Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/oKBWeiCdr72OFTmQ9qAC_2ODyWc.roa
File:                     oKBWeiCdr72OFTmQ9qAC_2ODyWc.roa (raw, json)
Hash identifier:          S0rlxTkwKd8+RpY5lx0VofPErbqrcMDFmRtkG28exLA=
Subject key identifier:   A0:A0:56:7A:20:9D:AF:BD:8E:15:39:90:F6:A0:02:FF:63:83:C9:67
Certificate issuer:       /CN=f9c18cb1a5027fa1726f114b3efe62a3a979ce1b
Certificate serial:       0194258F409ED2C30C3A813880578A26BDBA
Authority key identifier: F9:C1:8C:B1:A5:02:7F:A1:72:6F:11:4B:3E:FE:62:A3:A9:79:CE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-cGMsaUCf6FybxFLPv5io6l5zhs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/oKBWeiCdr72OFTmQ9qAC_2ODyWc.roa
Signing time:             Thu 02 Jan 2025 05:48:52 +0000
ROA not before:           Thu 02 Jan 2025 05:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215578
IP address blocks:        2001:67c:dc8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/1-cGMsaUCf6FybxFLPv5io6l5zhs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/1-cGMsaUCf6FybxFLPv5io6l5zhs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-cGMsaUCf6FybxFLPv5io6l5zhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:40:9e:d2:c3:0c:3a:81:38:80:57:8a:26:bd:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9c18cb1a5027fa1726f114b3efe62a3a979ce1b
        Validity
            Not Before: Jan  2 05:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0a0567a209dafbd8e153990f6a002ff6383c967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3b:be:c2:d4:f1:86:31:e2:d2:b3:07:62:2b:
                    07:dd:72:40:a1:73:09:c0:86:45:a6:6e:8e:44:64:
                    63:02:ab:9e:03:1f:32:46:5a:f0:1c:5b:6f:44:c4:
                    44:50:77:40:b9:87:a2:80:48:84:80:8f:47:99:90:
                    34:18:f4:cd:b8:51:b1:0f:63:e3:71:60:e5:b9:0a:
                    25:3d:b8:4e:e3:28:7f:72:ae:de:41:3a:38:11:bb:
                    8b:4f:62:f2:21:22:2c:5b:95:ff:0a:f7:a7:d5:76:
                    bf:5a:9e:af:fb:21:9f:e8:e8:b8:3b:e3:7b:dd:2a:
                    dc:c2:cd:c6:2f:85:0b:9a:e6:4d:96:27:be:02:26:
                    87:29:ad:ff:1d:b4:6f:8a:85:fd:b5:c3:3d:fc:1e:
                    1c:73:6a:ea:bc:8a:e1:1d:3e:71:e0:a2:51:18:b2:
                    61:69:ef:02:0f:fd:40:66:10:7d:bc:c9:33:44:b9:
                    34:14:6c:cc:6f:6c:24:95:a6:43:59:f7:ef:6f:ef:
                    67:fb:25:ac:96:6b:4c:ae:a1:30:ac:84:b1:5d:dc:
                    e1:db:e6:b8:bc:bf:50:e0:d0:85:6f:86:de:56:3f:
                    ad:a0:b2:23:b6:ea:58:f0:88:05:72:ef:d6:d0:57:
                    35:fa:27:f0:64:34:47:20:11:7c:80:40:19:41:92:
                    4b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A0:56:7A:20:9D:AF:BD:8E:15:39:90:F6:A0:02:FF:63:83:C9:67
            X509v3 Authority Key Identifier:
