Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/X8iQP860aal3YLOybxReqwSyPWU.roa
File:                     X8iQP860aal3YLOybxReqwSyPWU.roa (raw, json)
Hash identifier:          8p2TloT9N3iJXhSo+Uh11LexFFF6Vzvsu6ANvx+UWDA=
Subject key identifier:   5F:C8:90:3F:CE:B4:69:A9:77:60:B3:B2:6F:14:5E:AB:04:B2:3D:65
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       019421440AA9697BE80365D4F9B1A2D63AA6
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/X8iQP860aal3YLOybxReqwSyPWU.roa
Signing time:             Wed 01 Jan 2025 09:48:14 +0000
ROA not before:           Wed 01 Jan 2025 09:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50926
IP address blocks:        2a0b:8f80:202::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:0a:a9:69:7b:e8:03:65:d4:f9:b1:a2:d6:3a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fc8903fceb469a97760b3b26f145eab04b23d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9d:d6:95:c7:38:58:75:08:b7:fb:11:c7:de:
                    ba:89:b1:5c:5d:16:31:f8:3e:b3:9d:4d:55:58:ba:
                    fb:29:e8:e3:b8:ea:7b:33:98:80:c3:54:1e:52:af:
                    11:9d:0b:f6:f4:9e:4c:31:2a:d7:22:75:a4:8d:9e:
                    c5:4a:65:b7:3e:28:18:10:5f:3f:2f:77:9e:d3:46:
                    69:2c:63:00:b2:a4:89:15:5d:7f:a4:ee:bf:df:67:
                    10:8d:bb:e6:d1:e2:25:29:d2:f2:9c:05:b6:72:90:
                    fa:0b:d1:d4:5f:66:5c:1b:fd:91:10:fe:e4:71:31:
                    0a:b0:11:4b:50:df:00:48:c0:85:b8:a0:f0:ec:a7:
                    25:05:e8:16:47:50:2b:a7:5a:7e:84:b4:8b:b2:6c:
                    8d:be:03:3e:1d:75:15:39:c2:14:05:06:fe:47:4e:
                    f4:f0:ff:62:e4:fa:78:5d:06:46:5d:2b:d9:bc:d2:
                    a3:6f:2c:89:36:4d:8b:a4:1e:7c:36:c5:7d:55:2e:
                    bd:af:3d:51:38:9f:4d:1f:fa:5e:fa:80:11:6c:3b:
                    63:1d:56:72:ba:b8:1c:dc:52:2b:8d:ee:b5:be:df:
                    48:01:d3:6f:25:0a:70:0d:c8:7f:61:e1:7e:6b:bf:
                    11:f3:76:36:55:ef:c9:1e:3a:06:8e:f7:d8:6d:43:
                    91:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C8:90:3F:CE:B4:69:A9:77:60:B3:B2:6F:14:5E:AB:04:B2:3D:65
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/X8iQP860aal3YLOybxReqwSyPWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8f80:202::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:72:f8:ba:8d:df:80:03:07:83:5b:d9:da:31:e2:03:e7:ae:
         de:6b:11:a8:3d:4e:d9:e6:7a:e1:60:0a:53:6e:80:56:8a:86:
         01:07:eb:e5:ff:26:35:cb:7b:bb:55:4a:93:26:58:ae:31:73:
         83:99:73:6f:bb:35:0b:ef:cf:87:f0:c9:11:10:05:68:a6:6e:
         b1:34:9a:ec:3d:c6:9d:19:44:f1:5f:91:20:d1:ad:24:b7:f5:
         50:6a:61:e3:11:12:f5:be:15:43:ef:72:ca:9d:bf:e9:a7:f8:
         ab:dd:c3:d9:13:06:4e:6d:d7:56:bc:89:9a:2b:95:fb:e3:9c:
         3d:3c:2c:d0:df:ec:b6:bd:7e:8f:7a:9f:80:6a:47:7c:58:0b:
         48:92:52:50:75:83:49:9d:43:51:fd:88:ee:d8:25:17:f1:45:
         fe:81:c0:59:7b:92:7c:80:4c:a2:9e:72:38:0a:cd:0c:65:c5:
         11:17:65:c6:be:1e:2c:26:b9:28:3f:bd:1e:a7:3f:19:35:e6:
         b9:76:7e:73:b2:dd:c1:f9:14:bb:dd:fa:89:bc:46:87:c6:19:
         e6:e5:fd:fa:a2:90:f0:f1:4b:81:fa:2c:21:6e:f8:fe:81:f6:
         c3:30:5a:60:c3:9e:ec:65:ab:79:59:a6:86:31:2d:a5:4f:f4:
         4b:21:24:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhRAqpaXvoA2XU+bGi1jqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmM4OTAzZmNlYjQ2OWE5Nzc2MGIzYjI2ZjE0NWVhYjA0YjIzZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu53Wlcc4WHUIt/sRx966ibFcXRYx
+D6znU1VWLr7KejjuOp7M5iAw1QeUq8RnQv29J5MMSrXInWkjZ7FSmW3PigYEF8/
L3ee00ZpLGMAsqSJFV1/pO6/32cQjbvm0eIlKdLynAW2cpD6C9HUX2ZcG/2REP7k
cTEKsBFLUN8ASMCFuKDw7KclBegWR1Arp1p+hLSLsmyNvgM+HXUVOcIUBQb+R070
8P9i5Pp4XQZGXSvZvNKjbyyJNk2LpB58NsV9VS69rz1ROJ9NH/pe+oARbDtjHVZy
urgc3FIrje61vt9IAdNvJQpwDch/YeF+a78R83Y2Ve/JHjoGjvfYbUORewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF/IkD/OtGmpd2Czsm8UXqsEsj1lMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvWDhpUVA4NjBhYWwzWUxPeWJ4UmVxd1N5UFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKguPgAIC
MA0GCSqGSIb3DQEBCwUAA4IBAQBYcvi6jd+AAweDW9naMeID567eaxGoPU7Z5nrh
YApTboBWioYBB+vl/yY1y3u7VUqTJliuMXODmXNvuzUL78+H8MkREAVopm6xNJrs
PcadGUTxX5Eg0a0kt/VQamHjERL1vhVD73LKnb/pp/ir3cPZEwZObddWvImaK5X7
45w9PCzQ3+y2vX6Pep+Aakd8WAtIklJQdYNJnUNR/Yju2CUX8UX+gcBZe5J8gEyi
nnI4Cs0MZcURF2XGvh4sJrkoP70epz8ZNea5dn5zst3B+RS73fqJvEaHxhnm5f36
opDw8UuB+iwhbvj+gfbDMFpgw57sZat5WaaGMS2lT/RLISRJ
-----END CERTIFICATE-----