Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6c142a-2b5e-416b-94de-ba9d51fe9e2b/1/wrDqtsAOuC7Agc1zIPRkhKVhP8U.roa
File:                     wrDqtsAOuC7Agc1zIPRkhKVhP8U.roa (raw, json)
Hash identifier:          kfogXl8tGYAhJxfycDCrALmBGs+Zy+SyeMiS4IsU5B8=
Subject key identifier:   C2:B0:EA:B6:C0:0E:B8:2E:C0:81:CD:73:20:F4:64:84:A5:61:3F:C5
Certificate issuer:       /CN=ebb08be800126511cff8d25699d9ac136ed0ec8c
Certificate serial:       019421B193A9D55DCA8C6923D13240D3B65C
Authority key identifier: EB:B0:8B:E8:00:12:65:11:CF:F8:D2:56:99:D9:AC:13:6E:D0:EC:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/67CL6AASZRHP-NJWmdmsE27Q7Iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/6c142a-2b5e-416b-94de-ba9d51fe9e2b/1/wrDqtsAOuC7Agc1zIPRkhKVhP8U.roa
Signing time:             Wed 01 Jan 2025 11:47:53 +0000
ROA not before:           Wed 01 Jan 2025 11:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54748
IP address blocks:        134.0.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/6c142a-2b5e-416b-94de-ba9d51fe9e2b/1/67CL6AASZRHP-NJWmdmsE27Q7Iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/6c142a-2b5e-416b-94de-ba9d51fe9e2b/1/67CL6AASZRHP-NJWmdmsE27Q7Iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/67CL6AASZRHP-NJWmdmsE27Q7Iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:93:a9:d5:5d:ca:8c:69:23:d1:32:40:d3:b6:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebb08be800126511cff8d25699d9ac136ed0ec8c
        Validity
            Not Before: Jan  1 11:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2b0eab6c00eb82ec081cd7320f46484a5613fc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e8:4e:71:6e:7e:38:53:87:a3:59:d1:dc:fa:
                    45:79:eb:cc:ed:93:29:a7:c6:4b:bf:bb:23:d5:ea:
                    c3:f3:39:91:2d:e9:94:be:8a:54:4c:05:1e:e0:64:
                    83:5d:10:94:55:ae:c7:a9:61:00:41:c2:2d:71:82:
                    f2:2c:e8:dd:69:11:a7:68:1a:f5:27:0e:0d:73:2c:
                    d6:f8:15:85:b6:ce:97:c5:69:0a:aa:dc:c4:47:64:
                    eb:f8:51:d0:f4:33:de:54:76:ea:01:a9:ee:74:c3:
                    58:b7:83:1b:61:d1:ec:fa:9d:77:0a:de:35:8a:8b:
                    93:e5:8b:9c:a4:0a:1d:54:aa:70:ce:df:00:16:3b:
                    99:14:4a:03:8d:9b:53:6c:55:42:65:f7:a5:82:69:
                    a0:8c:62:d9:63:dc:96:94:4f:23:a3:3e:d2:78:e8:
                    e0:8e:b5:5c:04:ab:7a:5d:05:39:af:12:66:df:24:
                    22:56:b0:d6:ae:ee:cb:53:93:ac:c3:57:4b:8c:3f:
                    91:f2:88:24:be:bd:87:61:f7:7b:50:e5:b5:80:2f:
                    4a:b6:af:a8:c1:0f:3a:33:7c:1e:a3:61:52:ba:52:
                    32:22:25:45:4d:c0:da:00:7e:07:d2:fc:0c:4e:1c:
                    57:48:1e:6f:98:d2:e7:5b:08:fa:74:d8:47:db:11:
                    99:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B0:EA:B6:C0:0E:B8:2E:C0:81:CD:73:20:F4:64:84:A5:61:3F:C5
            X509v3 Authority Key Identifier:
