Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/8ab26c-ba17-4288-8749-8fc930d8702a/1/DzCWe6F-HAwaaoz6rcl7i40vQ2c.roa
File:                     DzCWe6F-HAwaaoz6rcl7i40vQ2c.roa (raw, json)
Hash identifier:          2MCvtIgoaYdDkhO93R/CyI9SeRLv37WS2nmP8dc5bb8=
Subject key identifier:   0F:30:96:7B:A1:7E:1C:0C:1A:6A:8C:FA:AD:C9:7B:8B:8D:2F:43:67
Certificate issuer:       /CN=c29c1007746981fcc408839965b1671c037d121b
Certificate serial:       0194228D191014060509A3BE6B6F91A9F3D5
Authority key identifier: C2:9C:10:07:74:69:81:FC:C4:08:83:99:65:B1:67:1C:03:7D:12:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpwQB3RpgfzECIOZZbFnHAN9Ehs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/8ab26c-ba17-4288-8749-8fc930d8702a/1/DzCWe6F-HAwaaoz6rcl7i40vQ2c.roa
Signing time:             Wed 01 Jan 2025 15:47:39 +0000
ROA not before:           Wed 01 Jan 2025 15:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199902
IP address blocks:        2001:67c:268c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/8ab26c-ba17-4288-8749-8fc930d8702a/1/wpwQB3RpgfzECIOZZbFnHAN9Ehs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/8ab26c-ba17-4288-8749-8fc930d8702a/1/wpwQB3RpgfzECIOZZbFnHAN9Ehs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpwQB3RpgfzECIOZZbFnHAN9Ehs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:19:10:14:06:05:09:a3:be:6b:6f:91:a9:f3:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c29c1007746981fcc408839965b1671c037d121b
        Validity
            Not Before: Jan  1 15:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f30967ba17e1c0c1a6a8cfaadc97b8b8d2f4367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7c:17:0d:c1:63:52:9d:5a:a2:b1:6a:cc:43:
                    26:69:53:a2:50:01:9e:d9:d5:ea:3f:a2:d8:d2:28:
                    b7:10:a7:77:0b:cf:fb:80:a0:3f:84:cc:1f:c2:f3:
                    da:d4:ed:02:4d:f7:7e:71:4f:2d:f2:5e:0d:68:d3:
                    3f:da:65:c8:ed:82:c5:d8:de:07:17:8e:83:28:c8:
                    fd:de:8d:ac:ba:73:63:16:73:4d:83:33:0e:a9:b1:
                    d6:19:c9:b6:21:8a:60:a9:93:fd:cd:46:39:c7:2d:
                    ef:c3:2b:f6:84:aa:9d:a5:ff:6e:c1:c7:cd:17:d3:
                    7e:00:dc:77:83:b0:61:5c:ea:33:ca:49:a1:32:93:
                    26:7f:93:ff:54:c4:fb:8c:d3:51:19:18:33:4f:94:
                    a3:65:ba:2c:db:09:c8:44:15:6e:22:ed:3c:f1:35:
                    75:c3:4a:92:d3:ca:31:42:ed:f4:1d:63:36:5b:d9:
                    cc:e1:0d:c4:74:db:13:c6:19:50:c8:56:81:60:b0:
                    92:aa:6f:59:62:d9:06:a9:05:b9:2d:82:f9:aa:75:
                    c0:dd:42:a4:fa:63:8e:ba:9c:ed:1b:06:14:e1:e0:
                    0c:a1:11:fd:c4:01:1e:69:8a:df:0b:77:2a:74:e3:
                    19:80:08:8f:5b:ac:d8:d8:c8:6e:7a:e0:92:b1:25:
                    4b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:30:96:7B:A1:7E:1C:0C:1A:6A:8C:FA:AD:C9:7B:8B:8D:2F:43:67
            X509v3 Authority Key Identifier:
