Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/1ypxGUz02dU-GrVHnawwOGAtbp8.roa
File:                     1ypxGUz02dU-GrVHnawwOGAtbp8.roa (raw, json)
Hash identifier:          s/FzoESG6FigLmQ9qVLEYvChgXRxC5KQ8IrkGKlYCxY=
Subject key identifier:   D7:2A:71:19:4C:F4:D9:D5:3E:1A:B5:47:9D:AC:30:38:60:2D:6E:9F
Certificate issuer:       /CN=e278c4aaa021bed8b926e3591fdf50c8df6bc172
Certificate serial:       0194258F8DA8024F555E66810A0276AE1B10
Authority key identifier: E2:78:C4:AA:A0:21:BE:D8:B9:26:E3:59:1F:DF:50:C8:DF:6B:C1:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4njEqqAhvti5JuNZH99QyN9rwXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/1ypxGUz02dU-GrVHnawwOGAtbp8.roa
Signing time:             Thu 02 Jan 2025 05:49:12 +0000
ROA not before:           Thu 02 Jan 2025 05:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207824
IP address blocks:        2001:678:ba4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/4njEqqAhvti5JuNZH99QyN9rwXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/4njEqqAhvti5JuNZH99QyN9rwXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4njEqqAhvti5JuNZH99QyN9rwXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Apr 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8d:a8:02:4f:55:5e:66:81:0a:02:76:ae:1b:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e278c4aaa021bed8b926e3591fdf50c8df6bc172
        Validity
            Not Before: Jan  2 05:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d72a71194cf4d9d53e1ab5479dac3038602d6e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:36:5f:50:f1:e6:91:55:b7:0e:5b:95:4d:14:
                    62:0a:69:df:54:76:7f:ef:73:45:b1:cc:6a:c9:7d:
                    c3:aa:c1:53:8a:46:01:62:60:e9:f1:34:5c:6e:aa:
                    f2:81:79:b4:a0:31:ae:87:b8:2c:99:a1:13:b1:c2:
                    60:ff:88:cd:92:57:77:91:71:91:b3:88:95:66:ed:
                    d9:8f:5b:41:7e:42:f8:a8:a7:71:64:69:03:81:b5:
                    05:8a:30:0e:db:17:ad:34:31:5c:cd:b0:c7:01:88:
                    c0:c5:84:5d:87:12:47:d9:36:99:b9:f1:6d:10:d5:
                    77:21:63:a9:d0:09:10:2d:6d:82:ad:8d:20:7a:e7:
                    4c:46:2f:61:8b:7e:d6:49:6d:b8:27:0a:10:2e:84:
                    db:a2:16:29:5c:5a:02:50:78:26:ff:d4:57:d8:a8:
                    db:48:21:bc:3c:5d:9f:6f:7d:09:95:af:36:4f:51:
                    34:60:7a:02:64:a3:7b:ac:0c:e9:06:c1:56:16:e0:
                    27:52:58:b2:91:95:7c:a0:f8:ac:a3:6c:36:b1:12:
                    1d:53:8d:eb:56:60:2c:f1:a1:be:5d:18:db:42:b9:
                    f1:e3:e9:e2:34:a7:54:d4:be:4f:fa:8d:1d:87:03:
                    e4:42:f9:06:27:bd:4f:5a:31:59:3f:20:48:14:eb:
                    37:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:2A:71:19:4C:F4:D9:D5:3E:1A:B5:47:9D:AC:30:38:60:2D:6E:9F
            X509v3 Authority Key Identifier:
