvv7SASivOF2nxisv69K7KX9Q87/OsCWeu/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJw/U7yFdir50AAmj2LO1pvBILQwMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvbkQ5VHZJVjJLdm5RQUNhUFlzN1dtOEVndERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiCg
MA0GCSqGSIb3DQEBCwUAA4IBAQAYBcO1vlnddpiUUuGeuzeVWbrZg0diNI3NFBaw
FKDOuAaIoVXe45Jjnmgu/KDo2lR/US+egV2A9dhY91S825tUYh0/A2NOa4kFnrgl
JT+c2/cucuE7MuhgqfYZk1MDMvouq5Q+cOOHRGOQYW/9vPP2a1n2ySUpfZXulpea
5d1X5v+YqavI/bP8YiO7lxsqGbq5AqPfgK7ESTP6tTiKruFl4OZV5V6CLLorHv3D
1jZH6P4e4qHQKTI1CHjMV60Db4R9qj7iRcc821RIgRgEt55R5Xv/Ul3/Wo2EPWkK
JX7whYFnqzppuiXShDKkHhbGBHv78Jl/DtCRstDosU7oumNR
-----END CERTIFICATE-----