                keyid:C2:9C:10:07:74:69:81:FC:C4:08:83:99:65:B1:67:1C:03:7D:12:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpwQB3RpgfzECIOZZbFnHAN9Ehs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/8ab26c-ba17-4288-8749-8fc930d8702a/1/DzCWe6F-HAwaaoz6rcl7i40vQ2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/8ab26c-ba17-4288-8749-8fc930d8702a/1/wpwQB3RpgfzECIOZZbFnHAN9Ehs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:268c::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:f9:7e:53:a5:f4:b6:a3:41:74:22:4b:f7:d5:44:86:f2:df:
         aa:83:e2:80:7f:08:00:61:1b:31:32:41:e2:ce:33:c2:ca:68:
         77:aa:53:d0:28:c7:ba:62:f5:5d:76:16:53:32:20:83:57:ff:
         3f:fa:1a:a3:07:23:82:82:e2:88:89:cf:33:89:c7:08:79:6a:
         35:b5:b3:8f:26:4d:92:29:08:49:cb:07:1b:ac:e8:a0:ab:8d:
         54:8a:a5:a7:23:d3:ca:07:9a:7b:03:6b:94:98:1f:e9:60:f3:
         ae:a5:f5:25:b3:c9:d7:76:ba:09:02:c9:db:f2:11:4e:fb:a7:
         7d:df:5d:ea:9b:fe:2f:bb:73:e0:1b:a2:c4:e1:e1:63:d7:41:
         e8:a7:1f:0a:97:77:8a:a0:c2:f2:60:2c:bf:ff:3c:81:87:e3:
         4b:e3:a6:eb:4d:6f:90:d0:2a:1e:cd:8a:94:9e:cb:53:6c:4e:
         6d:99:f4:d5:ca:75:b6:8d:18:26:83:33:89:e6:8c:12:a6:65:
         91:3d:98:ba:96:f0:21:1f:99:e3:a9:9e:d9:e4:4f:d7:23:ba:
         27:29:98:73:7c:89:c2:72:b3:ae:f0:b8:bd:54:7d:8a:92:73:
         ed:d4:49:db:2c:54:0c:7d:be:3c:b4:74:08:72:6c:57:8b:01:
         6a:66:6d:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijRkQFAYFCaO+a2+RqfPVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOWMxMDA3NzQ2OTgxZmNjNDA4ODM5OTY1YjE2NzFjMDM3
ZDEyMWIwHhcNMjUwMTAxMTU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjMwOTY3YmExN2UxYzBjMWE2YThjZmFhZGM5N2I4YjhkMmY0MzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XwXDcFjUp1aorFqzEMmaVOiUAGe
2dXqP6LY0ii3EKd3C8/7gKA/hMwfwvPa1O0CTfd+cU8t8l4NaNM/2mXI7YLF2N4H
F46DKMj93o2sunNjFnNNgzMOqbHWGcm2IYpgqZP9zUY5xy3vwyv2hKqdpf9uwcfN
F9N+ANx3g7BhXOozykmhMpMmf5P/VMT7jNNRGRgzT5SjZbos2wnIRBVuIu088TV1
w0qS08oxQu30HWM2W9nM4Q3EdNsTxhlQyFaBYLCSqm9ZYtkGqQW5LYL5qnXA3UKk
+mOOupztGwYU4eAMoRH9xAEeaYrfC3cqdOMZgAiPW6zY2MhueuCSsSVL4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA8wlnuhfhwMGmqM+q3Je4uNL0NnMB8GA1UdIwQY
MBaAFMKcEAd0aYH8xAiDmWWxZxwDfRIbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3B3UUIzUnBnZnpFQ0lPWlpiRm5IQU45RWhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS84YWIyNmMtYmExNy00Mjg4LTg3NDkt
OGZjOTMwZDg3MDJhLzEvRHpDV2U2Ri1IQXdhYW96NnJjbDdpNDB2UTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS84YWIyNmMtYmExNy00Mjg4LTg3NDktOGZjOTMwZDg3MDJh
LzEvd3B3UUIzUnBnZnpFQ0lPWlpiRm5IQU45RWhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCaM
MA0GCSqGSIb3DQEBCwUAA4IBAQBx+X5TpfS2o0F0Ikv31USG8t+qg+KAfwgAYRsx
MkHizjPCymh3qlPQKMe6YvVddhZTMiCDV/8/+hqjByOCguKIic8ziccIeWo1tbOP
Jk2SKQhJywcbrOigq41UiqWnI9PKB5p7A2uUmB/pYPOupfUls8nXdroJAsnb8hFO
+6d9313qm/4vu3PgG6LE4eFj10Hopx8Kl3eKoMLyYCy//zyBh+NL46brTW+Q0Coe
zYqUnstTbE5tmfTVynW2jRgmgzOJ5owSpmWRPZi6lvAhH5njqZ7Z5E/XI7onKZhz
fInCcrOu8Li9VH2KknPt1EnbLFQMfb48tHQIcmxXiwFqZm3n
-----END CERTIFICATE-----