Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/Muf3zUEmjvAcicWWTWwj5ZYLuHo.roa
File:                     Muf3zUEmjvAcicWWTWwj5ZYLuHo.roa (raw, json)
Hash identifier:          dWeZmARYi8VXUfy+ROJsrFzhlyTYVpZ288pLW1NjhJk=
Subject key identifier:   32:E7:F7:CD:41:26:8E:F0:1C:89:C5:96:4D:6C:23:E5:96:0B:B8:7A
Certificate issuer:       /CN=c2919334ad2ad53616c34fece96ce29230f86349
Certificate serial:       01942369FFAB71CE99267D43A0C7B4A490C6
Authority key identifier: C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/Muf3zUEmjvAcicWWTWwj5ZYLuHo.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215568
IP address blocks:        2a01:f040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ff:ab:71:ce:99:26:7d:43:a0:c7:b4:a4:90:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2919334ad2ad53616c34fece96ce29230f86349
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32e7f7cd41268ef01c89c5964d6c23e5960bb87a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:1a:dc:cc:33:b2:03:87:51:4b:e5:cc:55:07:
                    71:c1:e9:f1:fc:94:38:82:96:6b:54:e3:68:96:ed:
                    32:ee:90:df:30:60:57:af:02:00:12:03:bc:29:71:
                    9e:73:3b:af:f7:19:b1:0d:c9:99:91:98:dd:d3:b1:
                    97:bc:b8:7e:da:47:18:c5:10:b7:d7:ff:fb:01:11:
                    5b:d7:04:b5:2c:79:f6:ea:1e:39:ff:fb:f4:68:5b:
                    d6:8d:f6:b1:c4:f5:27:8c:71:8a:d7:39:8c:65:56:
                    8b:ca:37:0a:8e:12:6c:9a:96:2b:57:e2:cc:fe:dd:
                    a8:13:27:90:eb:05:09:39:93:d7:ec:b1:15:76:8c:
                    95:ab:ce:d8:bb:fa:43:e1:29:39:8d:83:d4:47:bd:
                    9a:7d:6d:17:92:5c:1d:4a:1e:7d:15:49:2b:c4:a4:
                    c4:da:25:8f:8e:5f:37:cb:4a:5c:f3:ce:48:e1:9a:
                    93:13:fd:ff:76:f9:7d:08:e9:8a:cf:35:27:7e:12:
                    40:42:c7:5d:ca:8a:b1:ba:61:0b:e8:0e:e9:38:3d:
                    e1:6b:cf:6f:62:76:69:71:bd:ff:11:4b:55:11:44:
                    27:23:a4:ec:29:11:b1:88:99:5d:7e:50:3e:b1:96:
                    5e:40:16:dd:53:ce:99:05:48:6f:19:d5:98:e4:2d:
                    01:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:E7:F7:CD:41:26:8E:F0:1C:89:C5:96:4D:6C:23:E5:96:0B:B8:7A
            X509v3 Authority Key Identifier:
                keyid:C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/Muf3zUEmjvAcicWWTWwj5ZYLuHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f040::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:9e:2a:13:45:55:3b:98:69:64:4a:cb:f4:62:66:54:f3:6b:
         a7:00:44:92:a5:7c:70:3f:52:77:b9:cb:65:d5:75:ce:85:db:
         80:e7:78:55:da:2d:ad:67:7c:4e:6d:69:a0:7b:9a:fd:9c:88:
         ba:0b:be:4a:ee:da:ca:37:fd:89:c0:d0:b1:45:ec:5e:01:bb:
         e4:b4:75:5f:39:7a:ee:38:f4:4f:6c:92:b1:5b:41:b8:5a:4b:
         cd:cb:4c:dd:19:34:b6:5a:80:b7:8f:ef:5e:0c:05:5f:b3:5e:
         a9:e3:be:47:22:88:45:4a:c5:5b:30:0d:84:c1:b0:d9:50:05:
         2a:5a:85:07:06:0e:42:a2:de:ce:a7:5a:37:11:ff:d6:a3:84:
         da:26:26:08:8d:20:20:a4:9f:f9:52:ef:f8:8a:6e:98:e4:25:
         bc:4a:13:71:8c:94:8a:26:f1:fc:18:2a:2a:13:69:4f:83:47:
         cc:8f:9b:33:fe:b7:73:4c:9f:e9:c9:8d:c2:4d:dc:db:fd:3e:
         03:51:b8:b8:31:2e:d5:ba:a2:06:12:fa:f9:27:5f:12:ae:e5:
         85:df:71:85:b6:c8:ae:4a:c9:62:e2:2f:7f:93:26:29:05:e7:
         fa:92:32:7a:d7:8b:9b:d2:c7:38:2f:f3:37:f0:54:5d:ff:a0:
         db:a8:04:eb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjaf+rcc6ZJn1DoMe0pJDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOTE5MzM0YWQyYWQ1MzYxNmMzNGZlY2U5NmNlMjkyMzBm
ODYzNDkwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmU3ZjdjZDQxMjY4ZWYwMWM4OWM1OTY0ZDZjMjNlNTk2MGJiODdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hrczDOyA4dRS+XMVQdxwenx/JQ4
gpZrVONolu0y7pDfMGBXrwIAEgO8KXGeczuv9xmxDcmZkZjd07GXvLh+2kcYxRC3
1//7ARFb1wS1LHn26h45//v0aFvWjfaxxPUnjHGK1zmMZVaLyjcKjhJsmpYrV+LM
/t2oEyeQ6wUJOZPX7LEVdoyVq87Yu/pD4Sk5jYPUR72afW0XklwdSh59FUkrxKTE
2iWPjl83y0pc885I4ZqTE/3/dvl9COmKzzUnfhJAQsddyoqxumEL6A7pOD3ha89v
YnZpcb3/EUtVEUQnI6TsKRGxiJldflA+sZZeQBbdU86ZBUhvGdWY5C0BpwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDLn981BJo7wHInFlk1sI+WWC7h6MB8GA1UdIwQY
MBaAFMKRkzStKtU2FsNP7Ols4pIw+GNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDIt
MTY1MzE4OGQ4MTI2LzEvTXVmM3pVRW1qdkFjaWNXV1RXd2o1WllMdUhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDItMTY1MzE4OGQ4MTI2
LzEvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHwQDAN
BgkqhkiG9w0BAQsFAAOCAQEAEZ4qE0VVO5hpZErL9GJmVPNrpwBEkqV8cD9Sd7nL
ZdV1zoXbgOd4VdotrWd8Tm1poHua/ZyIugu+Su7ayjf9icDQsUXsXgG75LR1Xzl6
7jj0T2ySsVtBuFpLzctM3Rk0tlqAt4/vXgwFX7NeqeO+RyKIRUrFWzANhMGw2VAF
KlqFBwYOQqLezqdaNxH/1qOE2iYmCI0gIKSf+VLv+IpumOQlvEoTcYyUiibx/Bgq
KhNpT4NHzI+bM/63c0yf6cmNwk3c2/0+A1G4uDEu1bqiBhL6+SdfEq7lhd9xhbbI
rkrJYuIvf5MmKQXn+pIyeteLm9LHOC/zN/BUXf+g26gE6w==
-----END CERTIFICATE-----