Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/48c7ec-0c75-41c4-85aa-438820fba254/1/HnXYP_nGkSYGI2gsUnR5joaBv0k.roa
File:                     HnXYP_nGkSYGI2gsUnR5joaBv0k.roa (raw, json)
Hash identifier:          QHASI9erDv03GyXaVaSPKxwrTHTkAuv0FPn5tlS8GC8=
Subject key identifier:   1E:75:D8:3F:F9:C6:91:26:06:23:68:2C:52:74:79:8E:86:81:BF:49
Certificate issuer:       /CN=c5c8265089cbdde6a6c579cd776b5f80c0f8add4
Certificate serial:       0196F27322B4EDDC363B8C9434E2784D81B8
Authority key identifier: C5:C8:26:50:89:CB:DD:E6:A6:C5:79:CD:77:6B:5F:80:C0:F8:AD:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xcgmUInL3eamxXnNd2tfgMD4rdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/48c7ec-0c75-41c4-85aa-438820fba254/1/HnXYP_nGkSYGI2gsUnR5joaBv0k.roa
Signing time:             Wed 21 May 2025 10:45:53 +0000
ROA not before:           Wed 21 May 2025 10:45:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211052
IP address blocks:        2001:678:1074::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/48c7ec-0c75-41c4-85aa-438820fba254/1/xcgmUInL3eamxXnNd2tfgMD4rdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/48c7ec-0c75-41c4-85aa-438820fba254/1/xcgmUInL3eamxXnNd2tfgMD4rdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xcgmUInL3eamxXnNd2tfgMD4rdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:73:22:b4:ed:dc:36:3b:8c:94:34:e2:78:4d:81:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5c8265089cbdde6a6c579cd776b5f80c0f8add4
        Validity
            Not Before: May 21 10:45:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e75d83ff9c691260623682c5274798e8681bf49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2e:37:a3:7b:1c:e6:a0:be:0b:13:20:c3:e8:
                    a2:b6:6d:0d:9b:3b:f7:6c:9c:16:28:b2:50:9f:6a:
                    49:20:03:0d:ef:3a:6a:f4:42:a3:73:0d:29:42:50:
                    20:9f:33:81:b6:dd:49:13:6e:3c:c1:16:9f:3b:ea:
                    e1:94:60:ea:38:d7:03:08:bc:6e:fc:39:3a:e9:06:
                    6a:f1:9a:fa:04:c4:db:c9:f5:09:b3:ae:a0:be:59:
                    41:bc:be:f4:ba:66:ad:4a:c2:79:f8:a7:f6:9d:bd:
                    ec:c3:1f:c9:80:92:a1:17:d6:8f:c4:3a:8c:ea:c4:
                    cc:5a:77:e8:98:e7:75:3f:86:96:88:fe:0e:7b:d8:
                    0f:99:0c:42:29:eb:44:53:ff:63:e1:33:bc:7a:4b:
                    92:66:97:8e:31:f3:d2:d3:57:88:df:d3:8d:75:fd:
                    c5:cd:a7:3e:4a:78:2e:53:8c:39:1e:c0:ea:6a:07:
                    71:37:ab:1f:f3:f0:1c:b7:ee:74:02:f3:79:93:07:
                    c4:60:21:ee:d9:5c:c5:e9:d4:47:36:45:72:c8:a2:
                    6d:c7:85:e9:b1:dc:ad:70:d9:f3:7b:5f:24:f0:71:
                    40:16:21:e6:cb:fe:69:13:70:fa:27:ad:d8:b5:56:
                    89:c6:a6:05:69:11:35:26:42:6d:49:8a:1e:be:74:
                    0a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:75:D8:3F:F9:C6:91:26:06:23:68:2C:52:74:79:8E:86:81:BF:49
            X509v3 Authority Key Identifier:
                keyid:C5:C8:26:50:89:CB:DD:E6:A6:C5:79:CD:77:6B:5F:80:C0:F8:AD:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xcgmUInL3eamxXnNd2tfgMD4rdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/48c7ec-0c75-41c4-85aa-438820fba254/1/HnXYP_nGkSYGI2gsUnR5joaBv0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/48c7ec-0c75-41c4-85aa-438820fba254/1/xcgmUInL3eamxXnNd2tfgMD4rdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1074::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:78:59:84:9b:f4:30:a5:c1:44:bd:e7:3e:27:06:f7:11:74:
         b4:ae:9e:4b:8f:32:f1:22:40:c8:18:7d:7b:c4:0a:1d:01:4b:
         96:c5:c8:d4:36:e2:ba:c4:f7:25:ca:e9:1d:3f:fb:e6:83:06:
         92:69:01:93:2a:07:ec:ac:5b:5e:ee:7c:53:65:8a:30:70:10:
         14:8d:32:44:32:67:47:b5:4f:4d:0c:92:11:0d:87:0d:69:e1:
         ac:4a:d4:8a:c7:f8:92:56:03:de:e0:f4:e0:bf:18:00:aa:d6:
         a5:30:16:53:25:8e:e3:55:6f:a6:6c:e8:ec:e4:e8:57:0e:2d:
         15:c6:55:73:35:72:d8:8f:be:21:1a:d3:09:d3:61:45:f7:8f:
         4d:8c:1a:31:59:cc:c5:49:8f:58:e8:e9:ba:8f:37:a8:9f:13:
         f5:9d:d5:99:9b:5c:1d:44:b8:cd:55:a0:ae:05:66:fa:d8:61:
         c3:06:b9:ae:b2:f2:69:bf:ee:ae:f8:a2:41:3b:90:6a:14:35:
         cc:bd:0d:3b:b0:fa:d6:b1:62:3f:96:bb:70:08:4b:0b:55:19:
         fc:be:ae:33:0e:4c:08:85:c0:37:1c:23:bd:f7:0f:54:97:ab:
         8f:dc:6c:35:bb:59:2c:54:9e:36:8e:39:47:21:87:37:1d:27:
         71:10:47:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbycyK07dw2O4yUNOJ4TYG4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YzgyNjUwODljYmRkZTZhNmM1NzljZDc3NmI1ZjgwYzBm
OGFkZDQwHhcNMjUwNTIxMTA0NTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTc1ZDgzZmY5YzY5MTI2MDYyMzY4MmM1Mjc0Nzk4ZTg2ODFiZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS43o3sc5qC+CxMgw+iitm0Nmzv3
bJwWKLJQn2pJIAMN7zpq9EKjcw0pQlAgnzOBtt1JE248wRafO+rhlGDqONcDCLxu
/Dk66QZq8Zr6BMTbyfUJs66gvllBvL70umatSsJ5+Kf2nb3swx/JgJKhF9aPxDqM
6sTMWnfomOd1P4aWiP4Oe9gPmQxCKetEU/9j4TO8ekuSZpeOMfPS01eI39ONdf3F
zac+SnguU4w5HsDqagdxN6sf8/Act+50AvN5kwfEYCHu2VzF6dRHNkVyyKJtx4Xp
sdytcNnze18k8HFAFiHmy/5pE3D6J63YtVaJxqYFaRE1JkJtSYoevnQKbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB512D/5xpEmBiNoLFJ0eY6Ggb9JMB8GA1UdIwQY
MBaAFMXIJlCJy93mpsV5zXdrX4DA+K3UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGNnbVVJbkwzZWFteFhuTmQydGZnTUQ0cmRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80OGM3ZWMtMGM3NS00MWM0LTg1YWEt
NDM4ODIwZmJhMjU0LzEvSG5YWVBfbkdrU1lHSTJnc1VuUjVqb2FCdjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80OGM3ZWMtMGM3NS00MWM0LTg1YWEtNDM4ODIwZmJhMjU0
LzEveGNnbVVJbkwzZWFteFhuTmQydGZnTUQ0cmRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBB0
MA0GCSqGSIb3DQEBCwUAA4IBAQB3eFmEm/QwpcFEvec+Jwb3EXS0rp5LjzLxIkDI
GH17xAodAUuWxcjUNuK6xPclyukdP/vmgwaSaQGTKgfsrFte7nxTZYowcBAUjTJE
MmdHtU9NDJIRDYcNaeGsStSKx/iSVgPe4PTgvxgAqtalMBZTJY7jVW+mbOjs5OhX
Di0VxlVzNXLYj74hGtMJ02FF949NjBoxWczFSY9Y6Om6jzeonxP1ndWZm1wdRLjN
VaCuBWb62GHDBrmusvJpv+6u+KJBO5BqFDXMvQ07sPrWsWI/lrtwCEsLVRn8vq4z
DkwIhcA3HCO99w9Ul6uP3Gw1u1ksVJ42jjlHIYc3HSdxEEfA
-----END CERTIFICATE-----