                keyid:E2:78:C4:AA:A0:21:BE:D8:B9:26:E3:59:1F:DF:50:C8:DF:6B:C1:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4njEqqAhvti5JuNZH99QyN9rwXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/1ypxGUz02dU-GrVHnawwOGAtbp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c06937-93b3-442e-8676-fc43391988f7/1/4njEqqAhvti5JuNZH99QyN9rwXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ba4::/48

    Signature Algorithm: sha256WithRSAEncryption
         c5:e1:9f:88:dc:3a:bb:67:cc:75:b2:da:10:d6:bd:03:fb:47:
         2c:80:91:ba:bf:1a:9b:a7:c1:c3:11:6c:26:be:b0:6a:e3:a4:
         21:af:1d:04:da:0e:7e:9c:ea:e8:2f:16:c6:0e:2d:78:4f:d6:
         e6:4e:70:81:5d:be:2c:04:4b:80:f9:e4:54:26:a7:68:85:28:
         d8:67:4b:20:3d:81:54:4b:75:4f:03:6c:46:12:8b:3e:22:12:
         6c:e9:db:78:86:fb:e8:9f:39:c2:24:87:1f:88:b0:87:87:a3:
         1b:c3:50:7f:1c:85:6a:cd:d2:b0:d4:7a:5e:46:94:f3:c1:d5:
         fc:f0:09:05:c3:e0:4b:d0:f1:f0:df:b0:34:4a:54:76:86:46:
         76:85:34:ae:64:eb:70:33:3b:af:82:22:78:c4:b6:f3:13:bd:
         87:e4:98:50:04:9d:06:5d:9f:b3:53:da:19:6a:cf:76:a3:e7:
         16:4d:bb:09:21:93:03:1c:63:2f:c2:f1:f5:61:cf:b2:0c:de:
         62:94:3e:db:5f:ed:76:76:19:31:17:96:96:11:a4:c7:80:35:
         50:12:66:40:c6:a5:cd:0b:4b:a9:89:d4:e3:da:86:fd:ad:3e:
         d4:77:9e:52:45:e1:52:fc:59:48:fd:54:d7:e4:fb:90:79:0c:
         7a:1b:a0:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj42oAk9VXmaBCgJ2rhsQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNzhjNGFhYTAyMWJlZDhiOTI2ZTM1OTFmZGY1MGM4ZGY2
YmMxNzIwHhcNMjUwMTAyMDU0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzJhNzExOTRjZjRkOWQ1M2UxYWI1NDc5ZGFjMzAzODYwMmQ2ZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzZfUPHmkVW3DluVTRRiCmnfVHZ/
73NFscxqyX3DqsFTikYBYmDp8TRcbqrygXm0oDGuh7gsmaETscJg/4jNkld3kXGR
s4iVZu3Zj1tBfkL4qKdxZGkDgbUFijAO2xetNDFczbDHAYjAxYRdhxJH2TaZufFt
ENV3IWOp0AkQLW2CrY0geudMRi9hi37WSW24JwoQLoTbohYpXFoCUHgm/9RX2Kjb
SCG8PF2fb30Jla82T1E0YHoCZKN7rAzpBsFWFuAnUliykZV8oPiso2w2sRIdU43r
VmAs8aG+XRjbQrnx4+niNKdU1L5P+o0dhwPkQvkGJ71PWjFZPyBIFOs3ewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNcqcRlM9NnVPhq1R52sMDhgLW6fMB8GA1UdIwQY
MBaAFOJ4xKqgIb7YuSbjWR/fUMjfa8FyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG5qRXFxQWh2dGk1SnVOWkg5OVF5Tjlyd1hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jMDY5MzctOTNiMy00NDJlLTg2NzYt
ZmM0MzM5MTk4OGY3LzEvMXlweEdVejAyZFUtR3JWSG5hd3dPR0F0YnA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jMDY5MzctOTNiMy00NDJlLTg2NzYtZmM0MzM5MTk4OGY3
LzEvNG5qRXFxQWh2dGk1SnVOWkg5OVF5Tjlyd1hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAuk
MA0GCSqGSIb3DQEBCwUAA4IBAQDF4Z+I3Dq7Z8x1stoQ1r0D+0csgJG6vxqbp8HD
EWwmvrBq46Qhrx0E2g5+nOroLxbGDi14T9bmTnCBXb4sBEuA+eRUJqdohSjYZ0sg
PYFUS3VPA2xGEos+IhJs6dt4hvvonznCJIcfiLCHh6Mbw1B/HIVqzdKw1HpeRpTz
wdX88AkFw+BL0PHw37A0SlR2hkZ2hTSuZOtwMzuvgiJ4xLbzE72H5JhQBJ0GXZ+z
U9oZas92o+cWTbsJIZMDHGMvwvH1Yc+yDN5ilD7bX+12dhkxF5aWEaTHgDVQEmZA
xqXNC0upidTj2ob9rT7Ud55SReFS/FlI/VTX5PuQeQx6G6Dt
-----END CERTIFICATE-----