                keyid:EB:B0:8B:E8:00:12:65:11:CF:F8:D2:56:99:D9:AC:13:6E:D0:EC:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/67CL6AASZRHP-NJWmdmsE27Q7Iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6c142a-2b5e-416b-94de-ba9d51fe9e2b/1/wrDqtsAOuC7Agc1zIPRkhKVhP8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6c142a-2b5e-416b-94de-ba9d51fe9e2b/1/67CL6AASZRHP-NJWmdmsE27Q7Iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.0.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e4:53:0e:ec:e1:aa:e3:f7:46:08:c5:16:d7:1c:2b:4b:4d:69:
         b0:2a:b4:67:3d:6b:8c:47:bd:61:af:53:5f:d7:06:72:55:6a:
         c0:4e:8e:48:c3:02:11:5c:16:c4:57:96:9e:01:4f:e9:94:90:
         b4:c5:1d:93:5a:98:97:15:8a:cb:e2:1a:73:fd:fc:9d:b4:98:
         41:fa:48:f3:9f:e2:a0:43:4b:58:ad:a4:9e:e2:3c:91:96:86:
         a1:f1:1d:9f:9a:15:5b:7a:70:51:36:2e:aa:6f:d9:33:f7:f7:
         99:4f:dc:9b:6d:96:2e:52:14:b9:ef:8e:3e:66:c9:25:22:74:
         26:86:19:8e:8b:d4:c7:f5:65:c4:1d:c5:83:ef:69:d4:10:80:
         fc:a4:22:92:83:8c:f4:a9:fa:1c:ab:af:5c:b7:a9:77:57:28:
         e7:07:44:79:4f:7e:a1:23:47:c0:95:99:23:79:92:8b:56:3e:
         71:7d:19:ec:47:20:9f:d2:39:4d:b1:f0:6b:d3:29:4d:20:5b:
         d9:5b:23:00:2b:d6:ac:b4:02:26:db:72:f8:47:65:59:2a:2e:
         f4:41:de:a7:64:14:ed:cd:be:66:97:5d:04:dd:e1:67:40:cc:
         04:0c:cd:b7:3a:20:14:f4:0d:eb:0e:ce:45:c9:75:1a:af:2c:
         5f:e5:e0:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsZOp1V3KjGkj0TJA07ZcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYjA4YmU4MDAxMjY1MTFjZmY4ZDI1Njk5ZDlhYzEzNmVk
MGVjOGMwHhcNMjUwMTAxMTE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmIwZWFiNmMwMGViODJlYzA4MWNkNzMyMGY0NjQ4NGE1NjEzZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxehOcW5+OFOHo1nR3PpFeevM7ZMp
p8ZLv7sj1erD8zmRLemUvopUTAUe4GSDXRCUVa7HqWEAQcItcYLyLOjdaRGnaBr1
Jw4NcyzW+BWFts6XxWkKqtzER2Tr+FHQ9DPeVHbqAanudMNYt4MbYdHs+p13Ct41
iouT5YucpAodVKpwzt8AFjuZFEoDjZtTbFVCZfelgmmgjGLZY9yWlE8joz7SeOjg
jrVcBKt6XQU5rxJm3yQiVrDWru7LU5Osw1dLjD+R8ogkvr2HYfd7UOW1gC9Ktq+o
wQ86M3weo2FSulIyIiVFTcDaAH4H0vwMThxXSB5vmNLnWwj6dNhH2xGZ6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKw6rbADrguwIHNcyD0ZISlYT/FMB8GA1UdIwQY
MBaAFOuwi+gAEmURz/jSVpnZrBNu0OyMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjdDTDZBQVNaUkhQLU5KV21kbXNFMjdRN0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YzE0MmEtMmI1ZS00MTZiLTk0ZGUt
YmE5ZDUxZmU5ZTJiLzEvd3JEcXRzQU91QzdBZ2MxeklQUmtoS1ZoUDhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YzE0MmEtMmI1ZS00MTZiLTk0ZGUtYmE5ZDUxZmU5ZTJi
LzEvNjdDTDZBQVNaUkhQLU5KV21kbXNFMjdRN0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhgBHMA0G
CSqGSIb3DQEBCwUAA4IBAQDkUw7s4arj90YIxRbXHCtLTWmwKrRnPWuMR71hr1Nf
1wZyVWrATo5IwwIRXBbEV5aeAU/plJC0xR2TWpiXFYrL4hpz/fydtJhB+kjzn+Kg
Q0tYraSe4jyRloah8R2fmhVbenBRNi6qb9kz9/eZT9ybbZYuUhS5744+ZsklInQm
hhmOi9TH9WXEHcWD72nUEID8pCKSg4z0qfocq69ct6l3VyjnB0R5T36hI0fAlZkj
eZKLVj5xfRnsRyCf0jlNsfBr0ylNIFvZWyMAK9astAIm23L4R2VZKi70Qd6nZBTt
zb5ml10E3eFnQMwEDM23OiAU9A3rDs5FyXUaryxf5eB9
-----END CERTIFICATE-----