                keyid:F9:C1:8C:B1:A5:02:7F:A1:72:6F:11:4B:3E:FE:62:A3:A9:79:CE:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-cGMsaUCf6FybxFLPv5io6l5zhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/oKBWeiCdr72OFTmQ9qAC_2ODyWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/26ca92-6fb8-4dd2-9795-9bc5c26d4be8/1/1-cGMsaUCf6FybxFLPv5io6l5zhs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:dc8::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:34:0b:f6:d9:6d:83:10:d3:90:f8:a5:b9:b3:31:69:75:d2:
         f3:a9:18:d9:01:c6:ad:70:ba:66:56:67:a7:ad:59:0f:22:cb:
         f0:40:bc:6b:cb:3f:21:a9:65:37:22:ed:b9:53:b7:eb:e9:ea:
         22:8f:e9:2e:73:72:ae:24:b1:fa:78:4e:7b:70:3c:80:a7:c3:
         c8:24:7a:1c:eb:12:fe:6e:9b:ab:76:44:94:3d:49:9b:be:5e:
         e0:95:a5:7f:43:ca:97:38:70:8f:34:d3:d6:ea:4c:0f:57:5d:
         a3:0b:c1:da:e1:8e:2e:ae:36:2e:e6:62:74:c2:5a:0c:70:b2:
         48:90:49:bd:5c:7a:d5:e0:55:a1:71:57:ce:39:06:11:4b:28:
         8a:1d:83:79:6a:ca:ad:25:90:be:e7:38:1e:c7:46:8d:aa:eb:
         93:ee:79:15:74:65:9f:a3:c0:b2:d5:7d:a0:f5:5d:2f:44:c1:
         ee:3f:bd:87:62:43:e2:7a:23:d1:01:0d:e3:ac:66:84:bc:ae:
         02:75:9b:85:0e:c4:36:4a:9a:16:72:10:c6:1a:75:20:f1:b1:
         c1:d8:1a:85:01:96:67:88:ca:c2:89:93:16:c8:48:60:69:55:
         a3:01:1d:2f:08:10:87:4a:e1:40:7c:0a:b3:48:c6:67:18:b5:
         e9:16:68:f1
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQlj0Ce0sMMOoE4gFeKJr26MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5YzE4Y2IxYTUwMjdmYTE3MjZmMTE0YjNlZmU2MmEzYTk3
OWNlMWIwHhcNMjUwMTAyMDU0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGEwNTY3YTIwOWRhZmJkOGUxNTM5OTBmNmEwMDJmZjYzODNjOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnju+wtTxhjHi0rMHYisH3XJAoXMJ
wIZFpm6ORGRjAqueAx8yRlrwHFtvRMREUHdAuYeigEiEgI9HmZA0GPTNuFGxD2Pj
cWDluQolPbhO4yh/cq7eQTo4EbuLT2LyISIsW5X/Cven1Xa/Wp6v+yGf6Oi4O+N7
3Srcws3GL4ULmuZNlie+AiaHKa3/HbRvioX9tcM9/B4cc2rqvIrhHT5x4KJRGLJh
ae8CD/1AZhB9vMkzRLk0FGzMb2wklaZDWffvb+9n+yWslmtMrqEwrISxXdzh2+a4
vL9Q4NCFb4beVj+toLIjtupY8IgFcu/W0Fc1+ifwZDRHIBF8gEAZQZJL1wIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFKCgVnogna+9jhU5kPagAv9jg8lnMB8GA1UdIwQY
MBaAFPnBjLGlAn+hcm8RSz7+YqOpec4bMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1jR01zYVVDZjZGeWJ4RkxQdjVpbzZsNXpocy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUvMjZjYTkyLTZmYjgtNGRkMi05Nzk1
LTliYzVjMjZkNGJlOC8xL29LQldlaUNkcjcyT0ZUbVE5cUFDXzJPRHlXYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvMjZjYTkyLTZmYjgtNGRkMi05Nzk1LTliYzVjMjZkNGJl
OC8xLzEtY0dNc2FVQ2Y2RnlieEZMUHY1aW82bDV6aHMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8
DcgwDQYJKoZIhvcNAQELBQADggEBAAQ0C/bZbYMQ05D4pbmzMWl10vOpGNkBxq1w
umZWZ6etWQ8iy/BAvGvLPyGpZTci7blTt+vp6iKP6S5zcq4ksfp4TntwPICnw8gk
ehzrEv5um6t2RJQ9SZu+XuCVpX9Dypc4cI8009bqTA9XXaMLwdrhji6uNi7mYnTC
WgxwskiQSb1cetXgVaFxV845BhFLKIodg3lqyq0lkL7nOB7HRo2q65PueRV0ZZ+j
wLLVfaD1XS9Ewe4/vYdiQ+J6I9EBDeOsZoS8rgJ1m4UOxDZKmhZyEMYadSDxscHY
GoUBlmeIysKJkxbISGBpVaMBHS8IEIdK4UB8CrNIxmcYtekWaPE=
-----END CERTIFICATE-----